3

Current paradigm of email verification:

  1. Send an email to the user containing a link with a token.
  2. User opens the email and clicks on the link.
  3. User resource updated with the new verified email.

In step 2, a GET request is being performed to get the resource, for example

GET /email-verification/{token}

Since the resource is being updated behind the scenes, doesn't it break the RESTful approach ?

Is this the common approach ?

Doing POST/PATCH requests from email would require a form and i'm not sure email clients support it.

Michael
  • 22,196
  • 33
  • 132
  • 187
  • I believe the link in the email should open a static web page which will call your REST API with the PUT method (idempotent) either from the controller generating this page in a multi-page application, or from an AJAX call in a single-page application. A GET method shouldn't modify any data on your server (idempotent and safe (only retrieving data)). – Maxime Laval Sep 27 '16 at 21:45

0 Answers0