Skip to main content

Create Verification Flow for Native Apps

GET 
/auth/self-service/verification/api

This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on.

To fetch an existing verification flow call /verification/flows?flow=<flow_id>.

You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks.

This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...).

Request

Responses

verificationFlow

Schema
    active string

    Active, if set, contains the registration method that is being used. It is initially not set.

    expires_at date-time

    ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.

    id uuidrequired

    ID represents the request's unique ID. When performing the verification flow, this represents the id in the verify ui's query parameter: http://<selfservice.flows.verification.ui_url>?request=

    type: string format: uuid

    issued_at date-time

    IssuedAt is the time (UTC) when the request occurred.

    request_url string

    RequestURL is the initial URL that was requested. It can be used to forward information contained in the URL's path or query for example.

    return_to string

    ReturnTo contains the requested return_to URL.

    state required

    State represents the state of this request:

    choose_method: ask the user to choose a method (e.g. verify your email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the verification challenge was passed.

    type Type is the flow type.required

    The flow type can either be api or browser.

    ui objectrequired

    Container represents a HTML Form. The container can work with both HTTP Form and JSON requests

    action stringrequired

    Action should be used as the form action URL <form action="{{ .Action }}" method="post">.

    messages object[]
  • Array [
    • context object

    The message's context. Useful when customizing messages.

    id int64required
    text stringrequired

    The message text. Written in american english.

    type stringrequired

    Possible values: [info, error, success]

    The message type. info Info error Error success Success

  • ]
    • method stringrequired

    Method is the form method (e.g. POST)

    nodes object[]required
  • Array [
    • attributes objectrequired
    oneOf
    autocomplete string

    Possible values: [email, tel, url, current-password, new-password, one-time-code]

    The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode

    disabled booleanrequired

    Sets the input's disabled field to true or false.

    label object
    context object

    The message's context. Useful when customizing messages.

    id int64required
    text stringrequired

    The message text. Written in american english.

    type stringrequired

    Possible values: [info, error, success]

    The message type. info Info error Error success Success

    name stringrequired

    The input's element name.

    node_type stringrequired

    NodeType represents this node's types. It is a mirror of node.type and is primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is "input".

    onclick string

    OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn.

    pattern string

    The input's pattern.

    required boolean

    Mark this input field as required.

    type stringrequired

    Possible values: [text, password, number, checkbox, hidden, email, tel, submit, button, datetime-local, date, url]

    The input's element type. text InputAttributeTypeText password InputAttributeTypePassword number InputAttributeTypeNumber checkbox InputAttributeTypeCheckbox hidden InputAttributeTypeHidden email InputAttributeTypeEmail tel InputAttributeTypeTel submit InputAttributeTypeSubmit button InputAttributeTypeButton datetime-local InputAttributeTypeDateTimeLocal date InputAttributeTypeDate url InputAttributeTypeURI

    value nullable

    The input's value.

    group stringrequired

    Possible values: [default, password, oidc, profile, link, code, totp, lookup_secret, webauthn]

    Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup code CodeGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup

    messages object[]required
  • Array [
    • context object

    The message's context. Useful when customizing messages.

    id int64required
    text stringrequired

    The message text. Written in american english.

    type stringrequired

    Possible values: [info, error, success]

    The message type. info Info error Error success Success

  • ]
    • meta objectrequired

    This might include a label and other information that can optionally be used to render UIs.

    label object
    context object

    The message's context. Useful when customizing messages.

    id int64required
    text stringrequired

    The message text. Written in american english.

    type stringrequired

    Possible values: [info, error, success]

    The message type. info Info error Error success Success

    type stringrequired

    Possible values: [text, input, img, a, script]

    The node's type text Text input Input img Image a Anchor script Script

  • ]
Loading...