Skip to main content

User verification with email (Self-serve)

This guide focuses on the self-serve email verification approach, which offers the best balance of simplicity, security, and user experience for most applications.

Getting Started

You can verify a user via email for any action using Scute by following these steps:

  1. Create a Scute App: If you haven't already, create a Scute App for your application.
  2. Enable VeriScute: Access the Scute dashboard and enable VeriScute for your app, or contact our support team to handle this for you.
  3. Access Your Custom App: Upon enabling VeriScute, we'll create a custom Scute app specifically for handling the user-facing aspects of your verification flow. This custom app will be accessible at your-app.scute.app. You can customize this domain to match your branding if desired.

Creating the VerificationRequest

You can create verification requests in two ways:

  1. Using the Scute Dashboard: Create requests manually from the Scute dashboard
  2. Using the API: Create requests programmatically by making a POST request to our API

API Method

To create a verification request programmatically, send a POST request to the verification endpoint:

POST https://api.scute.io/v1/verify/:app_id/verifications/email

Request Parameters

ParameterTypeDescription
app_idstringYour Scute application ID (in the URL path)
emailstringThe email address to verify
reasonstringA unique string that explains the reason for verification or action, if need multiple strings, you can separate by comma like action1,action2,action3

Example Request

// Using fetch
const response = await fetch('https://api.scute.io/v1/verify/your-app-id/verifications/email', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_SCUTE_API_KEY'
  },
  body: JSON.stringify({
    email: 'user@example.com'
  })
});

const data = await response.json();
console.log(data); // Contains the verification request details

Response

  • API creates a new Scute User with the email parameter
  • The API returns the created verification request object with a unique ID that you can use to track its status.

User Flow

Here's what happens during the email verification process:

  1. Email Delivery: The user receives an email containing a magic link. You can customize the email template through the Scute dashboard.

  2. Magic Link Interaction: When the user clicks the magic link, they are directed to your custom Scute app domain (your-app.scute.app).

    Email verification flow

  3. Authentication: The user completes authentication on this page. You can enable or disable passkeys support for this step based on your security requirements.

  4. Verification Completion: Upon successful authentication, the VerificationRequest status changes to "verified" and your application can proceed with the intended action.