Email Verification Codes

Available on the following plans

FreeBasicPremiumUltimateEnterprise

About Email Verification Codes

Email verification codes are 6-digit codes sent to an end user via email. These codes can then be used once as part of the user’s authentication flow.

On Userfront, email verification codes can be configured for use in any of the following scenarios:

  • A standalone primary login method (receive email code to log in)
  • A first factor for multi-factor authentication (MFA), with another factor like TOTP authenticator as a 2nd factor.
  • An optional or required 2nd factor for Multi-Factor Authentication (MFA)
A request form for 6-digit email verification code

Email Verification Code Requirements

In order to use email verification codes, a user must have access to their email account.

When users first register using email, they must first verify their email address by receiving a 6-digit code and entering it for confirmation. Once an email address has been paired to an end user’s account, they can use that email address for future authentication actions.

Email verification codes are valid for 10 minutes and can only be used once.

Attribute
Setting
Authentication stage
1st factor or 2nd factor
Valid for
10 minutes
Reusable
No
Brute force protection
Invalid after 10 failed attempts
Unique email address
Required

Email Verification Code Handling

Userfront sending

By default, Userfront emails a verification code directly to the user requesting the code. No configuration is required to have Userfront send email verification codes on your behalf.

Each email contains a six-digit verification code which can be submitted for authentication.

An email message with a 6-digit verification code looks like the following:

Your Acme Group verification code is: 985577

Webhook sending

You can configure Userfront to send a webhook to your server each time an email code needs to be sent. You can use the information in this webhook to send an email to your end user via the service of your choice.

In this case, the webhook payload will look like this:

{
  "action": "login",
  "model": "user",
  "mode": "live",
  "factor": {
    "strategy": "verificationCode",
    "channel": "email",
    "email": "user@example.com",
    "verificationCode": "985571",
    "message": "Your Acme Group verification code is: 985571",
    "expiresAt": "2024-03-12T01:09:29.402Z"
  },
  "record": {
    "mode": "live",
    "userId": 5,
    "tenantId": "abcd1234",
    "userUuid": "53a8435e-e79c-4ba6-99cc-0e2f290cb647"
  }
}

Email Verification Code Documentation

Email verification code API endpoints

Email verification code JavaScript methods

123 E San Carlos St #17
San Jose, CA 95112
About UserfrontContact usPricing
Userfront system statusService Level AgreementTerms of ServicePrivacy Policy
© 2024 Userfront