Account

CLIENT

Platform

Version

The Account service allows you to authenticate and manage a user account. You can use the account service to update user information, retrieve the user sessions across different devices, and fetch the user security logs with his or her recent activity.

Register new user accounts with the Create Account, Create Magic URL session, or Create Phone session endpoint. You can authenticate the user account by using multiple sign-in methods available. Once the user is authenticated, a new session object will be created to allow the user to access his or her private data and settings.

This service also exposes an endpoint to save and read the user preferences as a key-value object. This feature is handy if you want to allow extra customization in your app. Common usage for this feature may include saving the user's preferred locale, timezone, or custom app theme.

Base URL

https://cloud.appwrite.io/v1

Get Account

Get currently logged in user data as JSON object.

Response
- 200 application/json
  
  Account

Endpoint

GET /account

REST

GET /v1/account HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Create Account

Use this endpoint to allow a new user to register a new account in your project. After the user registration completes successfully, you can use the /account/verfication route to start verifying the user email address. To allow the new user to login to their new account, you need to create a new account session.

Request
- userId string
  required
  
  Unique Id. Choose a custom ID or generate a random ID with ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.
- email string
  required
  
  User email.
- password string
  required
  
  User password. Must be at least 8 chars.
- name string
  
  User name. Max length: 128 chars.
Response
- 201 application/json
  
  Account
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + IP

Endpoint

POST /account

REST

POST /v1/account HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "userId": "[USER_ID]",
  "email": "email@example.com",
  "password": "password",
  "name": "[NAME]"
}

Update Email

Update currently logged in user account email address. After changing user address, the user confirmation status will get reset. A new confirmation email is not sent automatically however you can use the send confirmation email endpoint again to send the confirmation email. For security measures, user password is required to complete this request. This endpoint can also be used to convert an anonymous account to a normal one, by passing an email address and a new password.

Request
- email string
  required
  
  User email.
- password string
  required
  
  User password. Must be at least 8 chars.
Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/email

REST

PATCH /v1/account/email HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "email": "email@example.com",
  "password": "password"
}

Create JWT

Use this endpoint to create a JSON Web Token. You can use the resulting JWT to authenticate on behalf of the current user when working with the Appwrite server-side API and SDKs. The JWT secret is valid for 15 minutes from its creation and will be invalid if the user will logout in that time frame.

Response
- 201 application/json
  
  JWT
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 100 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	100 requests	URL + USER ID

Endpoint

POST /account/jwt

REST

POST /v1/account/jwt HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

List Logs

Get currently logged in user list of latest security activity logs. Each log returns user IP address, location and date and time of log.

Request
- queries array
  
  Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Only supported methods are limit and offset
Response
- 200 application/json
  
  Logs List

Endpoint

GET /account/logs

REST

GET /v1/account/logs HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Update Name

Update currently logged in user account name.

Request
- name string
  required
  
  User name. Max length: 128 chars.
Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/name

REST

PATCH /v1/account/name HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "name": "[NAME]"
}

Update Password

Update currently logged in user password. For validation, user is required to pass in the new password, and the old password. For users created with OAuth, Team Invites and Magic URL, oldPassword is optional.

Request
- password string
  required
  
  New user password. Must be at least 8 chars.
- oldPassword string
  
  Current user password. Must be at least 8 chars.
Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/password

REST

PATCH /v1/account/password HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "password": "password",
  "oldPassword": "password"
}

Update Phone

Update the currently logged in user's phone number. After updating the phone number, the phone verification status will be reset. A confirmation SMS is not sent automatically, however you can use the POST /account/verification/phone endpoint to send a confirmation SMS.

Request
- phone string
  required
  
  Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212.
- password string
  required
  
  User password. Must be at least 8 chars.
Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/phone

REST

PATCH /v1/account/phone HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "phone": "+12065550100",
  "password": "password"
}

Get Account Preferences

Get currently logged in user preferences as a key-value object.

