eldadfux · May 12, 2025 17:09 · Mar 29, 2021 · Mar 29, 2021
diff --git a/README.md b/README.md
@@ -1,18 +1,20 @@
 # Appwrite's Email Verification
 
-The Appwrite email verification process help you verify your project user really own the email address he has signed up with. Using the email verification process your user will be able to update his [user object](https://appwrite.io/docs/models/user) `emailVerification` attribute to `true`.
+The Appwrite email verification process helps you verify your project user really owns the email address he has signed up with. The email verification process allows your user to update his [user object](https://appwrite.io/docs/models/user) `emailVerification` attribute to `true`.
 
-The email verification process is consisted of 2 parts:
+The email verification process consists of 2 parts:
 1. Sending the confirmation email
 2. Confirming the verification process
 
-> By default, unverfied users are not restricted in any special way. Its app to you and your app logic to decide how this users are treated. You can propmpt them with a verification message or limit thier access to your application.
+> By default, unverified users are not restricted in any special way. It's up to you and your app logic to decide how these users are treated. You can prompt them with a verification message or limit their access to your application.
 
-> From v0.9, You'll also be able to deny unverified users from access to your project resources (documents, files, functions, and more) by using the `user:[USER_ID]/verified` permission role which is only available to verified users.
+Future possibilities:
 
-## Sending the Confitmation Email
+> From v0.9, You'll also be able to deny unverified users access to your project resources (documents, files, functions, and more) by using the `user:[USER_ID]/verified` permission role, which is only available to verified users.
 
-To start the process, you have to trigger the [accountCreateVerification](https://appwrite.io/docs/client/account?sdk=web#accountCreateVerification) method from your relevant client SDK.
+## Sending the Confirmation Email
+
+To start the process, you have to trigger the [accountCreateVerification](https://appwrite.io/docs/client/account?sdk=web#accountCreateVerification) method from your relevant client SDK. Note that this method is only available for logged-in users. Your user needs to have a valid session to trigger this API call.
 
 **Web**:
 
@@ -24,7 +26,7 @@ sdk
     .setProject('5df5acd0d48c2') // Your project ID
 ;
 
-let promise = sdk.account.createVerification('https://example.com/callback');
+let promise = sdk.account.createVerification('https://example.com/callback-page');
 
 promise.then(function (response) {
     console.log(response); // Success
@@ -35,7 +37,7 @@ promise.then(function (response) {
 
 **Flutter**:
 
-```js
+```dart
 import 'package:appwrite/appwrite.dart';
 
 void main() { // Init SDK
@@ -47,7 +49,7 @@ void main() { // Init SDK
     .setProject('5df5acd0d48c2') // Your project ID
   ;
   Future result = account.createVerification(
-    url: 'https://example.com',
+    url: 'https://example.com/callback-page',
   );
 
   result
@@ -57,4 +59,64 @@ void main() { // Init SDK
       print(error.response);
   });
 }
-```
+```
+
+The `createVerification` method accepts one parameter, which is the callback URL. The Appwrite backend will use this URL to redirect your user back to your app for completing the verification process after the user has clicked the verification email in his inbox.
+
+The callback URL will be opened for your users with Appwrite attached parameters as query strings. For example, if you used `https://example.com/callback-page` as the callback page, your user will open a link similar to: `https://example.com/callback-page?userId=xxx&secret=yyy`. You could use your callback page to complete the verification process or redirect back to your mobile app.
+
+## Confirming the Verification Process
+
+Once your user is back in your website or app, you can use both the `userId` and `secret` params provided as part of the callback URL to complete the verification using the `updateVerification` method. Note that this method is only available for logged-in users. Your user needs to have a valid session to trigger this API call.
+
+**Web**:
+
+```js
+let sdk = new Appwrite();
+
+sdk
+    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
+    .setProject('5df5acd0d48c2') // Your project ID
+;
+
+let promise = sdk.account.updateVerification('[USER_ID]', '[SECRET]');
+
+promise.then(function (response) {
+    console.log(response); // Success
+}, function (error) {
+    console.log(error); // Failure
+});
+```
+
+**Flutter**:
+
+```dart
+import 'package:appwrite/appwrite.dart';
+
+void main() { // Init SDK
+  Client client = Client();
+  Account account = Account(client);
+
+  client
+    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
+    .setProject('5df5acd0d48c2') // Your project ID
+  ;
+  Future result = account.updateVerification(
+    userId: '[USER_ID]',
+    secret: '[SECRET]',
+  );
+
+  result
+    .then((response) {
+      print(response);
+    }).catchError((error) {
+      print(error.response);
+  });
+}
+```
+
+> Note: for security reasons, the secret token provided to the user by email is valid for seven days.
+
+## Abuse Control
+
+Both the verification endpoints are limited to 10 requests every 60 minutes per user account. We use rate limits to avoid service abuse by users and as a security practice. You can learn more about Appwrite [rate limiting](https://appwrite.io/docs/rate-limits).
diff --git a/README.md b/README.md
@@ -0,0 +1,60 @@
+# Appwrite's Email Verification
+
+The Appwrite email verification process help you verify your project user really own the email address he has signed up with. Using the email verification process your user will be able to update his [user object](https://appwrite.io/docs/models/user) `emailVerification` attribute to `true`.
+
+The email verification process is consisted of 2 parts:
+1. Sending the confirmation email
+2. Confirming the verification process
+
+> By default, unverfied users are not restricted in any special way. Its app to you and your app logic to decide how this users are treated. You can propmpt them with a verification message or limit thier access to your application.
+
+> From v0.9, You'll also be able to deny unverified users from access to your project resources (documents, files, functions, and more) by using the `user:[USER_ID]/verified` permission role which is only available to verified users.
+
+## Sending the Confitmation Email
+
+To start the process, you have to trigger the [accountCreateVerification](https://appwrite.io/docs/client/account?sdk=web#accountCreateVerification) method from your relevant client SDK.
+
+**Web**:
+
+```js
+let sdk = new Appwrite();
+
+sdk
+    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
+    .setProject('5df5acd0d48c2') // Your project ID
+;
+
+let promise = sdk.account.createVerification('https://example.com/callback');
+
+promise.then(function (response) {
+    console.log(response); // Success
+}, function (error) {
+    console.log(error); // Failure
+});
+```
+
+**Flutter**:
+
+```js
+import 'package:appwrite/appwrite.dart';
+
+void main() { // Init SDK
+  Client client = Client();
+  Account account = Account(client);
+
+  client
+    .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint
+    .setProject('5df5acd0d48c2') // Your project ID
+  ;
+  Future result = account.createVerification(
+    url: 'https://example.com',
+  );
+
+  result
+    .then((response) {
+      print(response);
+    }).catchError((error) {
+      print(error.response);
+  });
+}
+```
No results found