Verify Account
Activate user accounts with email verification code sent during registration
✉️ EMAIL VERIFICATION
Verify Account
Confirm email ownership and activate user accounts with secure 6-digit verification codes.
Registration Step 2
This is the second step after signup. Users must verify their email before proceeding to 2FA setup.
Overview
The verifyAccount mutation validates the 6-digit code sent to the user's email during registration. Successful verification activates the account and allows the user to proceed with 2FA setup.
GraphQL Schema
mutation {
verifyAccount(
email: String!
code: String!
): String!
}Parameters
String
Email address being verified. Must match the signup email.
code
RequiredString
6-digit verification code from email. Valid for 10 minutes.
Return Values
SuccessEmail successfully verified. Account activated. Proceed to 2FA setup.
FailedIncorrect or expired code (codes expire after 10 minutes). Request new code.
Cannot find userEmail not registered. Exception thrown with message: "Cannot find user by {email}"
Example Usage
Request
mutation VerifyEmail {
verifyAccount(
email: "demouser@nyyu.io"
code: "794221"
)
}Successful Response
{
"data": {
"verifyAccount": "Success"
}
}Account Verified
Email demouser@nyyu.io successfully verified. Proceed to set up two-factor authentication.
Failed Verification
{
"data": {
"verifyAccount": "Failed"
}
}Verification Failed
Invalid or expired code. Please request a new verification code.
Implementation Example
Verification Flow Integration
// Example: Email verification handler
async function handleVerifyEmail(email, code) {
try {
const result = await graphqlClient.mutate({
mutation: gql`
mutation VerifyAccount($email: String!, $code: String!) {
verifyAccount(email: $email, code: $code)
}
`,
variables: {
email: email,
code: code
}
});
if (result.data.verifyAccount === "Success") {
// Email verified successfully
showSuccess("Email verified! Setting up 2FA...");
// Clear pending email from storage
sessionStorage.removeItem('pendingEmail');
// Redirect to 2FA setup page
router.push('/setup-2fa');
} else {
// Verification failed
showError("Invalid or expired code. Please try again.");
// Optionally show resend button
showResendOption(email);
}
} catch (error) {
if (error.message.includes("Cannot find user")) {
showError("Email not found. Please sign up first.");
router.push('/signup');
} else {
showError("Verification failed. Please try again.");
}
}
}
// Auto-resend after expiration (10 minutes)
function setupExpiryTimer() {
const expiryTime = 10 * 60 * 1000; // 10 minutes
setTimeout(() => {
showWarning("Code expired. Click to request a new one.");
enableResendButton();
}, expiryTime);
}Use Cases
Email Ownership
Confirm user has access to the email address provided during registration
Account Activation
Activate newly registered accounts before allowing 2FA setup and platform access
Security Validation
Prevent fraudulent signups and ensure legitimate email addresses
Time-Limited Codes
10-minute expiry ensures codes cannot be used after extended periods
Best Practices
⏰ Code Expiry Warning
Display countdown timer showing remaining time before code expires (10 minutes)
🔄 Easy Resend
Provide prominent "Resend Code" button for expired or un-received codes
📧 Email Pre-fill
Auto-populate email field from signup step to reduce user input errors
🎯 Input Validation
Validate code format (6 digits) client-side before API call to reduce errors
📱 Mobile Optimization
Use numeric keyboard on mobile devices and consider auto-fill from SMS