Resend Verification

POST /auth/resend-verification

Invalidate old verification tokens and email a fresh one (SCRIFT-79).

The caller authenticates with the same email + password used at registration. On success:

Every outstanding verification token for the user is deleted - an older leaked link cannot be used after this call.
A new 24h token is minted and emailed.
Returns 202 {"message": "Verification email resent."}.

Rate limit (SCRIFT-79 flag C): 3/hour keyed by client IP. slowapi key_func runs before the request body is parsed, so per-email keying is not wireable at this layer; IP matches the existing /auth/refresh precedent in this file. Rejection returns HTTP 429 via the slowapi handler registered in main.py.

Errors:

401 invalid_credentials - wrong email or password
409 already_verified - account is already verified

Request

Responses

Successful Response

Resend Verification

/auth/resend-verification

Request​

Responses​

Request

Responses