Go to Console
Star on GitHub 45.1K Get started

Verify user

User verification in Appwrite allows you to verify user email addresses and phone numbers. Users don't need to be verified to log in, but you can restrict resource access to verified users only using permissions.

Verify email

To verify a user's email, first ensure the user is logged in. Then send a verification email with a redirect URL. The verification secrets will be appended as query parameters to the redirect URL.

import { Client, Account } from "appwrite";

const client = new Client()
    .setEndpoint('https://cloud.appwrite.io/v1')
    .setProject('<PROJECT_ID>') // Your project ID

const account = new Account(client);

const promise = account.createVerification('https://example.com/verify');

promise.then(function (response) {
    console.log(response); // Success
}, function (error) {
    console.log(error); // Failure
});

After the user clicks the link in the email, they will be redirected to your site with the query parameters userId and secret. If you're on a mobile platform, you will need to create the appropriate deep link to handle the verification.

Next, implement the verification page that handles the redirect.

import { Client, Account } from "appwrite";

const client = new Client()
    .setEndpoint('https://cloud.appwrite.io/v1')
    .setProject('<PROJECT_ID>');

const account = new Account(client);

const urlParams = new URLSearchParams(window.location.search);
const secret = urlParams.get('secret');
const userId = urlParams.get('userId');

const promise = account.updateVerification(userId, secret);

promise.then(function (response) {
    console.log(response); // Success
}, function (error) {
    console.log(error); // Failure
});

Verify phone

To verify a phone number, first ensure the user is logged in and has a phone number set on their account.

const response = await account.updatePhone(
    '+12065550100',  // phone
    'password' // password
);

Then initiate verification by calling createPhoneVerification.

const response = await account.createPhoneVerification();

After the user receives the verification code, complete verification by calling updatePhoneVerification.

const response = await account.updatePhoneVerification(
    '[USER_ID]',  // userId
    '[SECRET]' // secret
);

Restrict access

You can restrict resource access to verified users in two ways:

  • Use user([USER_ID], "verified") to restrict access to a specific verified user

  • Use users("verified") to restrict access to any verified user

Verification events

The following events are triggered during the verification process:

  • users.*.verification.* - Triggers on any user's verification token event

  • users.*.verification.*.create - Triggers when a verification token for a user is created

  • users.*.verification.*.update - Triggers when a verification token for a user is validated

Each event returns a Token Object.

Was this page helpful?
Copyright © 2025 Appwrite