<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00008cfUoaSAEOkta Classic EngineLifecycle ManagementAnswered2026-04-01T09:00:20.000Z2020-05-28T20:07:44.000Z2020-06-04T02:53:25.000Z

DamandeepD.04133 (Nava Ventures Ltd.) asked a question.

May 28, 2020 at 8:07 PM
Email Verification REST API

Hi,

I am user Rest User API to manage my application's users. Here are the step I wanted to implement:

  1. Create the user with password. Link https://developer.okta.com/docs/reference/api/users/*create-user-with-password
  2. Send the activation link to the email used to create the user in Step 1. Link https://developer.okta.com/docs/reference/api/users/*create-user-with-password

Current Behaviour

Email did got sent out, but at this point the user is already activated even if user had not clicked the activation link.

Expected Behaviour

When the activation email is sent out the user needed to click on the link to activate the account.

 

I am not sure if I am missing a step of I am using wrong flow or something.

 

Thanks for the help in advance.

  • 4 answers
  • 4.2K views

  • k5fuw (k5fuw)

    When you create a user with a password, the account is activated immediately (it also behaves this way when you create an account in the console). There's even a warning on the developer site about not generating another activation token after creating a user with a password.

     

    In my opinion, you should use the Create User without Credentials method (https://developer.okta.com/docs/reference/api/users/#create-user-without-credentials), and then send an activation email to the user. That will prompt the user to click a link to activate their account, then Okta will guide them through setting their own password and whatever account recovery options you have enabled. This also eliminates the need for you to track and transmit any passwords, so the process is more secure.

     

    I hope that helps!

    Expand Post
    Selected as Best

  • DamandeepD.04133 (Nava Ventures Ltd.)

    Just to add onto this, the reason why I am asking this information is if the user specified invalid email(email that does not exist) and I made the activation call via Rest API, it will activate the user even if the email is not valid.

  • k5fuw (k5fuw)

    When you create a user with a password, the account is activated immediately (it also behaves this way when you create an account in the console). There's even a warning on the developer site about not generating another activation token after creating a user with a password.

     

    In my opinion, you should use the Create User without Credentials method (https://developer.okta.com/docs/reference/api/users/#create-user-without-credentials), and then send an activation email to the user. That will prompt the user to click a link to activate their account, then Okta will guide them through setting their own password and whatever account recovery options you have enabled. This also eliminates the need for you to track and transmit any passwords, so the process is more secure.

     

    I hope that helps!

    Expand Post
    Selected as Best

  • DamandeepD.04133 (Nava Ventures Ltd.)

    Hi Mike,

    Thanks for the suggestion. The approach you mentioned is exactly the one I was looking for.

    Daman

  • DamandeepD.04133 (Nava Ventures Ltd.)

    Hi Mike,

    I tried the solution you provided and it works as expected. I am working with React Native App using Rest API to:

    • Register a user without password as you mentioned.
    • Activating the user using lifecycle endpoint along with sending the email.

    But when the user clicks the email he/she is navigated to Okta hosted screen when they have to enter and confirm password. I was wondering if I could achieve that inside my react native app.

     

    Expected Behaviour:

    • User clicks the link in the email
    • Should be navigated to React Application hosted screen to set password
    • New information is send via Rest API to okta to update the password and user should be logged in.

     

    Please do let me know if I am on the right track and the expected behaviour is possible.

    Thanks.

     

    Daman

    Expand Post
This question is closed.
Loading
Email Verification REST API