Sends an out-of-band confirmation code for an account. Requests from a authenticated request can optionally return a link including the OOB code instead of sending it.
HTTP request
POST https://identitytoolkit.googleapis.com/v1/projects/{targetProjectId}/accounts:sendOobCode
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
targetProjectId |
The Project ID of the Identity Platform project which the account belongs to. To specify this field, it requires a Google OAuth 2.0 credential with proper permissions. Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "requestType": enum ( |
Fields | |
---|---|
requestType |
Required. The type of out-of-band (OOB) code to send. Depending on this value, other fields in this request will be required and/or have different meanings. There are 4 different OOB codes that can be sent: * PASSWORD_RESET * EMAIL_SIGNIN * VERIFY_EMAIL * VERIFY_AND_CHANGE_EMAIL |
email |
The account's email address to send the OOB code to, and generally the email address of the account that needs to be updated. Required for PASSWORD_RESET, EMAIL_SIGNIN, and VERIFY_EMAIL. Only required for VERIFY_AND_CHANGE_EMAIL requests when returnOobLink is set to true. In this case, it is the original email of the user. |
challenge |
|
captchaResp |
For a PASSWORD_RESET request, a reCaptcha response is required when the system detects possible abuse activity. In those cases, this is the response from the reCaptcha challenge used to verify the caller. |
userIp |
The IP address of the caller. Required only for PASSWORD_RESET requests. |
newEmail |
The email address the account is being updated to. Required only for VERIFY_AND_CHANGE_EMAIL requests. |
idToken |
An ID token for the account. It is required for VERIFY_AND_CHANGE_EMAIL and VERIFY_EMAIL requests unless returnOobLink is set to true. |
continueUrl |
The Url to continue after user clicks the link sent in email. This is the url that will allow the web widget to handle the OOB code. |
iOSBundleId |
If an associated iOS app can handle the OOB code, the iOS bundle id of this app. This will allow the correct app to open if it is already installed. |
iOSAppStoreId |
If an associated iOS app can handle the OOB code, the App Store id of this app. This will allow App Store to open to the correct app if the app is not yet installed. |
androidPackageName |
If an associated android app can handle the OOB code, the Android package name of the android app that will handle the callback when this OOB code is used. This will allow the correct app to open if it is already installed, or allow Google Play Store to open to the correct app if it is not yet installed. |
androidInstallApp |
If an associated android app can handle the OOB code, whether or not to install the android app on the device where the link is opened if the app is not already installed. |
androidMinimumVersion |
If an associated android app can handle the OOB code, the minimum version of the app. If the version on the device is lower than this version then the user is taken to Google Play Store to upgrade the app. |
canHandleCodeInApp |
When set to true, the OOB code link will be be sent as a Universal Link or an Android App Link and will be opened by the corresponding app if installed. If not set, or set to false, the OOB code will be sent to the web widget first and then on continue will redirect to the app if installed. |
tenantId |
The tenant ID of the Identity Platform tenant the account belongs to. |
dynamicLinkDomain |
In order to ensure that the url used can be easily opened up in iOS or android, we create a Firebase Dynamic Link. Most Identity Platform projects will only have one Dynamic Link domain enabled, and can leave this field blank. This field contains a specified Dynamic Link domain for projects that have multiple enabled. |
returnOobLink |
Whether the confirmation link containing the OOB code should be returned in the response (no email is sent). Used when a developer wants to construct the email template and send it on their own. By default this is false; to specify this field, and to set it to true, it requires a Google OAuth 2.0 credential with proper permissions |
clientType |
The client type: web, Android or iOS. Required when reCAPTCHA Enterprise protection is enabled. |
recaptchaVersion |
The reCAPTCHA version of the reCAPTCHA token in the captchaResponse. |
Response body
If successful, the response body contains an instance of GetOobCodeResponse
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.