Resend Verification Code
Request a new email verification code when the original has expired or was not received
CODE RECOVERY
Resend Verification Code
Request a new email verification code when the original code has expired or was not received during account registration.
Code Expiration
Verification codes expire after 10 minutes for security. Use this endpoint to request a fresh code.
Overview
The resendVerifyCode mutation sends a new verification code to the user's registered email address. This is helpful when the initial verification code has expired or was not received by the user during the signup process.
GraphQL Schema
mutation {
resendVerifyCode(
email: String!
): String!
}Parameters
String
Email address that requires a new verification code. Must be a registered email.
Return Values
Already exists, sent verify codeEmail is registered but not yet verified. A new verification code has been sent to the email address (valid for 10 minutes).
Already verifiedEmail is already verified. User should proceed to sign in instead of completing verification again.
Cannot find user by {email}Email address is not registered in the system. User should complete the signup process first.
Example Usage
Request
mutation ResendCode {
resendVerifyCode(
email: "demouser@nyyu.io"
)
}Successful Response (Code Sent)
{
"data": {
"resendVerifyCode": "Already exists, sent verify code"
}
}Check Email
A new 6-digit verification code has been sent to demouser@nyyu.io. The code expires in 10 minutes.
Already Verified Response
{
"data": {
"resendVerifyCode": "Already verified"
}
}Account Already Active
This email is already verified. Please proceed to the sign-in page instead.
Error Response
{
"errors": [
{
"message": "Cannot find user by demouser@nyyu.io"
}
]
}Email Not Found
This email is not registered. Please complete the signup process first.
Verification Flow
Code Resend Process
⏰
Step 1: Code Expired
User realizes their original verification code has expired after 10 minutes
📧
Step 2: Request New Code
User clicks "Resend Code" button which calls this mutation
mutation resendVerifyCode(email)✅
Step 3: Complete Verification
User enters the new code to verify their email ownership
→ verifyAccount(email, code)Implementation Example
Frontend Integration
// Example: Resend verification code handler
async function handleResendCode(email) {
try {
const result = await graphqlClient.mutate({
mutation: gql`
mutation ResendVerifyCode($email: String!) {
resendVerifyCode(email: $email)
}
`,
variables: {
email: email
}
});
const response = result.data.resendVerifyCode;
if (response === "Already exists, sent verify code") {
// New code sent successfully
showNotification("A new verification code has been sent to your email!");
// Start countdown timer (10 minutes)
startCountdownTimer(600); // 600 seconds = 10 minutes
// Disable resend button temporarily
setResendButtonDisabled(true);
} else if (response === "Already verified") {
// Account already verified
showInfo("Your account is already verified. Redirecting to sign in...");
setTimeout(() => router.push('/signin'), 2000);
}
} catch (error) {
if (error.message.includes("Cannot find user")) {
showError("Email not found. Please sign up first.");
router.push('/signup');
} else {
console.error("Resend code failed:", error);
showError("Failed to resend code. Please try again.");
}
}
}
// Countdown timer for code expiration
function startCountdownTimer(seconds) {
let remaining = seconds;
const timer = setInterval(() => {
remaining--;
const minutes = Math.floor(remaining / 60);
const secs = remaining % 60;
updateTimerDisplay(`${minutes}:${secs.toString().padStart(2, '0')}`);
if (remaining <= 0) {
clearInterval(timer);
showWarning("Verification code has expired. Please request a new one.");
setResendButtonDisabled(false);
}
}, 1000);
}Use Cases
Expired Code
User took longer than 10 minutes to enter verification code after signup
Email Not Received
Original verification email went to spam folder or was not delivered
Lost Code
User accidentally deleted the email or lost the verification code
Device Change
User switched devices and needs to access verification code on new device
Best Practices
⏱️ Rate Limiting
Implement client-side rate limiting to prevent spam. Disable resend button for 60 seconds after each request
⏰ Countdown Timer
Display a countdown timer showing when the verification code will expire (10 minutes from send time)
📧 Check Spam Folder
Remind users to check their spam/junk folder before requesting a new code
🔄 Clear Feedback
Provide clear visual feedback when code is sent, including email address confirmation
✅ Handle All States
Implement different UI flows for: code sent, already verified, and email not found scenarios
🎯 Auto-Redirect
Automatically redirect already-verified users to sign-in page instead of showing error
Security Considerations
10-Minute Expiration: Each code automatically expires after 10 minutes to limit exposure window
Rate Limiting: Server-side rate limiting prevents brute force attempts on verification codes
One Active Code: Requesting new code invalidates previous codes for the same email
No Enumeration: Response doesn't reveal whether email exists in system (except via error)