Search code examples

Laravel Email Verification 5.7 using REST API

How to remake Laravel 5.7 Email Verification for Rest API?

Or is it worth doing everything from scratch?


  • This case works for me. Full project code here.

    1) Redesigned VerificationController controller

    Removed redirects and made response()->json(...) responses.

    namespace App\Http\Controllers\API\Auth;
    use App\Http\Controllers\Controller;
    use Illuminate\Foundation\Auth\VerifiesEmails;
    use Illuminate\Http\Request;
    use Illuminate\Auth\Events\Verified;
    class VerificationController extends Controller
        use VerifiesEmails;
         * Show the email verification notice.
        public function show()
         * Mark the authenticated user's email address as verified.
         * @param  \Illuminate\Http\Request  $request
         * @return \Illuminate\Http\Response
        public function verify(Request $request)
            // ->route('id') gets route user id and getKey() gets current user id() 
            // do not forget that you must send Authorization header to get the user from the request
            if ($request->route('id') == $request->user()->getKey() &&
                $request->user()->markEmailAsVerified()) {
                event(new Verified($request->user()));
            return response()->json('Email verified!');
    //        return redirect($this->redirectPath());
         * Resend the email verification notification.
         * @param  \Illuminate\Http\Request  $request
         * @return \Illuminate\Http\Response
        public function resend(Request $request)
            if ($request->user()->hasVerifiedEmail()) {
                return response()->json('User already have verified email!', 422);
    //            return redirect($this->redirectPath());
            return response()->json('The notification has been resubmitted');
    //        return back()->with('resent', true);
         * Create a new controller instance.
         * @return void
        public function __construct()
            $this->middleware('throttle:6,1')->only('verify', 'resend');

    2) Added my Notification:

    I made it so that the link in the email message led to my frontend and contained a temporarySignedRoute link for the request.

    use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailBase;
    class VerifyEmail extends VerifyEmailBase
    //    use Queueable;
         * Get the verification URL for the given notifiable.
         * @param  mixed  $notifiable
         * @return string
        protected function verificationUrl($notifiable)
            $prefix = config('frontend.url') . config('frontend.email_verify_url');
            $temporarySignedURL = URL::temporarySignedRoute(
                'verification.verify', Carbon::now()->addMinutes(60), ['id' => $notifiable->getKey()]
            // I use urlencode to pass a link to my frontend.
            return $prefix . urlencode($temporarySignedURL);

    3) Added config frontend.php:

    return [
        'url' => env('FRONTEND_URL', 'http://localhost:8080'),
        // path to my frontend page with query param queryURL(temporarySignedRoute URL)
        'email_verify_url' => env('FRONTEND_EMAIL_VERIFY_URL', '/verify-email?queryURL='),

    4) Added to User model:

    use App\Notifications\VerifyEmail;


     * Send the email verification notification.
     * @return void
    public function sendEmailVerificationNotification()
        $this->notify(new VerifyEmail); // my notification

    5) Added routes

    The following routes are used in Laravel:

    // Email Verification Routes...
    Route::get('email/verify', 'Auth\VerificationController@show')->name('verification.notice');
    Route::get('email/verify/{id}', 'Auth\VerificationController@verify')->name('verification.verify');
    Route::get('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');

    They are added to the application if used Auth::routes();.

    As far as I understand the email/verify route and its method in the controller are not needed for Rest API.

    6) On my frontend page /verify-email(from frontend.php config) i make a request to the address contained in the parameter queryURL

    The received URL looks like this:


    My request(with Authorization header):

    await this.$get(queryURL) // typical get request

    The code perfectly verify the email and I can catch the error if it has already been verified. Also I can successfully resend the message to the email.

    Did I make a mistake somewhere? Also I will be grateful if you improve something.