Strapi email confirmation validation API endpoint

I’m looking at the docs and I can’t find the endpoint for email validation.

"After having registered, if you have set Enable email confirmation to ON, the user will receive a confirmation link by email. The user has to click on it to validate his/her registration.
Example of the confirmation link: "

As I understand it this is the link the user will get in their email, but when they click it it only brings them to my front end … what is my front end app suppose to do with that confirmation key? What part of Strapi’s API endpoint should it submit to and it what format is required to officially ‘validate’ the email address on the back-end?


1 Like

Hi @Peter_Bernardin can you make a documentation bug report for this on our docs repo?

For anyone who stumbles across this the correct endpoint to use is.


Note that this will also try to redirect you so if you don’t have a valid redirection URL set you will get a 404 response.

Just starting out with Strapi. Glad to see an effort is being made to improve the documentation. It is definitely challenging to follow.

I spent lot of time with this issue. Docs are very hard

Is the link /api/auth/email-confirmation?confirmation=CODE
supposed to work out of the box???

or do we need to program to get the confirmation code query parameter and match it with the confirmation code of the user and then manually change the boolean of the ‘confirmed’ filed to true???

I thought Strapi would handle this but my link is not working…


i have this working, ie succesful redirect to the frontend after confirmation. However how then does my front end app access the user’s id for setting them as logged in and pulling their data?

1 Like

Same issue … I send them now to the login page after the token was successful validated. What the client expects is that the user is automatically logged in.

I created a custom end api endpoint in my FE that handles that … but as the Strapi “confirmation/token” endpoint just sends a redirect instead of a proper object with the user data I do not even know which user was validated. Is there a way to find out the user id by using the token ? Maybe via custom route?

A workaround could be that the custom link within the “email confirmation template” in the Strapi backend also uses the username or email in the link. Then my api could handle the rest.

But I think also that is not possible … at least I found no documentation on how to add custom fields to an email … nor does anybody in discord seems to know it.


it should give a jwt token before it redirects does it not? if it does you can use the token to get the information you need

If you look here in the Strapi controller method you can see that it just redirects under normal conditions: strapi/auth.js at 1ff71db3f66c425148c0c0d54953ca704c4f2470 · strapi/strapi · GitHub

What I’m wondering is how can we achieve the returnUser option to be taken and the JWT and user to be returned?!

1 Like

Good question ! Any answer to this ?

// src/extensions/users-permissions/strapi-server.ts

"use strict";

module.exports = (plugin) => {
  // extend confirmation controller to return user after confirmation
  const confirmation = plugin.controllers.auth.emailConfirmation;
  plugin.controllers.auth.emailConfirmation = async (ctx, next, returnUser) => {
    returnUser = true;
    await confirmation(ctx, next, returnUser);

  return plugin;