Skip to main content
Version: 13.x

Email Verification

Apiato provides an email verification feature out of the box using the Laravel's built-in email verification functionality.

Model Preparation

All you need to do to enable email verification is to verify that your User model implements the Illuminate\Contracts\Auth\MustVerifyEmail contract.

Routing

The Email Verification Notice

If you've enabled email verification, the API will automatically send an email verification link to the user's provided email address upon user creation.

The Email Verification Handler

There are two main elements to handle the email verification process:

  • Frontend URL
    • Define a route in your frontend app to handle the email verification link.
  • API Configuration
    • Configure your frontend app's email verification URL by either creating a new App or using the existing App\Ship\Apps\Web app.

Next, read the Process Flow section to understand how this ties into the overall email verification process.

Resending The Verification Email

To resend the email verification link, use the /email/verification-notification endpoint.

Protecting Routes

Apply the verified middleware to restrict access to certain routes for confirmed users. When email verification is enabled, unverified users trying to access protected endpoints will trigger an exception, prompting them to confirm their email address.

Please note that if email verification is disabled, the verified middleware won't protect routes against unconfirmed users and will have no effect.

Process Flow

Let's assume you have a frontend app with a URL like https://myapp.com/verify-email. The email verification process flow is as follows:

  1. The user registers or updates their email address.
  2. The API sends an email verification link to the user's email address. It includes a link like this: https://myapp.com/verify-email?verification_url=https://api.myapi.com/v1/email/verify/123/d2aG21sCc112k3.
  3. The user clicks the link in the email.
  4. The link redirects the user to the specified (Frontend) URL in the email.
  5. The URL contains a verification_url query string parameter.
  6. The frontend app makes a POST request to the verification_url to verify the user's email.
  7. The API verifies the user's email and returns a 200 OK response.

Email Verification URL

You may instruct the API to use a different URL for email verification by using the Apiato Apps feature.