Skip to main content

Reauthenticate

POST 
/auth/v1/user/reauthenticate

API Description

Send an email or SMS verification code to the currently logged-in user for executing sensitive operations such as modifying user password and deleting user.

Features

  • Send email or SMS verification code to the currently logged-in user
  • Verification code valid for 300 seconds (5 minutes)
  • Enhances security and prevents accidental operations
  • Used for secondary verification of sensitive operations

Input Requirements

Required Parameters

  • Authorization: Current logged-in user's access_token (required, Bearer format)
  • client_id: Client ID corresponding to the application (optional, defaults to environment ID)
  • x-device-id: Device ID (optional, current logged-in device ID)

Request Body Parameters

  • verify_opt: Verification method (required, valid values: phone_code to send SMS verification code, email_code to send email verification code)

Prerequisites

  • User must be logged in and hold valid access_token
  • Sensitive operations require secondary verification to enhance security

Output Description

Successful Response

  • Returns empty object {}, indicating verification code sent successfully

Request Examples

Send Email Verification Code Request Example

POST /auth/v1/user/reauthenticate
Authorization: Bearer your_access_token
Content-Type: application/json

{
  "verify_opt": "email_code"
}

Send SMS Verification Code Request Example

POST /auth/v1/user/reauthenticate
Authorization: Bearer your_access_token
Content-Type: application/json

{
  "verify_opt": "phone_code"
}

Response Examples

Send Success Response

{}

Verification Failure Response

{
  "error": "invalid_argument",
  "error_code": 4001,
  "error_description": "Invalid verification method, please use phone_code or email_code"
}

Usage Flow

1. User Login

  • User obtains access_token through normal login process

2. Initiate Reauthentication

  • Call this API to choose verification method (SMS or email)
  • System sends verification code to user

3. User Receives Verification Code

  • User checks verification code in phone or email
  • Verification code valid for 300 seconds (5 minutes)

4. Execute Sensitive Operations

  • Pass verification code in subsequent sensitive operations (such as modifying password, deleting user) to complete secondary verification

Key Characteristics

Security

  • Secondary verification ensures operation security
  • Short verification code validity period (5 minutes) prevents abuse
  • Supports both SMS and email verification methods

Verification Methods

  • phone_code: Send SMS verification code to user's bound phone number
  • email_code: Send email verification code to user's bound email address

Request

Query Parameters

    client_id string

    Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted

Header Parameters

    x-device-id string

    Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

    Authorization stringrequired

    The access_token of the current logged-in user, format is Bearer xxx

    Example: Bearer your_access_token

Body

    verify_opt stringrequired

    Possible values: [phone_code, email_code]

    Verification method, valid values: phone_code (send SMS verification code), email_code (send email verification code)

Responses

A successful response.

Response Headers
    Schema
      object
    Loading...