# Welcome
The EmailVerify API ensures an email address exists and that the user you are interacting with is the owner of the email address.
We do this by sending them a 6 digit code which they then give back to you to verify that they have access to the email account.
### Uses
Email verification is an incredibly useful tool to help users avoid later frustration if they've incorrectly typed their email address and gives you peace of mind that the users signing up on your site are the owners of the addresses they're using.
* Verifying a user has typed their email correctly.
* Be sure a user owns the email address they're creating an account for.
* Ensuring an email exists before submitting a form.
* Prevent abusive use of others email addresses.
* As a 2FA challenge
### How does it work
#### 1. Send a verification code
Retrieve the email address from the user, then send them a verification email using the `/sendCode` endpoint:
## Send verification code
`POST` `https://ev.apis.paypi.dev/sendCode`
This request send's a code to the given email address, which should be returned to check it is correct.
All emails are sent from `emailverify@paypi.dev`
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | -------------------------------------------------- |
| Authorization\* | string | PayPI subscriber secret in `Bearer ` format |
#### Request Body
| Name | Type | Description |
| --------------------------------------- | ------ | -------------------------------------------------- |
| email\* | string | The email address to send the verification code to |
{% tabs %}
{% tab title="200: OK Success - Email sent" %}
```javascript
{
success: true,
message: "Verification email sent"
}
```
{% endtab %}
{% tab title="400: Bad Request Invalid or incorrectly formatted email given" %}
```javascript
{
success: false,
message:
"Unable to send email - please check the email address and try again"
}
```
{% endtab %}
{% tab title="401: Unauthorized Invalid API Key" %}
```javascript
{
success: false,
message: "Authorization header value invalid"
}
```
{% endtab %}
{% endtabs %}
#### 2. Check the verification code
The user should receive an email immediately with a 6 digit code, they should then give this code to you, and your backend can check it via the `/checkCode` endpoint:
## Check verification code
`POST` `https://ev.apis.paypi.dev/checkCode`
Checks the user's emailed code is valid.
If this returns `success=true`, you can safely assume the user you are interacting with is the owner of that email address.
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | -------------------------------------------------- |
| Authorization\* | string | PayPI subscriber secret in `Bearer ` format |
#### Request Body
| Name | Type | Description |
| --------------------------------------- | ------ | ------------------------------------------- |
| email\* | string | The email address to check the code against |
| code\* | string | The 6 digit code given by the user. |
{% tabs %}
{% tab title="200: OK Success - Code Correct" %}
```javascript
{
success: true,
message: "email successfully verified"
}
```
{% endtab %}
{% tab title="401: Unauthorized Invalid API Key" %}
```javascript
{
success: false,
message: "Authorization header value invalid",
}
```
{% endtab %}
{% tab title="200: OK Unable to verify email - Code incorrect" %}
```javascript
{
success: false,
message: "Given code is not valid"
}
```
{% endtab %}
{% tab title="403: Forbidden Tries Exceeded" %}
To prevent abuse and brute forcing, we limit the number of checkCode requests for each email address to 20.
This means if more than 20 requests are made you will have to send another code to your user, this will reset the limit.
```javascript
{
success: false,
message: "Number of tries exceeded, please request a new code"
}
```
{% endtab %}
{% endtabs %}
### [Subscribe to the API](https://app.paypi.dev/subscribe/c2VydmljZTo1OGQxZDNmMy05OWQ5LTQ3ZjYtOWJkNi02OWNkMTY1OGFmOWU=)