Response
- 200 application/json
  
  Preferences

Endpoint

GET /account/prefs

REST

GET /v1/account/prefs HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Update Preferences

Update currently logged in user account preferences. The object you pass is stored as is, and replaces any previous value. The maximum allowed prefs size is 64kB and throws error if exceeded.

Request
- prefs object
  required
  
  Prefs key-value JSON object.
Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/prefs

REST

PATCH /v1/account/prefs HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "prefs": {}
}

Create Password Recovery

Sends the user an email with a temporary secret key for password reset. When the user clicks the confirmation link he is redirected back to your app password reset URL with the secret key and email address values attached to the URL query string. Use the query string params to submit a request to the PUT /account/recovery endpoint to complete the process. The verification link sent to the user's email address is valid for 1 hour.

Request
- email string
  required
  
  User email.
- url string
  required
  
  URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.
Response
- 201 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + EMAIL
60 minutes 10 requests IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + EMAIL
60 minutes	10 requests	IP

Endpoint

POST /account/recovery

REST

POST /v1/account/recovery HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "email": "email@example.com",
  "url": "https://example.com"
}

Create Password Recovery (confirmation)

Use this endpoint to complete the user account password reset. Both the userId and secret arguments will be passed as query parameters to the redirect URL you have provided when sending your request to the POST /account/recovery endpoint.

Please note that in order to avoid a Redirect Attack the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

Request
- userId string
  required
  
  User ID.
- secret string
  required
  
  Valid reset token.
- password string
  required
  
  New user password. Must be at least 8 chars.
- passwordAgain string
  required
  
  Repeat new user password. Must be at least 8 chars.
Response
- 200 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + USER ID

Endpoint

PUT /account/recovery

REST

PUT /v1/account/recovery HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "userId": "[USER_ID]",
  "secret": "[SECRET]",
  "password": "password",
  "passwordAgain": "password"
}

List Sessions

Get currently logged in user list of active sessions across different devices.

Response
- 200 application/json
  
  Sessions List

Endpoint

GET /account/sessions

REST

GET /v1/account/sessions HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Delete Sessions

Delete all sessions from the user account and remove any sessions cookies from the end client.

Response
- 204 application/json
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 100 requests URL + IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	100 requests	URL + IP

Endpoint

DELETE /account/sessions

REST

DELETE /v1/account/sessions HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Create Anonymous Session

Use this endpoint to allow a new user to register an anonymous account in your project. This route will also create a new session for the user. To allow the new user to convert an anonymous account to a normal account, you need to update its email and password or create an OAuth2 session.

Response
- 201 application/json
  
  Session
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 50 requests IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	50 requests	IP

Endpoint

POST /account/sessions/anonymous

REST

POST /v1/account/sessions/anonymous HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

Create Email Session

Allow the user to login into their account by providing a valid email and password combination. This route will create a new session for the user.

A user is limited to 10 active sessions at a time by default. Learn more about session limits.

Request
- email string
  required
  
  User email.
- password string
  required
  
  User password. Must be at least 8 chars.
Response
- 201 application/json
  
  Session
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + EMAIL

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + EMAIL

Endpoint

POST /account/sessions/email

REST

POST /v1/account/sessions/email HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "email": "email@example.com",
  "password": "password"
}

Create Magic URL session

Sends the user an email with a secret key for creating a session. If the provided user ID has not be registered, a new user will be created. When the user clicks the link in the email, the user is redirected back to the URL you provided with the secret key and userId values attached to the URL query string. Use the query string parameters to submit a request to the PUT /account/sessions/magic-url endpoint to complete the login process. The link sent to the user's email address is valid for 1 hour. If you are on a mobile device you can leave the URL parameter empty, so that the login completion will be handled by your Appwrite instance by default.

A user is limited to 10 active sessions at a time by default. Learn more about session limits.

