Skip to main content

Email Validation Flow

Email validation is required before a user can fully log in. The flow consists of two steps:
1

Request Validation

Send a validation code to the user’s email address.
2

Validate Code

Submit the code received by email to complete validation and get the JWT token.

Request Email Validation

POST /user/email/validation/request

Sends a 6-digit validation code to the provided email address. This is used during initial account setup when email hasn’t been validated yet.
POST /user/email/validation/request
Authentication: None (uses hashUser for verification) Body Parameters
email
string
required
The email address to validate.
user
string
The Steam ID of the user. Defaults to the connected user if not provided.
hashUser
string
required
SHA-256 hash of the user’s Steam ID + login key. Obtained from the login error response with code 0x00000001.
Response 
{
  "status": "success",
  "data": "Email validation request created successfully"
}
Errors
StatusMessage
errorInvalid hashUser
errorEmail already validated
errorFailed to create email validation request! Need to wait 5 mins!
errorInvalid email format
errorEmail parameter is required
There is a 5-minute cooldown between validation requests.

Validate Email

POST /user/email/validation/validate

Validates the email using the code sent in the previous step. On success, returns the JWT token for authentication.
POST /user/email/validation/validate
Authentication: None (uses hashUser for verification) Body Parameters
code
string
required
The 6-digit validation code received by email. Can be a string or an array of individual digits.
user
string
The Steam ID of the user. Defaults to the connected user if not provided.
hashUser
string
required
SHA-256 hash of the user’s Steam ID + login key.
jwt
string
required
The encrypted JWT token received from the login response (code 0x00000001).
Response 
{
  "status": "success",
  "data": {
    "message": "Email validation success",
    "jwt": "eyJhbGciOiJI..."
  }
}
data.jwt
string
The decrypted JWT token to use for subsequent authenticated requests.

Email Change Flow

Changing an email requires 2FA to be enabled and follows a similar request/validate pattern.

Request Email Change

POST /user/email/change/request

Sends a validation code to the new email address. Requires 2FA authentication.
POST /user/email/change/request
Authentication: connected, 2fa Body Parameters
email
string
required
The new email address to change to.
Response 
{
  "status": "success",
  "data": "Email change request created successfully"
}
Errors
StatusMessage
errorInvalid email format
errorFailed to create email change request! Need to wait 5 mins!
errorEmail parameter is required
There is a 5-minute cooldown between email change requests.

Validate Email Change

POST /user/email/change/validate

Validates the email change request using the code sent to the new email.
POST /user/email/change/validate
Authentication: connected, 2fa Body Parameters
code
string
required
The 6-digit validation code received at the new email address. Can be a string or an array of individual digits.
Response 
{
  "status": "success",
  "data": "Email change validation success"
}
Errors
StatusMessage
errorCan’t validate email change
errorcode parameter is required