Verify Email Update

Verify email update OTP and update email address in database.

Quick Navigation

• Endpoint
• Headers
• Request Body
• Parameters
• Validations
• Response
• Success (200)
• Error Codes
• Data Flow
• Features
• Example
• Related Endpoints

Endpoint

POST /api/v1/auth/me/email/verify

Headers

Header	Required	Description
Authorization	Yes	Bearer <access_token>
Content-Type	Yes	application/json

Request Body

{
  "new_email": "newemail@example.com",
  "otp_code": "123456"
}

Parameters

Field	Type	Required	Description
new_email	string	Yes	New email address (must match request)
otp_code	string	Yes	6-digit OTP code from email

Validations

• OTP code validation
• OTP expiration check (10 minutes)
• New email must match stored request
• Request must exist in Redis
• Email uniqueness check

Response

Success (200)

{
  "success": true,
  "data": {
    "message": "Email updated successfully",
    "old_email": "old@example.com",
    "new_email": "newemail@example.com"
  },
  "message": "Email updated successfully"
}

Error Codes

Status	Code	Description
400	EMAIL_UPDATE_VERIFY_FAILED	Verification failed
400	INVALID_OTP	Invalid OTP code
400	OTP_EXPIRED	OTP expired
401	UNAUTHORIZED	Invalid or missing token
422	VALIDATION_ERROR	Request validation failed

Data Flow

1. Authentication

   • Verify access token
   • Get current user

2. Request Validation

   • Retrieve email update request from Redis
   • Verify request exists and hasn't expired
   • Verify new_email matches stored request

3. OTP Verification

   • Verify OTP code from Redis
   • Check OTP expiration
   • Check attempt limit

4. Email Update

   • Create new UserEmail record
   • Mark new email as verified and primary
   • Mark old primary email as non-primary
   • Update user references if needed

5. Cleanup

   • Remove request from Redis
   • Invalidate OTP code

6. Audit Logging

   • Log email update event
   • Record old and new email addresses

Features

• Verifies OTP code sent to new email
• Validates request exists in Redis
• Updates email in database only after successful verification
• Makes new email primary
• Preserves email history

Example

curl -X POST https://api.rivergen.com/api/v1/auth/me/email/verify \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "new_email": "newemail@example.com",
    "otp_code": "123456"
  }'

Related Endpoints

• Request Email Update - Initiate email change
• Get Current User - View updated email