Verify email via API. How can I replicate it like the auto-email triggered in the user registration form?

So I’ve noticed there’s 2 ways of verifying an email via API in Keycloak.

If you have enabled User Registration in the keycloak instance, this allows the user to sign up directly, a ‘Verify Email’ (out of the box title) with a magic link is automatically triggered that both verifies their email and automatically logs them. This is a great flow for a newly registered user.

However, I would prefer to disable the User Registration on the keycloak instance and use the admin API to manually create the user. This is all fine, however, I can’t replicate the initial ‘Verify Email’ action exactly. One option I can use is the /{realm}/users/{id}/execute-actions-email endpoint where I can invoke the “VERIFY_EMAIL” action. This triggers an “Update Your Account” (out of the box title again) where the user is taken to the keycloak instance, is required to click a link and is not automatically logged in. There’s an additional verify email endpoint /{realm}/users/{id}/send-verify-email which I was hoping would mimic the previous flow but it has the same bahavior as /execute-actions-email.

Is it possible to replicate former way of verifying the email via the Admin API? Both of these approaches do indeed verify the email but the first way is a much better experience for new users.

Your observation is correct. The one that’s available through the Admin API just calls through to the execute-actions-email logic. There is currently no way to replicate the other verify-email. If you want to write an extension to Keycloak, you could create your own REST resource that calls the same logic as the initial verify-email flow. If you want to go that route, there are several examples in the docs and on Github, and this forum is a good place to ask questions.

Thanks for this! I’ll do some digging into writing an extension.

[edit: just noticed there’s a Issue filed for this behavior I’m seeing. ]