Set up email verification in Bubble by sending a confirmation email with a unique verification link after signup. When users click the link, a workflow marks their account as verified. Block unverified users from accessing protected pages by checking a 'is_verified' field. Include a resend verification option for users who miss the initial email.
| Fact | Value |
|---|---|
| Tool | Bubble |
| Difficulty | Beginner |
| Time required | 15-20 min |
| Compatibility | All Bubble plans |
| Last updated | March 2026 |
Set Up Email Verification in Bubble
This tutorial shows you how to verify user email addresses after registration to prevent fake accounts and ensure valid contact information.
Prerequisites
- A Bubble account with user authentication configured
- Email sending capability (built-in or SendGrid)
- Basic understanding of workflows and URL parameters
Step-by-step guide
Add Verification Fields to User
Add to User: 'is_verified' (yes/no, default no), 'verification_token' (text). The token is a unique string used in the verification link.
Expected result: User data type has verification tracking fields.
Generate Token and Send Verification Email
In the signup workflow, after creating the user: generate a random string (use 'Calculate a random string' or a backend workflow), save it as verification_token. Send email with link: https://yourapp.com/verify?token=[token]. The email body explains they need to click to verify.
Expected result: New users receive a verification email with a unique link.
Create the Verification Page
Create a 'verify' page. On Page loaded, get URL parameter 'token'. Search for User where verification_token = token. If found: set is_verified = yes, clear token. Show success message. If not found: show error message.
Expected result: Clicking the verification link marks the user as verified.
Block Unverified Users
On protected pages, add Page is loaded workflow: if Current User is logged in AND is_verified is no → redirect to 'please-verify' page. The please-verify page shows a message and a Resend Verification button.
Expected result: Unverified users cannot access protected pages.
Add Resend Verification
On the please-verify page, add a 'Resend' button. Workflow: generate new token, save to Current User, send new verification email. Add a cooldown: disable button for 60 seconds after clicking to prevent spam.
Expected result: Users can request a new verification email.
Complete working example
1USER FIELDS:2- is_verified (yes/no, default: no)3- verification_token (text)45WORKFLOWS:61. After signup:7 → Generate random token (32 chars)8 → Save token to new User9 → Send email: "Click to verify: https://app.com/verify?token=[token]"10112. Verify page loaded:12 → Get URL param 'token'13 → Search for User (verification_token = token)14 → If found: Set is_verified = yes, clear token15 → Show success or error message16173. Protected page loaded:18 → If Current User's is_verified is no → redirect to please-verify19204. Resend clicked:21 → Generate new token → Save → Send email22 → Disable button for 60 secondsCommon mistakes when setting up user verification in Bubble
Why it's a problem: Not clearing the verification token after use
How to avoid: Set verification_token to empty after successful verification.
Why it's a problem: Not adding a resend option
How to avoid: Always provide a Resend Verification button on the please-verify page.
Why it's a problem: Blocking users immediately after signup without explanation
How to avoid: Show a clear 'Please check your email' page with instructions and a resend option.
Best practices
- Generate unique, random tokens for each verification link.
- Clear tokens after successful verification.
- Add a resend option with rate limiting (one per 60 seconds).
- Expire tokens after 24-48 hours for security.
- Show clear instructions on the verification pending page.
- Check verification status on all protected pages.
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I need email verification for my Bubble.io app. After signup, users should receive a verification email with a link. Unverified users should be blocked from the main app. How do I set up the token generation, email, verification page, and access control?
Add email verification to signup. Generate a token, send verification email with link, create a verify page that activates accounts, and block unverified users from protected pages.
Frequently asked questions
Does Bubble have built-in email verification?
Bubble has a basic 'Confirm email' feature, but it is limited. Building your own gives more control over the flow, email content, and user experience.
How do I prevent verification links from expiring?
Add a 'token_created_at' date field. On the verify page, check if the token is less than 24 hours old. If expired, show 'Link expired — request a new one'.
Can I use phone number verification instead?
Yes. Use Twilio via the API Connector to send SMS verification codes. Store and verify a 6-digit code instead of an email link.
Should I let unverified users access the app partially?
It depends on your app. Some apps allow read-only access for unverified users. Others block all access. Choose based on your user experience goals.
How do I verify users who signed up with social login?
Social login providers (Google, Facebook) typically verify email as part of their OAuth flow. Check the provider's response for email_verified status. For comprehensive verification systems, RapidDev can build multi-method verification.
What if verification emails go to spam?
Use a reputable email service (SendGrid, Mailgun), configure SPF/DKIM records for your domain, and keep email content simple with minimal HTML.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation