Auth0 Home Blog Docs

Management vs "User" API?


I’m a bit confused about how all the APIs is documented.

I have managed to get a access_token to call the /userinfo endpoint to for example see if the users e-mail is verified.

What i want to do now is to be able to present a user with a non verified e-mail an option to resend this e-mail if they can’t find it.

Then i found various post that suggest me to use the management API to do that. But as far as i understood it i can’t give access to the management API to regular users that just logs in to my site and that i don’t know anything about? I also do not want the user to get some confusing questions when they log in if they will allow access to some API they doesn’t know anything about?

I guess i could do some setup to be able to do some machine-to-machine API calls (i.e my server side code calls the management API via a Token that my server has), but that requires me to use the “Developer Pro” plan and that is WAAAYY more expensive.

Or am i missing something? Should a logged in user be able to do stuff like resending an e-mail by themselves?

Or is there some API or some kind of setup i am missing here?


:wave: @olaj we could create a new Rule using the Force email verification template, and customize it to add logic for automatically sending email verification on a login attempt from a user with an unverified email address:

function (user, context, callback) {
  if (!user.email_verified) {
   // Combine with a call to our Management API, to trigger an email verification:

   // To avoid multiple email verification emails to be triggered in a short amount of time,
   // use user.app_metadata to store the last time you sent the email verification,
   // and don't automatically send a new one until a few minutes later

    return callback(new UnauthorizedError('Please verify your email before logging in.'));
  } else {
    return callback(null, user, context);

Would this work for you?


Hi Kim,

I tried to use the below code to resend email verification. But I am not sure what is happening, it sends 3 emails when user tries to login and the verification ticketId that gets created is different. All the mail reaches at the same time.

Can you please let me know how I can avoid it?

function (user, context, callback) {
	user.app_metadata = user.app_metadata || {};
	user.app_metadata.send_email_verification = false;
		if (!user.email_verified) {
		var ManagementClient = require(‘auth0@2.9.1’).ManagementClient;
		var management = new ManagementClient({
		token: auth0.accessToken,
		domain: auth0.domain
		var new_userobj = {user_id:user.user_id};
		if(!user.app_metadata.send_email_verification) {
		user.app_metadata.send_email_verification = true;
		return callback(new UnauthorizedError(‘Please verify your email before logging in.’));
		} else {
		return callback(null, user, context);

Thanks in advance


Hey there @gopika, I apologize for the delay in response. I wanted to reach out to see if you were still running into issues with the multiple emails sending upon login? I’d be happy to dig into this deeper with you if it’s still present. Thanks in advance!

closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.