It looks like that if the redirect URL is configured for password reset or email verification templates, redirect sends emails in the URL which is PII data. Is it possible to make the same requests without email addresses?
It is possible to prevent sending the emails on the redirect links by updating the email templates with the management API
E.g:
PATCH /api/v2/email-templates/reset_email
{
"includeEmailInRedirect": false
}
or,
PATCH /api/v2/email-templates/verify_email
{
"includeEmailInRedirect": false
}
1 Like