# Activate user

Activate a non-activated user.

Include the userId and activationToken in the request body. If required by your environment's sign-in flow, also include the user's password and reCAPTCHA values.

You can generate an activation token using the route under Users → Generate Activation Token.

Alternatively, you can use the built-in email template for user activation.

Endpoint: POST /resources/users/v1/activate
Security: bearer

## Header parameters:

  - `frontegg-vendor-host` (string, required)

## Request fields (application/json):

  - `userId` (string, required)

  - `token` (string, required)

  - `password` (string)

  - `recaptchaToken` (string)

  - `lastTermsCheck` (string)

## Response 200 fields (application/json):

  - `tokenType` (string)

  - `otcToken` (string)

  - `mfaRequired` (boolean, required)

  - `mfaToken` (string)

  - `resetPasswordToken` (string)

  - `passwordExpiresIn` (number)

  - `notificationPeriod` (number)

  - `mfaEnrolled` (boolean)

  - `mfaDevices` (object)

  - `mfaDevices.webauthn` (array, required)

  - `mfaDevices.webauthn.id` (string, required)

  - `mfaDevices.webauthn.deviceType` (string, required)
    Enum: "Platform", "CrossPlatform"

  - `mfaDevices.webauthn.name` (string, required)

  - `mfaDevices.phones` (array, required)

  - `mfaDevices.phones.phoneNumber` (string, required)

  - `mfaDevices.authenticators` (array, required)

  - `mfaDevices.emails` (array, required)

  - `mfaDevices.emails.email` (string, required)

  - `mfaStrategies` (object)

  - `qrCode` (string)

  - `recoveryCode` (string)

  - `accessToken` (string, required)

  - `refreshToken` (string, required)

  - `expiresIn` (number, required)

  - `expires` (string, required)

  - `userId` (string)

  - `userEmail` (string)

  - `emailVerified` (boolean)

  - `isBreachedPassword` (boolean)