Request
- userId string
  required
  
  Unique Id. Choose a custom ID or generate a random ID with ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.
- email string
  required
  
  User email.
- url string
  
  URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.
Response
- 201 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + EMAIL

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + EMAIL

Endpoint

POST /account/sessions/magic-url

REST

POST /v1/account/sessions/magic-url HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "userId": "[USER_ID]",
  "email": "email@example.com",
  "url": "https://example.com"
}

Create Magic URL session (confirmation)

Use this endpoint to complete creating the session with the Magic URL. Both the userId and secret arguments will be passed as query parameters to the redirect URL you have provided when sending your request to the POST /account/sessions/magic-url endpoint.

Please note that in order to avoid a Redirect Attack the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

Request
- userId string
  required
  
  User ID.
- secret string
  required
  
  Valid verification token.
Response
- 200 application/json
  
  Session
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + USER ID

Endpoint

PUT /account/sessions/magic-url

REST

PUT /v1/account/sessions/magic-url HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "userId": "[USER_ID]",
  "secret": "[SECRET]"
}

Create OAuth2 Session

Allow the user to login to their account using the OAuth2 provider of their choice. Each OAuth2 provider should be enabled from the Appwrite console first. Use the success and failure arguments to provide a redirect URL's back to your app when login is completed.

If there is already an active session, the new session will be attached to the logged-in account. If there are no active sessions, the server will attempt to look for a user with the same email address as the email received from the OAuth2 provider and attach the new session to the existing user. If no matching user is found - the server will create a new user.

A user is limited to 10 active sessions at a time by default. Learn more about session limits.

Request
- provider string
  required
  
  OAuth2 Provider. Currently, supported providers are: amazon, apple, auth0, authentik, autodesk, bitbucket, bitly, box, dailymotion, discord, disqus, dropbox, etsy, facebook, github, gitlab, google, linkedin, microsoft, notion, okta, paypal, paypalSandbox, podio, salesforce, slack, spotify, stripe, tradeshift, tradeshiftBox, twitch, wordpress, yahoo, yammer, yandex, zoom.
- success string
  
  URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.
- failure string
  
  URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.
- scopes array
  
  A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes. Maximum of 100 scopes are allowed, each 4096 characters long.
Response
- 301 application/json
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 50 requests IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	50 requests	IP

Endpoint

GET /account/sessions/oauth2/{provider}

REST

GET /v1/account/sessions/oauth2/{provider} HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

Create Phone session

Sends the user an SMS with a secret key for creating a session. If the provided user ID has not be registered, a new user will be created. Use the returned user ID and secret and submit a request to the PUT /account/sessions/phone endpoint to complete the login process. The secret sent to the user's phone is valid for 15 minutes.

A user is limited to 10 active sessions at a time by default. Learn more about session limits.

Request
- userId string
  required
  
  Unique Id. Choose a custom ID or generate a random ID with ID.unique(). Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars.
- phone string
  required
  
  Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212.
Response
- 201 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + EMAIL

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + EMAIL

Endpoint

POST /account/sessions/phone

REST

POST /v1/account/sessions/phone HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "userId": "[USER_ID]",
  "phone": "+12065550100"
}

Create Phone Session (confirmation)

Use this endpoint to complete creating a session with SMS. Use the userId from the createPhoneSession endpoint and the secret received via SMS to successfully update and confirm the phone session.

Request
- userId string
  required
  
  User ID.
- secret string
  required
  
  Valid verification token.
Response
- 200 application/json
  
  Session
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + USER ID

Endpoint

PUT /account/sessions/phone

REST

PUT /v1/account/sessions/phone HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2

{
  "userId": "[USER_ID]",
  "secret": "[SECRET]"
}

Get Session

Use this endpoint to get a logged in user's session using a Session ID. Inputting 'current' will return the current session being used.

