Skip to main content

Verify Email

Verifies a user’s email address using a verification token. This endpoint is typically called after the user clicks the verification link in their email.

Authentication

No authentication required (token is provided in request body).

Request Body

token_hash
string
required
The verification token hash from the email verification link
type
string
default:"email"
The type of verification. Defaults to “email” if not provided.

Response

message
string
Success message confirming email verification
session
object
Supabase authentication session created after verification

Error Responses

error
string
Error message
Status Codes:
  • 400 - Bad request (e.g., invalid or expired token)
  • 500 - Internal server error

Example Request

curl -X POST https://api.vaniyk.com/api/auth/email/verify \
  -H "Content-Type: application/json" \
  -d '{
    "token_hash": "pkce_a1b2c3d4e5f6g7h8i9j0",
    "type": "email"
  }'

Example Response

{
  "message": "Email verified successfully",
  "session": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "v1.MRjoP7GqRGKK9Sh91...",
    "expires_in": 3600,
    "user": {
      "id": "d2f3a8b9-1c4e-5f6g-7h8i-9j0k1l2m3n4o",
      "email": "user@example.com",
      "email_confirmed_at": "2026-03-03T10:30:00.000Z",
      "aud": "authenticated",
      "role": "authenticated"
    }
  }
}

Usage Notes

  • The verification link in the email redirects to your frontend with a token hash parameter
  • Your frontend extracts the token_hash from the URL and calls this endpoint
  • Upon successful verification, the user’s emailVerified field is set to true in MongoDB
  • A session is automatically created, allowing the user to proceed without logging in again
  • Verification tokens expire after a set time period

Resend Verification Email

Resends the email verification link to a user’s email address.

Authentication

No authentication required.

Request Body

email
string
required
Email address to send the verification link to

Response

message
string
Success message confirming the email was sent

Error Responses

error
string
Error message
Status Codes:
  • 400 - Bad request (e.g., email already verified, invalid email, email not found)
  • 500 - Internal server error

Example Request

curl -X POST https://api.vaniyk.com/api/auth/email/resend \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com"
  }'

Example Response

{
  "message": "Verification email sent"
}

Usage Notes

  • This endpoint can be used when users don’t receive the initial verification email
  • The verification link redirects to the frontend URL configured in FRONTEND_URL environment variable
  • Rate limiting may be applied to prevent abuse
  • Users should check their spam folder if they don’t receive the email
  • The new verification link invalidates any previously sent verification links

Build docs developers (and LLMs) love

Get started for freeTalk to us