Generate Withdraw Code

Request email verification code for secure withdrawal operations

USER Operation

Overview

The generateWithdraw mutation allows users to generate an email verification code required for all withdrawal operations. This is the first step in the withdrawal process and ensures only authorized users can initiate fund withdrawals.

Required for All Withdrawals

This verification code must be obtained before submitting any withdrawal request (crypto, fiat, or PayPal).

GraphQL Schema

📧

Mutation Schema

Generate email verification code

generateWithdraw: String

Parameters

📋No Parameters Required

This mutation does not require any input parameters. The verification code is automatically sent to the email address associated with the authenticated user's account.

Return Value

✅

String Response

Success status message

Return Type: String

Returns "Success" if the verification code email was sent successfully, otherwise returns an error message.

Success Response

"Success"

Error Response

Error message

Example Mutation

💻Request Verification Code

mutation {
  generateWithdraw
}

Expected Response

{
  "data": {
    "generateWithdraw": "Success"
  }
}

Use Cases

₿

Crypto Withdrawals

Generate code before withdrawing cryptocurrency to external wallets

🏦

Bank Transfers

Verify identity before initiating fiat bank withdrawal requests

💳

PayPal Payments

Secure PayPal withdrawal initiation with email verification

🔐

Security Verification

Confirm user identity before any fund withdrawal operations

Implementation Example

Complete Withdrawal Flow

// User initiates withdrawal process
async function initiateWithdrawal(amount: number, currency: string) {
  try {
    // Step 1: Generate verification code
    const codeRequest = await client.request(gql`
      mutation {
        generateWithdraw
      }
    `);

    if (codeRequest.generateWithdraw !== 'Success') {
      throw new Error('Failed to send verification code');
    }

    console.log('✅ Verification code sent to your email');

    // Step 2: Prompt user to enter code from email
    const verificationCode = await promptUserForCode();

    // Step 3: Submit withdrawal with verification code
    const withdrawal = await client.request(gql`
      mutation WithdrawCrypto(
        $amount: Float!,
        $sourceToken: String!,
        $network: String!,
        $des: String!,
        $code: String!
      ) {
        cryptoWithdrawRequest(
          amount: $amount,
          sourceToken: $sourceToken,
          network: $network,
          des: $des,
          code: $code
        ) {
          id
          status
          createdAt
        }
      }
    `, {
      amount,
      sourceToken: currency,
      network: 'ERC20',
      des: userWalletAddress,
      code: verificationCode
    });

    console.log('✅ Withdrawal request submitted:', withdrawal);

  } catch (error) {
    console.error('❌ Withdrawal failed:', error);
  }
}

Workflow Diagram

Withdrawal Verification Flow

User Calls generateWithdraw

System sends verification code to user's registered email

User Receives Email

Email contains time-limited verification code (typically 6 digits)

User Enters Code

User inputs verification code into withdrawal form

Submit Withdrawal Request

User submits withdrawal with code via appropriate mutation

System Validates Code

Backend verifies code matches and hasn't expired

Security Features

🔒Security Measures

📧

Email Verification

Code sent only to user's verified email address on file

⏱️

Time-Limited Codes

Verification codes expire after a short time period (typically 10-15 minutes)

🔢

Single-Use Codes

Each code can only be used once for a single withdrawal request

🔐

Authentication Required

User must be authenticated before requesting verification codes

Best Practices

✅

Request Code Just Before Withdrawal

Generate the verification code immediately before filling out the withdrawal form to minimize expiration risk

✅

Check Email Spam Folder

Inform users to check spam/junk folders if code doesn't arrive within a few minutes

✅

Implement Rate Limiting

Prevent abuse by limiting how many verification codes can be requested per time period

✅

Provide Clear UI Feedback

Show clear success message when code is sent and countdown timer for code expiration

❌

Don't Store Codes Client-Side

Never store verification codes in browser storage or logs for security

Error Handling

async function generateWithdrawCode() {
  try {
    const result = await client.request(gql`
      mutation {
        generateWithdraw
      }
    `);

    if (result.generateWithdraw === 'Success') {
      showSuccessNotification('Verification code sent to your email');
      startCodeExpirationTimer(15 * 60); // 15 minutes
    } else {
      throw new Error(result.generateWithdraw);
    }

  } catch (error) {
    if (error.message.includes('rate limit')) {
      showErrorNotification('Too many requests. Please wait before requesting another code.');
    } else if (error.message.includes('email')) {
      showErrorNotification('Email delivery failed. Please verify your email address.');
    } else {
      showErrorNotification('Failed to generate verification code. Please try again.');
    }
    console.error('Code generation error:', error);
  }
}

First Step to Secure Withdrawals

Always generate a fresh verification code for each withdrawal to ensure maximum security

Generate Withdraw Code

Generate Withdraw Code

Overview

GraphQL Schema

Parameters

Return Value

Example Mutation

Use Cases

Implementation Example

Workflow Diagram

Security Features

Best Practices

Error Handling

Crypto Withdrawal Request

Fiat Withdrawal Request

PayPal Withdrawal Request

Withdrawal Overview

On this page