Skip to main content
POST
/
:projectId
/
auth
/
verify-external-user
Verify External User
curl --request POST \
  --url https://api.replyke.com/api/v6/:projectId/auth/verify-external-user \
  --header 'Content-Type: application/json' \
  --data '{
  "userJwt": "<string>"
}'
{
  "success": true,
  "accessToken": "<string>",
  "refreshToken": "<string>",
  "user": {
    "id": "<string>",
    "email": "<string>",
    "username": "<string>",
    "name": "<string>",
    "avatar": "<string>",
    "bio": "<string>",
    "location": {
      "type": "<string>",
      "coordinates": [
        123
      ]
    },
    "birthdate": "<string>",
    "metadata": {},
    "suspensions": [
      {}
    ],
    "reputation": 123,
    "createdAt": "<string>",
    "updatedAt": "<string>"
  }
}
Verifies a user identity using a signed JWT from an external project. If the user exists, it updates the profile. If not, it creates the user. Returns an access token, refresh token, and user data.

Body Parameters

userJwt
string
required
Signed JWT issued by the external project containing user identity information

Response

success
boolean
Indicates whether the verification was successful
accessToken
string
JWT access token for authenticating API requests
refreshToken
string
JWT refresh token for obtaining new access tokens
user
User Object
The verified or newly created user object

Error Responses

{
  "error": "Missing userJwt",
  "code": "auth/missing-jwt"
}

{
  "error": "Missing JWT keys",
  "code": "auth/missing-keys"
}

{
  "error": "Invalid token",
  "code": "auth/invalid-token"
}

{
  "error": "Project ID mismatch",
  "code": "auth/project-mismatch"
}

{
  "error": "Unexpected error fetching user after login",
  "code": "auth/missing-user"
}

{
  "error": "Internal server error",
  "code": "auth/server-error",
  "details": "<Error message>"
}

Notes

  • The JWT is verified using the current or previous public key associated with the project.
  • On success, a secure HttpOnly cookie (replyke-refresh-jwt) is set.
  • The user is updated or created based on foreignId and optionally email.
  • Response includes tokens and user profile, including suspension info.
I