Simplify your stack and build anything. Or everything.
Schedule a Demo
USE CASES
Headless CMSEnterprise App BuilderHeadless E-CommerceDigital Asset Management
FEATURES
Multi-TenancyWhite LabelLocalizationAccess ControlAuth
CASE STUDIES

See what others are building with Payload.

Browse Case Studies
Build tomorrow’s web with a modern solution you truly own.
PAYLOAD IS FOR
DevelopersMarketing teamsEnterprise companiesAgencies & Consultancies
COMPARE PAYLOAD
Payload vs WordPressPayload vs ContentfulPayload vs SanityPayload vs StrapiPayload vs Directus
AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a PartnerFind a Partner
Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubReleasesBlog
Community
RoadmapDiscordCommunity Help
Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

LoginCloud Pricing
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOAI Auto-EmbeddingPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftASICSBlue OriginHello BelloTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case studyBrowse all
LoginGet Started

Authentication Emails

Authentication ties directly into the Email functionality that Payload provides. This allows you to send emails to users for verification, password resets, and more. While Payload provides default email templates for these actions, you can customize them to fit your brand.

Email Verification

Email Verification forces users to prove they have access to the email address they can authenticate. This will help to reduce spam accounts and ensure that users are who they say they are.

To enable Email Verification, use the auth.verify property on your Collection Config:

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
verify: true
7
},
8
}

The following options are available:

Option

Description

generateEmailHTML

Allows for overriding the HTML within emails that are sent to users indicating how to validate their account. More details.

generateEmailSubject

Allows for overriding the subject of the email that is sent to users indicating how to validate their account. More details.

generateEmailHTML

Function that accepts one argument, containing { req, token, user }, that allows for overriding the HTML within emails that are sent to users indicating how to validate their account. The function should return a string that supports HTML, which can optionally be a full HTML email.

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
verify: {
7
generateEmailHTML: ({ req, token, user }) => {
8
// Use the token provided to allow your user to verify their account
9
const url = `https://yourfrontend.com/verify?token=${token}`
10
11
return `Hey ${user.email}, verify your email by clicking here: ${url}`
12
},
13
},
14
},
15
}

generateEmailSubject

Similarly to the above generateEmailHTML, you can also customize the subject of the email. The function argument are the same but you can only return a string - not HTML.

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
verify: {
7
generateEmailSubject: ({ req, user }) => {
8
return `Hey ${user.email}, reset your password!`;
9
}
10
}
11
}
12
}

Forgot Password

You can customize how the Forgot Password workflow operates with the following options on the auth.forgotPassword property:

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
forgotPassword: {
7
// ...
8
},
9
},
10
}

The following options are available:

Option

Description

expiration

Configure how long password reset tokens remain valid, specified in milliseconds.

generateEmailHTML

Allows for overriding the HTML within emails that are sent to users attempting to reset their password. More details.

generateEmailSubject

Allows for overriding the subject of the email that is sent to users attempting to reset their password. More details.

generateEmailHTML

This function allows for overriding the HTML within emails that are sent to users attempting to reset their password. The function should return a string that supports HTML, which can be a full HTML email.

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
forgotPassword: {
7
generateEmailHTML: ({ req, token, user }) => {
8
// Use the token provided to allow your user to reset their password
9
const resetPasswordURL = `https://yourfrontend.com/reset-password?token=${token}`
10
11
return `
12
<!doctype html>
13
<html>
14
<body>
15
<h1>Here is my custom email template!</h1>
16
<p>Hello, ${user.email}!</p>
17
<p>Click below to reset your password.</p>
18
<p>
19
<a href="${resetPasswordURL}">${resetPasswordURL}</a>
20
</p>
21
</body>
22
</html>
23
`
24
},
25
},
26
},
27
}

The following arguments are passed to the generateEmailHTML function:

Argument

Description

req

The request object.

token

The token that is generated for the user to reset their password.

user

The user document that is attempting to reset their password.

generateEmailSubject

Similarly to the above generateEmailHTML, you can also customize the subject of the email. The function argument are the same but you can only return a string - not HTML.

1
import type { CollectionConfig } from 'payload'
2
3
export const Customers: CollectionConfig = {
4
// ...
5
auth: {
6
forgotPassword: {
7
generateEmailSubject: ({ req, user }) => {
8
return `Hey ${user.email}, reset your password!`;
9
}
10
}
11
}
12
}

The following arguments are passed to the generateEmailSubject function:

Argument

Description

req

The request object.

user

The user document that is attempting to reset their password.

Next

JWT Strategy