Implement security verification by Management API
Password verification
When users attempt to change their password, the system should prompt them to re-enter their current password to verify their identity. This step ensures that only the authorized account holder can change the password, preventing unauthorized access to the account.
| method | path | description |
|---|---|---|
| POST | /api/users/{userId}/password/verify | Verify current user password by user ID. |
Email/SMS one-time code verification
Send a verification code to the user’s email or phone number and prompt them to enter the code to confirm their identity. These endpoints can be used to verify a user’s identity or to confirm ownership of a specific email or phone number. This verification step is highly recommended when a user attempts to link a new email address or phone number to their account, ensuring the authenticity of the information provided.
| method | path | description |
|---|---|---|
| POST | /api/verification/verification-codes | Send email or phone number verification code. |
| POST | /api/verification/verification-codes/verify | Verify email or phone number by verification code. |