Verify Email Post
POST/api/v1/auth/verify-email
Verify email address (POST method with enhanced security).
Security features (Issue #67):
- Token stored as SHA256 hash (not plaintext)
- Token has configurable expiration (default 24h via settings.EMAIL_VERIFICATION_TTL_HOURS)
- Single-use: token cleared after successful verification
- Dual rate limiting: 20/hour per IP, 5/hour per token
Args: data.token: Verification token (plaintext, will be hashed for lookup)
Returns: 200: Success with verification status 400: Invalid, expired, or already used token 429: Rate limit exceeded
Request
Responses
- 200
- 400
- 429
OK
Bad Request
Too Many Requests