Zul Ikram Musaddik Rayat

Posted on Sep 21, 2025

Email Verification with Better-Auth (Basics Tutorial, Ep. 2)

#webdev #programming #nextjs #javascript

Welcome back to the Better-Auth Basics series! 🚀

In Episode 1, we set up Better-Auth with Drizzle ORM and implemented sign-up and login functionality. It worked great… but there’s a big flaw:

👉 Anyone can sign up with any random email — even one they don’t own.

That’s obviously not safe for production. So in this post, we’ll fix that by adding Email Verification with Better-Auth.

❌ The Problem Without Verification

Right now, a user can type any email address on the registration page, and the server will happily accept it.

That means fake accounts, spam signups, and security risks. We need a way to make sure the person actually owns the email they’re registering with.

✅ Email Verification with Better-Auth

The good news? Better-Auth already has email verification built in for email/password authentication. We just need to configure it. Let’s go step by step.

🛠 Step 1: Configure an Email Provider

For sending verification emails, I used Resend.

Create a Resend account
Add your custom domain
Generate an API key
Save it in your .env file:

RESEND_API_KEY=your-api-key

🛠 Step 2: Create Email Templates

Inside Resend, configure simple templates for your verification emails.
This is the message your users will see in their inbox with the verification link.

🛠 Step 3: Enable Email Verification in Better-Auth

In your Better-Auth configuration, enable the verification features:

import { betterAuth } from "better-auth/server";
import { schema } from "../db/schema";

export const auth = betterAuth({
  schema,
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: true,
  },
  emailVerification: {
    sendOnSignUp: true,
    autoSignInAfterVerification: true,
    async sendVerificationEmail({ user, url, token }, request) {
      await sendVerificationEmail({ email: user.email, url, token });
    },
  },
});

🛠 Step 4: Send Verification Email on Sign Up

Better-Auth will now automatically send a verification email when a new user registers.

After sign-up, redirect the user to a verify page in your app.
Tell them to check their inbox for the verification link.

// app/verify/page.tsx
export default function VerifyPage() {
  return (
    <div>
      <h1>Verify Your Email</h1>
      <p>
        We’ve sent you a link. Please check your inbox and click it to activate your account.
      </p>
    </div>
  );
}

🛠 Step 5: Testing the Flow

Register with a real email address
Check your inbox → you’ll see the verification email
Click the link → the server validates it
You’re automatically signed in and redirected to the homepage 🎉

Here’s what the successful response looks like:

{
  "status": 200,
  "message": "Email verified and user signed in"
}

🎉 And That’s It!

With just a few lines of configuration, we added secure email verification to our Better-Auth setup.

Now:

Users must prove they own their email
Fake signups are blocked
Onboarding is safer and more production-ready

📌 What’s Next?

This was Episode 2 of Better-Auth Basics.
In future episodes, we’ll cover:

👥 Role-based authentication
⚡ Rate limiting
🛡 Middleware for protecting routes Stay tuned — we’re just getting started.

🔗 Stay Connected

📽️ Youtube: code_unhinged
🐦 Twitter (X): zul_rayat
💻 GitHub: devrayat000
💼 LinkedIn: zim-rayat
📷 Instagram: rayatttttttt
📘 Facebook: rayat.ass

💬 Got questions? Drop them in the comments — I reply to every one!
👍 Don’t forget to like, share, and subscribe for more dev content.

DEV Community