PUT /session/token?pkat={pkat}
Content
Overview
This API consumes a PKAT associated to an existing ULM Action Tokens, and then resends that same existing token to the user's designated contact channel (email or mobile).
This API is particularly useful in situations where an anonymous user does not receive an expected verification email or SMS, or they accidentally deleted that message and need to request a quick resend. As a best practice, you'll want to make this option available on your UI at the end of a given flow where you instruct the user to "Check your email," or "Check you SMS."
API URLs
- PUT {url}/session/token?pkat={pkat}
| Parameter | Description |
|---|---|
| pkat | Proof Key for Action Token. This item is sent to the UI at the end of any Process that results in an action token being issued and sent to a user's specified contact channel. The PKAT is required for OTP verification, and this requirement helps to prevent brute force attacks against short-form OTP verification. |
Note: This API is functionally similar to the Resend Verification Message Process. However, there are a few key differences:
- The Resend Process issues a new action token and sends it to the user. Conversely, this API simply resends the existing token.
- The Resend Process is invoked from an authenticated state (the user is signed in). Conversely, this API can be invoked anonymously or from an authenticated state.
- The Resend Process is invoked by the POST /process/start/{processName}.
Revision History
| Version | Description |
|---|---|
| 2020.09 | Added this topic. |