Wix-members-backend generates spurious emails

Question:
How can we prevent automated emails from being sent upon automated new user registration/approval using wix-members-backend API code?

Product:
Velo

What are you trying to achieve:
We have a registration/approval flow completely handled by backend code, which is called by our mobile app. This is done within http-functions.js similarly to how the Velo API documentation shows, by first using:

	results = await authentication.register(memberEmail, password, {
		"contactInfo": {
		[FIRSTNAME_FIELD]: firstName,
		[LASTNAME_FIELD]: lastName}
	});

Then sending a triggered email to this user with an authentication code for them to input into the mobile app registration flow:

	await triggeredEmails.emailMember('verifyAppRegistration', userid, {
		"variables": {
			"subscriberFirstName": firstName,
			"verificationCode": generatedCode,
			"expirationDate" : expirationDateString
		}

	});

and then a function called from the mobile app once they enter the generated code sent to their email to approve their registration:

await authentication.approveByToken(approvalToken);

All this works fine. However, we notice that upon registering the new member with the authentication.register() API, the admin account on our site receives TWO emails, the subject line of which is “You Have a New Site Member Request”.

Further, when the user successfully is approved via authentication.approveByToken(), they get an automated email, the subject line of which reads “ approved your membership request”.

As this is a completely automated flow, we don’t need the email sent to the Admin account (and I certainly don’t need TWO emails sent), and we also don’t want the newly approved user to receive this automated email.

Can these be turned off?

What have you already tried:
I have these settings in the Signup and Login Security section of the site:

Screenshot 2024-05-22 at 6.25.56 AM1295×711 47.7 KB

I noticed this documentation:

Screenshot 2024-05-22 at 6.28.59 AM759×505 63.5 KB

This might make sense for a registration flow that is from the website, but in our case our website is purely marketing materials - there is no “log in” even available. All login and member activity is done through the mobile app.

So when a user receives an email with a “login button” it is confusing to them.

Additional information:
[Include any other pertinent details or information that might be helpful for people to know when trying to answer your question.]

If your entire registration process is handled via backend code then turn off “people i manually approve” and both emails will stop.

Also remove any registration window from the live site and/or native login bar, etc. Make sure only your custom coded solution can ever be triggered by removing other entry points from the website.

Hi - thanks for your response.

Not sure I quite understand your suggestion though - when you say I should “turn off ‘people i manually approve’” do you mean to change the ‘Who can be a site member?’ radio button to the “Everyone who signs up” setting in the graphic I posted above?

If I do this, then the backend approveByToken() api won’t work - the member has to be in a ‘pending’ state for this API to work, which I believe is only triggered by the ‘manually approve’ setting.

I actually DON’T want people to be automatically signed up simply by going through the register() API, I want a two-factor authentication flow to occur. Here is what we are doing now:

1. Mobile app sends name/email to the backend, which causes the authentication.register() API to fire. This creates a Contact entry as well as a Member entry in Wix, with the Member status set to ‘Pending’.

2. Assuming the backend registration completes without error, the mobile app receives back from the backend call to register the associated authentication token which it temporarily stores. Separately, the backend uses the Wix triggered email feature to send an email with an auto-generated 6-digit code to the email address that was passed in from the mobile app during the registration flow.

3. User receives the email and inputs this 6-digit code in the mobile app and taps a ‘finalize registration’ button which calls a different backend function passing the registration token previously saved by the mobile app, and the backend function then executes the authentication.approveByToken() API passing this registration token.

4. Upon successful completion of the approval API, the member’s status is changed from ‘pending’ to ‘live’.

This all works great, except for the emails generated.

Is there a better way to implement a backend two-factor authentication flow than what we came up with?

Thanks!

Ahhh, I did not know the token API would stop working if that setting was turned off. Makes no sense. We should be able to trigger any API via code as needed.

With the registration API you can set the user status to Pending.

You don’t need to use the token system Wix provides for your authentication process. You can easily create a Triggered Email with your own “token” and write your own code to “authenticate “ whatever variable you sent to the user via email, etc.

Your idea sounds promising, but I don’t see a “register API” in the wix-members-backend package (which is what I’m using now as my entire flow is handled in http-functions.js) that will allow me to adjust status from pending to live.

The authentication API within the wix-members-backend package is the API I’m using that has the register() function.

I don’t see any backend API that allows me to change the user status directly. The only flow I found was to use register(), save the token it returns when my site settings are set to ‘manually approve’ a new user, then use approveByToken() later once my two-factor authentication flow is complete.

If my site settings are set to “approve everyone who signs up” instead of “only people I manually approve”, then as soon as register() is called in the back-end the member is automatically set to “live”.

What am I missing?

Thanks!