Email verification
The E-Mail Verification feature ensures that user email addresses are valid and secure before completing account creation, adding a layer of protection against fraudulent accounts and supporting legal compliance.
.png)
Integration Process
SCAYLE's E-Mail Verification can be integrated via the ready-to-use UI component to suit various implementation needs.
| Option | Description |
|---|---|
| Webcomponent | Plug-and-play UI component provided by Scayle that handles the entire verification process with no additional integration effort required. |
How it works
Verification Types
SCAYLE's E-Mail Verification can happen in two methods.
| Type | Description |
|---|---|
verification_code | 6-digit numeric code; input manually in UI |
magic_link | comes in the same email, this link will take the user to the specific page, this link has the verification code as a parameter, so the user skips the manual entry of the code |
Only one active code per user is allowed at a time.
User Flow
If a user registers with an unverified email, the system sends a 6-digit code and magic link for manual verification, which upon successful validation updates the email as verified, allowing seamless login or checkout continuation.
If a user logs in with is_email_verified = false, the system does not automatically send a verification email. If the user did not receive the original email or the link expired, a new verification code can be triggered manually.
When Verification is Skipped
The Email verification is generally skipped for accounts created or authenticated via a trusted Identity Provider (IDP) such as Facebook or Apple. IDPs typically are handling the primary email confirmation, streamlining the user experience.
Verification Steps
- User Registers
The customer starts registration or checkout as a guest. The system creates a customer record withis_email_verified = false. - Verification Triggered
The backend will generate and send a 6-digitverification_codeand themagic_linkto the customer's email address. - User Confirms
The user either enters the code manually in the UI or clicks the magic link received via email to verify their email address. - System Validates
The system validates the code or link, applies attempt and expiration limits, logs relevant events, and updates the customer record withis_email_verified = true. - Login or Continuation
Once verification is successful, the customer can proceed to login or continue the checkout process without additional email confirmation steps.
Verification on Email Change
When a registered user updates their email address in their account settings, the system immediately marks the new address as unverified. The full verification process is then re-triggered to the new email address to maintain security and data integrity.
Configuration Options
Email verification behavior is fully configurable in the SCAYLE Panel, including expiry time, attempt limits, and code generation caps. This can be configured under General ➜ Configuration ➜ Email Verification Configuration.
.png)
| Option | Default | Description |
|---|---|---|
enabled | false | Globally enable/disable verification |
code_expiration (minutes) | 10 minutes | Time before code expires |
max_code_attempts | 3 | Max code entry attempts per code… |
code_attempt_timeframe (minutes) | 60 minutes | …within this timeframe |
max_verification_attempts | 3 | How many times a user can enter a wrong code before needing a new one |
If the
max_verification_attemptsis reached, the system temporarily blocks further code creations and require the customer to wait forcode_attempt_timeframe (minutes), e.g. 60 min before retrying.
Email Templates
Configure the following email templates in the SCAYLE Panel: SCAYLE ➜ Email Templates
Verification E-Mail → customer-email-verification-mail\
Legal & Compliance
All verification data is meticulously tracked to provide a clear audit trail. This information is available on request through the SCAYLE Account Manager for further review and compliance purposes.
| Field | Description |
|---|---|
verification_timestamp | Time when code or link was confirmed |
confirmation_email_times | Timestamps of all sent verification emails |
successful_attempt_timestamps | Logged only for verification_code |
verified_via | Tracks if magic link or code was used |
Data Retention & Anonymisation
To comply with data privacy regulations, unverified customer accounts (those where the email was never confirmed) are automatically anonymised after a 2 year period. This ensures personal data is not retained indefinitely for unconfirmed users.
