Set up email verification in Bubble by sending a confirmation email with a unique verification link after signup. When users click the link, a workflow marks their account as verified. Block unverified users from accessing protected pages by checking a 'is_verified' field. Include a resend verification option for users who miss the initial email.
Set Up Email Verification in Bubble
This tutorial shows you how to verify user email addresses after registration to prevent fake accounts and ensure valid contact information.
Prerequisites
- A Bubble account with user authentication configured
- Email sending capability (built-in or SendGrid)
- Basic understanding of workflows and URL parameters
Step-by-step guide
Add Verification Fields to User
Add Verification Fields to User
Add to User: 'is_verified' (yes/no, default no), 'verification_token' (text). The token is a unique string used in the verification link.
Expected result: User data type has verification tracking fields.
Generate Token and Send Verification Email
Generate Token and Send Verification Email
In the signup workflow, after creating the user: generate a random string (use 'Calculate a random string' or a backend workflow), save it as verification_token. Send email with link: https://yourapp.com/verify?token=[token]. The email body explains they need to click to verify.
Expected result: New users receive a verification email with a unique link.
Create the Verification Page
Create the Verification Page
Create a 'verify' page. On Page loaded, get URL parameter 'token'. Search for User where verification_token = token. If found: set is_verified = yes, clear token. Show success message. If not found: show error message.
Expected result: Clicking the verification link marks the user as verified.
Block Unverified Users
Block Unverified Users
On protected pages, add Page is loaded workflow: if Current User is logged in AND is_verified is no → redirect to 'please-verify' page. The please-verify page shows a message and a Resend Verification button.
Expected result: Unverified users cannot access protected pages.
Add Resend Verification
Add Resend Verification
On the please-verify page, add a 'Resend' button. Workflow: generate new token, save to Current User, send new verification email. Add a cooldown: disable button for 60 seconds after clicking to prevent spam.
Expected result: Users can request a new verification email.
Complete working example
1USER FIELDS:2- is_verified (yes/no, default: no)3- verification_token (text)45WORKFLOWS:61. After signup:7 → Generate random token (32 chars)8 → Save token to new User9 → Send email: "Click to verify: https://app.com/verify?token=[token]"10112. Verify page loaded:12 → Get URL param 'token'13 → Search for User (verification_token = token)14 → If found: Set is_verified = yes, clear token15 → Show success or error message16173. Protected page loaded:18 → If Current User's is_verified is no → redirect to please-verify19204. Resend clicked:21 → Generate new token → Save → Send email22 → Disable button for 60 secondsCommon mistakes when setting up user verification in Bubble
Why it's a problem: Not clearing the verification token after use
How to avoid: Set verification_token to empty after successful verification.
Why it's a problem: Not adding a resend option
How to avoid: Always provide a Resend Verification button on the please-verify page.
Why it's a problem: Blocking users immediately after signup without explanation
How to avoid: Show a clear 'Please check your email' page with instructions and a resend option.
Best practices
- Generate unique, random tokens for each verification link.
- Clear tokens after successful verification.
- Add a resend option with rate limiting (one per 60 seconds).
- Expire tokens after 24-48 hours for security.
- Show clear instructions on the verification pending page.
- Check verification status on all protected pages.
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I need email verification for my Bubble.io app. After signup, users should receive a verification email with a link. Unverified users should be blocked from the main app. How do I set up the token generation, email, verification page, and access control?
Add email verification to signup. Generate a token, send verification email with link, create a verify page that activates accounts, and block unverified users from protected pages.
Frequently asked questions
Does Bubble have built-in email verification?
Bubble has a basic 'Confirm email' feature, but it is limited. Building your own gives more control over the flow, email content, and user experience.
How do I prevent verification links from expiring?
Add a 'token_created_at' date field. On the verify page, check if the token is less than 24 hours old. If expired, show 'Link expired — request a new one'.
Can I use phone number verification instead?
Yes. Use Twilio via the API Connector to send SMS verification codes. Store and verify a 6-digit code instead of an email link.
Should I let unverified users access the app partially?
It depends on your app. Some apps allow read-only access for unverified users. Others block all access. Choose based on your user experience goals.
How do I verify users who signed up with social login?
Social login providers (Google, Facebook) typically verify email as part of their OAuth flow. Check the provider's response for email_verified status. For comprehensive verification systems, RapidDev can build multi-method verification.
What if verification emails go to spam?
Use a reputable email service (SendGrid, Mailgun), configure SPF/DKIM records for your domain, and keep email content simple with minimal HTML.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation