Is Verification Code Valid is used on the Kuika platform to check the validity of a verification code sent to a user. The accuracy of the code entered by the user and whether its validity period has expired can be verified. It plays a critical role in security processes such as two-factor authentication (2FA).

This action typically works in conjunction with the Send Verification Code action. Send Verification Code is used to send a verification code to the user via SMS, email, or a similar channel. After generating and sending a unique and time-limited verification code to the user, the user enters this code into the relevant field in the application.

Once the user enters the code, Is Verification Code Valid is triggered and performs the following checks:

Is the code correct?
Has the code expired?
Does the code belong to the relevant user?

Together, these two actions provide a secure verification process. First, the verification code is sent (Send Verification Code), then the code entered by the user is verified and the process is completed (Is Verification Code Valid). This structure is used as a basic component in applications that want to verify user identity and increase account security.

Technical Features

Verification Check: The code entered by the user is checked to see if it is valid.
Timeout Control: The validity period of the code is checked.
Security Compliant: Works in conjunction with processes such as 2FA, password reset, or registration verification.‍
Web and Mobile Compatibility: Can be used in web and mobile applications.

Is Verification Code Valid Action Application Steps

Log in to the Kuika platform.
Select the project you want to work on from the Apps screen.
Go to the UI Design module.
Open the Properties panel on the right side.

Select the relevant component (e.g. ‘Verify’ button).
+ ADD ACTION menu, add the Authorisation > Is Verification Code action according to the desired trigger event (Initial Actions, OnClick, OnBlur, etc.).
Define the following parameter:

Verification Code (String - Required): The verification code entered by the user. It is usually taken from an input field.
It is usually defined using data sources such as Action Result, Current, Form Component, Screen Input or Fixed, and can be linked via the Symbol Picker tool.

Sending the Verification Code (API or Backend)

How the verification code is sent:

The verification code is usually sent to the user via SMS or email beforehand.
This process is typically configured as a separate action that runs when the user clicks the ‘Send Code’ button.

Example scenario for sending the code:

Add an OnClick action to the ‘Send Code’ button.
This action allows you to send the verification code to the backend with a Service Call (e.g. POST /send-verification-code).
The user's phone number or email address is sent to the backend in the Request Body.
The backend generates and sends the verification code for this user.

After completing the configuration, click the SAVE button.

Use Case: Verifying a Code Sent by Email

A user wants to reset their password and is sent a verification code. When the user enters this code in the appropriate field and clicks the ‘Verify’ button, the system must check whether the code is valid.

Application Flow:

Element: Verify button
Trigger: OnClick
Action: Authorisation → Is Verification Code Valid
Parameter:
- Verification Code

Post-Action Usage:

If the code is valid, the user is redirected to the screen to set a new password (Navigate action).
If the code is invalid, an error message is displayed to the user with the Notify action.

Is Verification Code Valid Action Advanced Customisations

Conditional Redirection: The code verification result can be processed with an If Then Else structure to perform different actions based on valid/invalid codes.
Dynamic Code Source: The code can be verified by retrieving it from different sources (e.g. SMS, email, in-app message).
One-Time Codes: The code can be generated by the system to be valid only once.
Time Limit Warning: When the code expires, the user can be offered the option to request a new code.

Technical Risks and Controls

Code Format Check: The user accidentally entering spaces or invalid characters can cause errors. Pre-entry validation should be performed.
Timeout: The validity period of the code should be well defined in the system and communicated to the user.
Privacy: Codes should not be stored in plain text in the system and should be processed using secure algorithms.
Incorrect Code Attempts: After a certain number of incorrect entries, the user should be temporarily blocked.

The Is Verification Code Valid action enables users to securely verify their identities. It provides an effective verification step without compromising the user experience in scenarios requiring advanced security. It plays a critical role in password reset, two-factor authentication, and registration processes.