Verifies a user’s email address using the verification token sent via email during registration.
Request Body
The verification token received in the verification email.
Response
Success message confirming the email was verified.
Error Responses
400 Bad Request
Returned when:
- Token is missing or not a string
- Token is invalid or not found in the database
- Token has expired (tokens expire after 24 hours)
- Email is already verified
500 Internal Server Error
Returned when:
- Database query fails
- User update fails
Example Request
curl -X POST https://api.tresacontafy.com/api/auth/verify-email \
-H "Content-Type: application/json" \
-d '{
"token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
}'
Example Response
{
"message": "Email verificado correctamente"
}
Error Response Examples
Invalid Token
{
"error": "Token de verificación inválido",
"message": "El token proporcionado no es válido. Puedes solicitar un nuevo email de verificación."
}
Expired Token
{
"error": "El token de verificación ha expirado",
"message": "El token ha expirado. Puedes solicitar un nuevo email de verificación."
}
Already Verified
{
"error": "El email ya está verificado",
"message": "Este email ya fue verificado anteriormente."
}
Implementation Details
- Verification tokens are stored as hashed values in the database for security
- Tokens expire 24 hours after generation
- Upon successful verification:
email_verified is set to true- The verification token and expiration date are cleared from the database
- Users can request a new verification email using the
/api/auth/resend-verification-email endpoint
If users don’t receive the verification email or the token expires, direct them to use the resend verification email endpoint to get a new token.