Verify a User's Email

This API is used to mark a User's email as verified. This is usually called after the User receives the verification email after they register and they click the link in the email. To verify a User's phone number identity, see the Identity Verify API.

Request#

Using a verification ID#

No Authentication Required
Verifies the User's email address using the verificationId.
POST/api/user/verify-email
OpenAPI Spec
No Authentication Required
Verifies the User's email address using the verificationId.
POST/api/user/verify-email/{verificationId}

Request Parameters#

verificationIdStringrequiredDEPRECATED

The verification Id generated by FusionAuth used to verify the User's registration is valid by ensuring they have access to the provided email address.

Deprecated since 1.28.0

This value can still be provided on the URL segment as shown in the above example, but it is recommended you send this value in the request body instead using the verificationId field. If the value is provided in the URL segment and in the request body, the value provided in the request body will be preferred.

Request Body#

oneTimeCodeStringoptionalAvailable since 1.27.0

The short code used to verify the User's account is valid by ensuring they have access to the provided email address. This field is required when the email verification strategy on the Tenant is set to Form field.

verificationIdStringrequiredAvailable since 1.27.0

The verification Id generated by FusionAuth used to verify the User's account is valid by ensuring they have access to the provided email address.

When using the Form field strategy for Email verification, this value is used along with the oneTimeCode as a pair to verify the email address.

If the verificationId is provided in the URL segment and in the request body, the value provided in the request body will be preferred.

Request Headers#

X-FusionAuth-TenantIdStringoptional

The unique Id of the tenant used to scope this API request.

The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.

Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.

See Making an API request using a Tenant Id for additional information.

Available since version 1.37.0

This API can be used to mark a user as verified without requiring the user to actually complete a verification process.

Administratively#

API Key Authentication
Administratively verify the User's email address.
POST/api/user/verify-email
OpenAPI Spec

Request Body#

userIdStringrequired

The unique Id of the user to mark verified.

Response#

The response does not contain a body. It only contains one of the status codes below.

Response Codes
CodeDescription
200The request was successful. The response will contain a JSON body.
400The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
403The verify email functionality has been disabled. See Tenants -> Email -> Email verification settings in the FusionAuth admin UI.
404The object you are trying to update doesn't exist. The response will be empty.
500There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.