Verify Account via JSON Endpoints

[andyrue]

I'm trying to verify an account using the JSON endpoint verify-account. I'm sending a POST request with a body of { key: "my-validation-key" } but the response comes back with a 401 and error message of unable to verify account. I've checked the key in the database, and it is sending the key how it looks in the AccountVerificationKeys table. My only thought is I'm not formatting the parameters right, but not sure how to verify what they're supposed to be. Any suggestions?

[janko]

If you're using HMACs (default in rodauth-rails), the verification key needs to be sent in HMAC'd to the endpoint (just like it appears in the verification email). If it matches directly what's in the database, it's likely the raw key instead of HMAC'd.

[andyrue]

That was it. Thank you!

[andyrue]

I guess that was only a part of the problem. Turns out you also have to prefix the key with <account_id>_. Example for account with ID of 20: 20_asdkjf879o3jhklasdjf8932. I pieced everything together and it's working. I'm having to recreate the verify account email link because I couldn't find a way to fix the hostname for the url that was being generated by the mailer originally and I need the hostname of my frontend. I know there is an open issue on this already. Thanks again for pointing me in the right direction!