Get Verification Flow

GET https://accounts.<domain>/auth/self-service/verification/flows

This endpoint returns a verification flow's context with, for example, error details and other information.

Browser flows expect the anti-CSRF cookie to be included in the request's HTTP Cookie Header. For AJAX requests you must ensure that cookies are included in the request or requests will fail.

If you use the browser-flow for server-side apps, the services need to run on a common top-level-domain and you need to forward the incoming HTTP Cookie header to this endpoint:

pseudo-code example
router.get('/recovery', async function (req, res) {
const flow = await client.getVerificationFlow(req.header('cookie'), req.query['flow'])

res.render('verification', flow)
})

Request

Query Parameters

id stringrequired

The Flow ID

The value for this parameter comes from request URL Query parameter sent to your application (e.g. /verification?flow=abcde).

Header Parameters

cookie string

HTTP Cookies

When using the SDK on the server side you must include the HTTP Cookie Header originally sent to your HTTP handler here.

Responses

200
403
404
default

verificationFlow

application/json

Schema
Example (auto)

Schema

activestring

Active, if set, contains the registration method that is being used. It is initially not set.

expires_atstring<date-time>

ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address, a new request has to be initiated.

idstring<uuid>required

ID represents the request's unique ID. When performing the verification flow, this represents the id in the verify ui's query parameter: http://<selfservice.flows.verification.ui_url>?request=

type: string format: uuid

issued_atstring<date-time>

IssuedAt is the time (UTC) when the request occurred.

request_urlstring

RequestURL is the initial URL that was requested. It can be used to forward information contained in the URL's path or query for example.

return_tostring

ReturnTo contains the requested return_to URL.

staterequired

State represents the state of this request:

choose_method: ask the user to choose a method (e.g. verify your email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the verification challenge was passed.

typeType is the flow type. (string)required

The flow type can either be api or browser.

ui objectrequired

Container represents a HTML Form. The container can work with both HTTP Form and JSON requests

actionstringrequired

Action should be used as the form action URL <form action="{{ .Action }}" method="post">.

messages object[]

methodstringrequired

Method is the form method (e.g. POST)

nodes object[]required

Array [

attributes objectrequired

node_typerequired

Possible values: [a, img, input, script, text]

a
img
input
script
text

hrefstringrequired

The link's href (destination) URL.

format: uri

idstringrequired

A unique identifier

title objectrequired

autocompletestring

The autocomplete attribute for the input. email InputAttributeAutocompleteEmail tel InputAttributeAutocompleteTel url InputAttributeAutocompleteUrl current-password InputAttributeAutocompleteCurrentPassword new-password InputAttributeAutocompleteNewPassword one-time-code InputAttributeAutocompleteOneTimeCode

Possible values: [email, tel, url, current-password, new-password, one-time-code]

disabledbooleanrequired

Sets the input's disabled field to true or false.

label object

namestringrequired

The input's element name.

onclickstring

OnClick may contain javascript which should be executed on click. This is primarily used for WebAuthn.

patternstring

The input's pattern.

requiredboolean

Mark this input field as required.

typestringrequired

The input's element type. text InputAttributeTypeText password InputAttributeTypePassword number InputAttributeTypeNumber checkbox InputAttributeTypeCheckbox hidden InputAttributeTypeHidden email InputAttributeTypeEmail tel InputAttributeTypeTel submit InputAttributeTypeSubmit button InputAttributeTypeButton datetime-local InputAttributeTypeDateTimeLocal date InputAttributeTypeDate url InputAttributeTypeURI

Possible values: [text, password, number, checkbox, hidden, email, tel, submit, button, datetime-local, date, url]

valuenullable

The input's value.

idstringrequired

A unique identifier

text objectrequired

groupstringrequired

Group specifies which group (e.g. password authenticator) this node belongs to. default DefaultGroup password PasswordGroup oidc OpenIDConnectGroup profile ProfileGroup link LinkGroup code CodeGroup totp TOTPGroup lookup_secret LookupGroup webauthn WebAuthnGroup

Possible values: [default, password, oidc, profile, link, code, totp, lookup_secret, webauthn]

messages object[]required

meta objectrequired

typestringrequired

The node's type text Text input Input img Image a Anchor script Script

Possible values: [text, input, img, a, script]

]

{
  "active": "string",
  "expires_at": "2024-07-29T15:51:28.071Z",
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "issued_at": "2024-07-29T15:51:28.071Z",
  "request_url": "string",
  "return_to": "string",
  "type": "string",
  "ui": {
    "action": "string",
    "messages": [
      {
        "context": {},
        "id": 0,
        "text": "string",
        "type": "info"
      }
    ],
    "method": "string",
    "nodes": [
      {
        "attributes": {
          "autocomplete": "email",
          "disabled": true,
          "label": {
            "context": {},
            "id": 0,
            "text": "string",
            "type": "info"
          },
          "name": "string",
          "node_type": "string",
          "onclick": "string",
          "pattern": "string",
          "required": true,
          "type": "text"
        },
        "group": "default",
        "messages": [
          {
            "context": {},
            "id": 0,
            "text": "string",
            "type": "info"
          }
        ],
        "meta": {
          "label": {
            "context": {},
            "id": 0,
            "text": "string",
            "type": "info"
          }
        },
        "type": "text"
      }
    ]
  }
}

errorGeneric

application/json

Schema
Example (auto)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

errorGeneric

application/json

Schema
Example (auto)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

errorGeneric

application/json

Schema
Example (auto)

Schema

error objectrequired

{
  "error": {
    "code": 404,
    "debug": "SQL field \"foo\" is not a bool.",
    "details": {},
    "id": "string",
    "message": "The resource could not be found",
    "reason": "User with ID 1234 does not exist.",
    "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
    "status": "Not Found"
  }
}

HTTPCLIENT
RESTSHARP

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://accounts.<domain>/auth/self-service/verification/flows");
request.Headers.Add("Accept", "application/json");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

Get Verification Flow

https://accounts.<domain>/auth/self-service/verification/flows

Request​

Query Parameters

Header Parameters

Responses​

Request

Responses