Resend Verification Email API Guide
If a user tries to log in but their email is not verified, there are two ways to resend a verification email:
- End user visits the
your.domain.com/resend-verificationpublic page and submits their email address. - An admin uses the “Resend Verification Email” admin endpoint API to send end users another verification email. Here is an example cURL request:
curl -X POST https://api.mindfulauth.com/auth/admin/resend-verification-email \ -H "X-Tenant-Domain: portal.example.com" \ -H "Authorization: Bearer <internal-api-key>" \ -H "Content-Type: application/json" \ -d '{ "recordId": "123456789", "email": "user@example.com" }'Authentication:
Validates Authorization header (Bearer token) against your internal API key. The X-Tenant-Domain header specifies which hostname’s credentials to use.
Credential Matching Requirements:
- You MUST use the correct X-Tenant-Domain for the recordId being targeted
- The Authorization internal API key MUST match the specified X-Tenant-Domain’s key
- For hostnames with SHARED app IDs (encryption key reuse):
- portal1.com (app ID “123”) and portal2.com (app ID “123”) have IDENTICAL internal API keys
- You can use either hostname with their shared key
- For hostnames with DIFFERENT app IDs:
- portal1.com (app ID “123”) and portal3.com (app ID “456”) have DIFFERENT internal API keys
- You MUST use the matching X-Tenant-Domain and its corresponding internal API key
- Using portal1.com’s key with X-Tenant-Domain: portal3.com will fail (403 Unauthorized)
NOTE
- Only resends verification email if account is in “Email Verification Pending” status.
- Includes 5-minute rate limit per email to prevent abuse if internal API key is compromised.