POST /v1/auth/email/send-verification
Email the authenticated user a verification link. Idempotent if their email is already verified.
::: tip Auth Required: cookie or Bearer. :::
Request
POST /v1/auth/email/send-verification
| Header | Required | Notes |
|---|---|---|
Cookie: identsphere_at=... OR Authorization: Bearer ... | yes | — |
No request body.
Response
204 No Content
If the user is already verified, the endpoint no-ops (still returns 204). Otherwise a fresh verification token is minted, persisted, and emailed.
Error responses
| Status | Code | When |
|---|---|---|
| 401 | authentication_required | No valid auth credential. |
| 404 | not_found | User no longer exists. |
| 500 | internal_error | DB or email transport failure. |
Notes
- Tokens are 32-byte URL-safe base64 strings. Only the SHA-256 hash is stored.
- Token TTL: 24 hours.
- Any prior outstanding verification tokens for this user are deleted before the new one is minted.
- The link in the email points to
{public_base_url}/verify-email?token=...— your frontend must implement a handler at that path that posts to/v1/auth/email/verify.