Request
- sessionId string
  required
  
  Session ID. Use the string 'current' to get the current device session.
Response
- 200 application/json
  
  Session

Endpoint

GET /account/sessions/{sessionId}

REST

GET /v1/account/sessions/{sessionId} HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Update OAuth Session (Refresh Tokens)

Access tokens have limited lifespan and expire to mitigate security risks. If session was created using an OAuth provider, this route can be used to "refresh" the access token.

Request
- sessionId string
  required
  
  Session ID. Use the string 'current' to update the current device session.
Response
- 200 application/json
  
  Session
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + IP

Endpoint

PATCH /account/sessions/{sessionId}

REST

PATCH /v1/account/sessions/{sessionId} HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Delete Session

Use this endpoint to log out the currently logged in user from all their account sessions across all of their different devices. When using the Session ID argument, only the unique session ID provided is deleted.

Request
- sessionId string
  required
  
  Session ID. Use the string 'current' to delete the current device session.
Response
- 204 application/json
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 100 requests URL + IP

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	100 requests	URL + IP

Endpoint

DELETE /account/sessions/{sessionId}

REST

DELETE /v1/account/sessions/{sessionId} HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Update Status

Block the currently logged in user account. Behind the scene, the user record is not deleted but permanently blocked from any access. To completely delete a user, use the Users API instead.

Response
- 200 application/json
  
  Account

Endpoint

PATCH /account/status

REST

PATCH /v1/account/status HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Create Email Verification

Use this endpoint to send a verification message to your user email address to confirm they are the valid owners of that address. Both the userId and secret arguments will be passed as query parameters to the URL you have provided to be attached to the verification email. The provided URL should redirect the user back to your app and allow you to complete the verification process by verifying both the userId and secret parameters. Learn more about how to complete the verification process. The verification link sent to the user's email address is valid for 7 days.

Please note that in order to avoid a Redirect Attack, the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

Request
- url string
  required
  
  URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an open redirect attack against your project API.
Response
- 201 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + USER ID

Endpoint

POST /account/verification

REST

POST /v1/account/verification HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "url": "https://example.com"
}

Create Email Verification (confirmation)

Use this endpoint to complete the user email verification process. Use both the userId and secret parameters that were attached to your app URL to verify the user email ownership. If confirmed this route will return a 200 status code.

Request
- userId string
  required
  
  User ID.
- secret string
  required
  
  Valid verification token.
Response
- 200 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests URL + USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	URL + USER ID

Endpoint

PUT /account/verification

REST

PUT /v1/account/verification HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "userId": "[USER_ID]",
  "secret": "[SECRET]"
}

Create Phone Verification

Use this endpoint to send a verification SMS to the currently logged in user. This endpoint is meant for use after updating a user's phone number using the accountUpdatePhone endpoint. Learn more about how to complete the verification process. The verification code sent to the user's phone number is valid for 15 minutes.

Response
- 201 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	USER ID

Endpoint

POST /account/verification/phone

REST

POST /v1/account/verification/phone HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

Create Phone Verification (confirmation)

Use this endpoint to complete the user phone verification process. Use the userId and secret that were sent to your user's phone number to verify the user email ownership. If confirmed this route will return a 200 status code.

Request
- userId string
  required
  
  User ID.
- secret string
  required
  
  Valid verification token.
Response
- 200 application/json
  
  Token
Rate limits

This endpoint is rate limited. You can only make a limited number of request to his endpoint within a specific time frame.

The limit is applied for each unique limit key.

Time frame

Attempts

Key

60 minutes 10 requests USER ID

Learn more about rate limits

Time frame	Attempts	Key
60 minutes	10 requests	USER ID

Endpoint

PUT /account/verification/phone

REST

PUT /v1/account/verification/phone HTTP/1.1
Host: HOSTNAME
Content-Type: application/json
X-Appwrite-Response-Format: 1.0.0
X-Appwrite-Project: 5df5acd0d48c2
X-Appwrite-JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ...

{
  "userId": "[USER_ID]",
  "secret": "[SECRET]"
}

Recommended