Completes the user activation workflow. This will set the user's status to ACTIVE and also verifies the user's email address.

This API can be called in two distinct ways.

1. The first way is from a user activation email flow. With this approach, the emailAuthCode field must be provided in the request body.
2. The second way is from a user activation OTP email flow. With this approach, the requestCode and verificationCode fields must be provided in the request body.

After the user has been activated, the response will contain a redirectUrl field that should be redirected to in order to create an auth session for the user. Once the auth session has been created, Wristband will redirect back to your application's Login Endpoint, or to a custom URL if a custom redirect URL was defined in the workflow policy for the workflow that triggered the user activation flow. For example, if the activation email was sent as part of a signup flow and the Signup Workflow policy had a custom redirect URL defined, Wristband would redirect to that URL after creating the auth session.

Note: If MFA enrollment has been marked as required for the user's tenant, then a response with an MFA_ENROLLMENT_REQUIRED result will be returned instead of the USER_ACTIVATION_COMPLETE result. In this case, the user must complete the MFA Enrollment workflow before an auth session is created. This prevents the user from logging in to your application unless they first enroll in MFA. If the user does not complete MFA enrollment during the activation flow, they will be forced to enroll in MFA when they attempt to log in.

Required Permissions

Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.