Everyone does it, so shall we... The given email address should be validated during the registration process. I propose the following flow:
The user fills out the registration form and submits it. -> POST /account/register
The system validates the input, create a deactivated account, and sends a welcome and validation email to the given email address containing a link to the following page: https://{host}/validate-email?key={key}.
When the user navigates to the link, the website will send a request to the following API: POST /account/validate-email providing the key in the request body.
Everyone does it, so shall we... The given email address should be validated during the registration process. I propose the following flow:
POST /account/register
https://{host}/validate-email?key={key}
.POST /account/validate-email
providing the key in the request body.