> ## Documentation Index > Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt > Use this file to discover all available pages before exploring further. # Verify email with code > Verify email address with a 6-digit code. Successfully verified users will receive a session token. Browser email clicks should use `GET /api/auth/email/verify-link`. `POST /api/auth/email/verify` is the JSON API for 6-digit code submission. ## OpenAPI ````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml post /api/auth/email/verify openapi: 3.0.3 info: title: Insforge Authentication API version: 2.0.0 description: Authentication endpoints with separated auth and profile tables servers: [] security: [] paths: /api/auth/email/verify: post: tags: - Client summary: Verify email with code description: > Verify email address with a 6-digit code. Successfully verified users will receive a session token. Browser email clicks should use `GET /api/auth/email/verify-link`. `POST /api/auth/email/verify` is the JSON API for 6-digit code submission. parameters: - name: client_type in: query schema: type: string enum: - web - mobile - desktop - server default: web description: > Client type determines how refresh tokens are returned: - web: Refresh token stored in httpOnly cookie, csrfToken returned in response - mobile/desktop/server: refreshToken returned directly in response body requestBody: required: true content: application/json: schema: type: object required: - email - otp properties: email: type: string format: email description: User email address example: user@example.com otp: type: string pattern: ^\d{6}$ description: 6-digit verification code example: '123456' responses: '200': description: Email verified successfully, session created content: application/json: schema: type: object properties: user: $ref: '#/components/schemas/UserResponse' accessToken: type: string description: JWT authentication token csrfToken: type: string nullable: true description: >- CSRF token for use with refresh endpoint (web clients only) refreshToken: type: string nullable: true description: >- Refresh token for mobile/desktop/server clients (null for web clients) '400': description: Invalid verification code or token '401': description: Verification code/token expired or invalid components: schemas: UserResponse: type: object properties: id: type: string format: uuid email: type: string format: email profile: type: object nullable: true additionalProperties: true description: User profile data (name, avatar_url, and custom fields) properties: name: type: string avatar_url: type: string format: uri metadata: type: object nullable: true additionalProperties: true description: System metadata (device ID, login IP, etc.) emailVerified: type: boolean providers: type: array items: type: string createdAt: type: string format: date-time updatedAt: type: string format: date-time ````