How to merge user with two separate emails for login

If a user has signed up twice, with two separate email addresses, what is the appropriate way to allow them to merge their two accounts?

Let’s pretend the flow is something like:

  1. User requests to merge email1 account with email2 account
  2. We send an auth code to email2
  3. User provides us the auth code while logged in with email1, so we are certain they own email2
  4. ??

Hey Alan! In order to merge two Stytch Users, you’ll want to implement something like the following process:

  1. Decide which Stytch User you’d like to keep. For the sake of this example, let’s call it User 1.
  2. Delete the other Stytch User (User 2) via our Delete User endpoint. For security purposes, you may choose to ask the user to log into the account associated with User 2 and delete it themself (thus proving ownership of that account).
  3. Associate User 2’s email address with User 1 by including User 1’s user_id in a call to one of our /send endpoints (for example, the Send one-time passcode by email endpoint). As soon as the user successfully authenticates, User 2’s email address will be added to User 1. In practice, one way to accomplish this would be to have the user log into the account associated with User 1 and complete an “Add a new email address to my account” flow.

I’ll note that this covers the Stytch side of the account merge flow, but you may still need to implement some additional logic to merge any other account data that you have stored on your end.

Please let me know if you have any follow-up questions!