POST
/
auth
/
request-new-confirmation
curl -X POST https://api.authiqa.com/auth/request-new-confirmation \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "verifyAuthPath": "/custom-verify"
  }'

Overview

This endpoint allows users to request a new verification email if their previous token has expired or was lost. Supports both JWT authentication (for logged-in users) and traditional request body authentication. The API includes rate limiting and validation to prevent abuse.

API Details

Authentication Methods

Authorization
string
Bearer JWT token for authenticated users
verifyAuthPath
string
Optional custom verification path for email verification

Method 2: Traditional Authentication

email
string
required
Email address to resend verification to
parentPublicKey
string
Required for child accounts when using traditional authentication
verifyAuthPath
string
Optional custom verification path for email verification
curl -X POST https://api.authiqa.com/auth/request-new-confirmation \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "verifyAuthPath": "/custom-verify"
  }'

Try It Out

Test the API using either JWT or traditional authentication:

Authorization
JWT token for authenticated users
verifyAuthPath
Custom verification path (optional)

Process Flow

1

Authentication Detection

  • Check for JWT token in Authorization header
  • If JWT present, verify and extract user information
  • If no JWT, use traditional request body authentication
2

User Resolution

  • JWT flow: Get user by decoded token information
  • Traditional flow: Get user by email and optional parent public key
  • Validate user exists and account requirements
3

Validation Checks

  • Verify email is not already verified
  • Check account type specific requirements
  • Validate rate limiting (1-minute cooldown)
  • Check parent account status (for child accounts)
4

Token Generation & Email

  • Generate new 12-character verification token
  • Update verification token in database
  • Send verification email with appropriate branding
  • Support custom verification paths

Authentication Flows

JWT Authentication Flow

  1. User provides JWT token in Authorization header
  2. System verifies token and extracts user information
  3. User information used to send verification email
  4. Optional custom verification path supported

Traditional Authentication Flow

  1. User provides email in request body
  2. For child accounts, parent public key required
  3. System validates user and parent relationship
  4. Verification email sent with organization branding

Response Examples

200: Success
{
  "success": true,
  "data": {
    "message": "A new verification link has been sent to your email"
  }
}
400: Invalid Request
{
  "success": false,
  "error": {
    "code": "INVALID_EMAIL_FORMAT",
    "message": "Invalid email format"
  }
}
429: Rate Limited
{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Please wait 45 seconds before requesting a new verification link"
  },
  "headers": {
    "X-RateLimit-Limit": "1",
    "X-RateLimit-Remaining": "0",
    "X-RateLimit-Reset": "1729616234"
  }
}

Error Codes

400 Bad Request
  • MISSING_REQUEST_BODY - Request body required (traditional auth)
  • INVALID_REQUEST_BODY - Invalid JSON format
  • MISSING_REQUIRED_FIELDS - Email field required (traditional auth)
  • INVALID_EMAIL_FORMAT - Invalid email format
  • EMAIL_ALREADY_VERIFIED - Email already verified
  • MISSING_PARENT_PUBLIC_KEY - Parent public key required for child accounts
  • INVALID_PARENT_PUBLIC_KEY_FORMAT - Invalid public key format
  • INVALID_REQUEST - Parent public key should not be provided for parent accounts
401 Unauthorized
  • INVALID_PARENT_PUBLIC_KEY - Invalid parent public key
403 Forbidden
  • PARENT_ACCOUNT_INACTIVE - Parent account has insufficient balance
404 Not Found
  • USER_NOT_FOUND - No account with provided information
429 Too Many Requests
  • RATE_LIMIT_EXCEEDED - Wait before requesting again
500 Internal Server Error
  • INTERNAL_ERROR - Unexpected server error occurred

Rate Limiting

Rate Limits

  • 1 request per minute per email
  • Rate limit headers included in response: 
    X-RateLimit-Limit: 1
X-RateLimit-Remaining: 0
X-RateLimit-Reset: <timestamp>
  • Cooldown period: 60 seconds
Email verification links expire after 15 minutes. Users should request a new link if the original expires.