I’m using a basic username - password flow, but I’m worried about spam bots clogging up my MAU count.
What would be the best way to deal with unverified users? Perhaps a cron job script that calls the API every week and deletes users that aren’t verified and who haven’t tried to login within x amount of time?
It would be great to hear feedback on this. Thanks!
To answer both of your questions, using the api.redirect.sendUserTo will consume your MAU count, whereas the api.access.deny will not consume your MAU count.
This is because the redirect call requires a /continue endpoint to be called to resume authentication, thus increasing your MAU count.
I hope this helps!
Please reach out if you have any additional questions.
When redirect users after denying them access, you will have to use a combination of both the api.access.deny() and api.redirect.sendUserTo() methods.
Allow me to clarify, the first step is to deny the user access by calling the api.access.deny() method, and then you can proceed with calling the api.redirect.sendUserTo() method to redirect them to your preferred page.
Please let me know if you have any additional questions.