Email

The MyAccount Email API provides operations to enroll, update, and delete emails. The API also provides utilities to create, view, and answer verification challenges.

API versioning

A valid API version in the Accept header is required to access the API. Current version: 1.0.0

Accept: application/json; okta-version=1.0.0

List all Emails
OAuth 2.0:
  • okta.myAccount.email.read

Lists all of the current user's email information: a collection of links for each email that describe the acceptable operations

Responses
200

Example response

401

Unauthorized

406

Not Acceptable (missing header)

get/idp/myaccount/emails
Request samples 
Response samples 
application/json;okta-version=1.0.0
[]
Create an Email
OAuth 2.0: 
  • okta.myAccount.email.manage
Creates a primary or secondary email address for the user's account. The new email address has an UNVERIFIED status.


Request 
Request Body schema: application/json
New email


required
object
Defines the email address on the profile


 
email
required
string <email> 
 
sendEmail
boolean
 Default:  true
Specifies whether Okta or the application sends an email to the end user


 
state
string
Any application state that the client wishes to persist across the email challenge flow, and receive at the callback URL. Define the callback URL in the OIDC app configuration. This parameter proves to the client that the email link is verified.


 
role
string
 Enum: "PRIMARY" "SECONDARY"  
Responses 
201
Example response


400
Bad Request


401
Unauthorized


403
Forbidden


406
Not Acceptable (missing header)


409
Conflict


post/idp/myaccount/emails
Request samples 
application/json
{
  • "profile": {
    • "email": "saml.jackson@example.com"
    },
  • "sendEmail": true,
  • "role": "PRIMARY",
  • "state": "JPcFLTwOq7UvoFtmRd3EnyQwsR0PbDSI"
}
Response samples 
application/json;okta-version=1.0.0
{}
Retrieve an Email
OAuth 2.0: 
  • okta.myAccount.email.read
Retrieves the current user's email information by ID: a collection of links that describe the acceptable email operations


Request 
path Parameters
id
required
string
The email ID
Use GET /idp/myaccount/emails or POST /idp/myaccount/emails operations to obtain the email ID when adding a new email address.


 
 Example:  69dca29c2d8dbb0dca14395ccdb92317
Responses 
200
Example response


401
Unauthorized


406
Not Acceptable (missing header)


get/idp/myaccount/emails/{id}
Request samples 
Response samples 
application/json;okta-version=1.0.0
{}
Delete an Email
OAuth 2.0: 
  • okta.myAccount.email.manage
Deletes the current user's email information by ID. You can only delete unverified primary and secondary emails.


Request 
path Parameters
id
required
string
The email ID
Use GET /idp/myaccount/emails or POST /idp/myaccount/emails operations to obtain the email ID when adding a new email address.


 
 Example:  69dca29c2d8dbb0dca14395ccdb92317
Responses 
204
No Content


400
Bad Request


401
Unauthorized


404
Not Found


406
Not Acceptable (missing header)


delete/idp/myaccount/emails/{id}
Request samples 
Response samples 
application/json;okta-version=1.0.0
{
  • "errorCode": "E0000001",
  • "errorSummary": "Api validation failed: email",
  • "errorLink": "E0000001",
  • "errorId": "oaejUwz8U5FQ_SyggQwz1kC3w",
  • "errorCauses": [
    • {
      }
    ]
}
Send an Email Challenge
OAuth 2.0: 
  • okta.myAccount.email.manage
Sends a "Confirm email address change" email to the user with a one-time passcode for verification.
Also, the user receives a "Notice of pending email address change" email. After the challenge is verified, the email becomes active.


Request 
path Parameters
id
required
string
The email ID


Use the GET /idp/myaccount/emails or POST /idp/myaccount/emails operations when adding a new email address.


 
 Example:  00T196qTp3LIMZQ0L0g3
Request Body schema: application/json
state
required
string
(Optional) The state parameter that contains the state of the client


 
Responses 
201
Created


401
Unauthorized


403
Forbidden


404
Not Found


406
Not Acceptable (missing header)


post/idp/myaccount/emails/{id}/challenge
Request samples 
application/json
{
  • "state": "JPcFLTwOq7UvoFtmRd3EnyQwsR0PbDSI"
}
Response samples 
application/json;okta-version=1.0.0
{}
Verify an Email OTP
OAuth 2.0: 
  • okta.myAccount.email.manage
Verifies the email challenge with the code that the user receives from the "Confirm email address change" email. Once verified, the email is active.


Request 
path Parameters
id
required
string
The email ID
Use GET /idp/myaccount/emails or POST /idp/myaccount/emails operations to obtain the email ID when adding a new email address.


 
 Example:  00T196qTp3LIMZQ0L0g3
challengeId
required
string
The challengeId of the email
Use the POST /idp/myaccount/emails/{id}/challenge operation to obtain the challengeId when creating a new challenge.


 
 Example:  x1MDGzUb
Request Body schema: application/json
verificationCode
required
string <password> 
A six-digit verification code sent to the user in the "Confirm email address change" email


 
Responses 
200
OK


401
Unauthorized


403
Forbidden


404
Not Found


406
Not Acceptable (missing header)


post/idp/myaccount/emails/{id}/challenge/{challengeId}/verify
Request samples 
application/json
{
  • "verificationCode": "456058"
}
Response samples 
application/json;okta-version=1.0.0
{
  • "errorCode": "E0000015",
  • "errorSummary": "You do not have permission to access the feature you are requesting",
  • "errorLink": "E0000015",
  • "errorId": "oaeStOuPPxDRUm3PJhf-tL7bQ",
  • "errorCauses": [ ]
}