Skip to main content

User verification with email (Self-serve)

This guide focuses on the self-serve email verification approach, which offers the best balance of simplicity, security, and user experience for most applications.

Getting Started

Verify user email addresses with Scute in just a few steps:
  1. Create a Scute App: Sign up and create your app
  2. Get API Credentials: Copy your App ID and API Secret from the dashboard
  3. Create M2M Token: Use your API key to generate machine-to-machine authentication tokens
  4. Send Verification Requests: Use our API to create email verification requests
Email verification works by sending users a secure magic link that they click to verify their email address.

Creating the VerificationRequest

You can create verification requests in two ways:
  1. Using the Scute Dashboard: Create requests manually from the Scute dashboard
  2. Using the API: Create requests programmatically by making a POST request to our API

API Method

To create a verification request programmatically, send a POST request to the verification endpoint: 
POST https://api.scute.io/v1/verify/:app_id/verifications

Authentication

This endpoint requires M2M (Machine-to-Machine) authentication. Create an M2M token from your Scute dashboard: 
# Get M2M token first
curl -X POST "https://api.scute.io/v1/auth/m2m/token" \
  -H "Content-Type: application/json" \
  -d '{"api_key": "your_api_key"}'

Request Parameters

ParameterTypeRequiredDescription
app_idstringYesYour Scute application ID (in the URL path)
identifierstringYesThe email address to verify
channelstringYesMust be “email” for email verification
verification_typestringYesMust be “standard” for basic email verification
reasonstringNoDescription of why verification is needed
metadataobjectNoAdditional data for the verification

Example Request

// Using fetch
const response = await fetch('https://api.scute.io/v1/verify/your-app-id/verifications', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Authorization': 'your_m2m_access_token'
  },
  body: JSON.stringify({
    identifier: 'user@example.com',
    channel: 'email',
    verification_type: 'standard',
    reason: 'Account email verification',
    metadata: {
      user_source: 'website_signup'
    }
  })
});

const data = await response.json();
console.log(data.verification_id); // Use this ID to track verification status

cURL Example

curl -X POST "https://api.scute.io/v1/verify/your-app-id/verifications" \
  -H "Content-Type: application/json" \
  -H "X-Authorization: your_m2m_access_token" \
  -d '{
    "identifier": "user@example.com",
    "channel": "email",
    "verification_type": "standard",
    "reason": "Account email verification"
  }'

Response

{
  "verification_id": "uuid-string",
  "status": "pending",
  "channel": "email",
  "created_at": "2024-01-15T14:30:00Z"
}
  • API creates a new Scute User if one doesn’t exist with the provided email
  • Returns a verification request object with a unique ID for tracking status
  • User receives an email with a magic link to complete verification

User Flow

Here’s what happens during the email verification process:
  1. Email Delivery: The user receives an email containing a magic link. You can customize the email template through the Scute dashboard.
  2. Magic Link Interaction: When the user clicks the magic link, they are directed to your custom Scute app domain (your-app.scute.app). Email verification flow
  3. Authentication: The user completes authentication on this page. You can enable or disable passkeys support for this step based on your security requirements.
  4. Verification Completion: Upon successful authentication, the VerificationRequest status changes to “verified” and your application can proceed with the intended action.