Way to find if user has confirmed email or not?

I would like to check if a user has confirmed their email when they log into my web app. Is this available through the REST API ? I couldn’t find anything under /user/custom or /user/profile. Thanks for your help!

Hey, you’re able to go into your DSP and click on the users tab, and I’ve attached a pic of what it should look like. If the confirmation field doesn’t show up, you must simply toggle which “fields” you would like to show. Let me know how it turns out!



[This image is no longer available]

Thanks @Mark for the quick reply. I would like to check using the REST API so I can redirect the user to the email confirmation page if they haven’t yet confirmed their email. Thanks!

Hey, sorry for delay here. Go into the Live API and do a GET on system/user.

This will display this confirmed field, in my case “confirmed” : “true”

Here is query using URL on localhost:



Thanks @Mark ! The only problem I’m running into now is I can’t login the user unless they are confirmed. Can I setup a role that can at least login even when not confirmed? I would still like to use the email service to confirm their email, but would like to let them login and confirm their email later. Thanks again!

Or can I customize the error that is returned when trying to login to an unconfirmed account? at the moment it just returns:
code: 400 context: null message: “Invalid user name and password combination.”

I was able to work around this using the GET /system/user and filtering the with the email, but would be nice to allow users to login with unconfirmed emails if possible. Thanks again!

You can do this by enabling guests users, though I am not sure this is truly what you want to do… They could sign up - and until they confirmed the email, would be given only permissions that you grant through the guest role. That could be the best choice…

Let me know your thoughts, thanks.


I do have a guest role setup for this app, but it still won’t let me login the user unless their email is confirmed. Is there a setting I need to change? Thanks again @Mark !

You should be able to go into the guest role tab (left side of admin console) and decide what type of permissions you’d like to give them. There are two types of access: Service and System. I would keep at the lowest level of permission for these users until you deem necessary to grant higher level permission (you’ll create a separate role for that).

In your scenario, I’d test out what you think is comfortable on a system access level for the user. GET permission is most likely the only type you’d want to grant initially. Then you can go into your DSP as a guest and see if that feels comfortable for you and your users.


  • Mark

Thanks for your help with this @Mark. I’m still having a little trouble here. I setup a guest user role and allowed guests on the admin side and then also created a role for unconfirmed users (users that have not confirmed their email). I gave both the guest users role and unconfirmed users role access to all services and system, however it is still not working.

When a user registers it sends a POST to /rest/user/register which correctly sends out the email confirmation, however if that user then tries to login (using a POST to /rest/user/session) it returns “Invalid user name and password combination.”

Can you take a look at my admin setup and see if I’m missing something here? Thanks so much for all your help!

I think I found the issue. When registering a user using the email confirmation method a user is created without any password set. The User then replies to the email to create their password. So sending the POST to /rest/user/register even with the password set doesn’t actually set the password, is there anyway to force the password to be set when using the email confirmation method?

What permissions are being given to the user upon registration?

  • Mark

After a user registers they are assigned to a role i created “vendorNonConfirmedUser” which I currently gave permission to all system and services. I also currently have guest users all permissions as well.

Gotcha. It seems like you may have implemented your own solution to this issue, but, just in case…is this how you want it setup, or do you want each user’s role to be consistent throughout?


  • Mark

hey @Mark , I do have a work around at the moment, but ideally what I would like to happened when I send a POST to /rest/user/register (with email and password) is that the password would be set AND the email confirmation will be sent out. If I use the email confirmation service then the password doesn’t get set when I send the POST to /rest/user/register. So I’m looking for a way to set the user’s password before they actually confirm their email.