Splync v1.1 Is Released with Email Verification

When you sign up for Splync, you are asked to enter your email address and password. As I introduced in previous articles, Splync v1.0 already included basic security measures. Your data transfer was protected by HTTPS. Our server was secured with SSH so that no one except the developer could access it. Your password was never stored in plain text but was hashed in the database so that no one could decode it. However, the secret of v1.0 was that it had no email verification in the account creation process. Splync, as an MVP (Minimum Viable Product), was released without this feature because the app was still at a stage where only my friends knew about its existence. In v1.0, the app simply checked if the entered email contained an “@” between strings of letters and whether it was unique among existing accounts.

If an app allows users to create an account without verifying their identity, it’s easy to imagine someone using another person’s email address to create their own account. That’s exactly what could happen. While this doesn’t mean your data would be leaked, it does mean you wouldn’t be able to register with your own email address if it had already been used. Additionally, someone could create an account using a completely fictional email address. This might not seem serious at first, but it would become a disaster once the developer tries to charge or contact that user later. I wouldn’t even know who that person really is! So, email verification was the next step for Splync.

In Splync v1.1, when a new user signs up, the app automatically sends an email to the address they entered. This email contains a unique, auto-generated verification link. By clicking that link, the user confirms they truly have access to that email account. Once verified, the server activates the user’s account and stores it in the database as a valid, authenticated user. Sounds familiar, doesn't it? This process ensures that every account in Splync belongs to a real, reachable person — a small but vital step toward building a trustworthy community. Let’s take a closer look at how this flow is implemented from the technical perspective.

Splync’s backend uses Python/FastAPI, and the mobile app is built with SwiftUI. The app handles only the user interface, while the verification logic and sensitive credentials remain safely on the server. In v1.1, we added a standard email verification step between “unverified user” and “verified user.” When a new user signs up, the app sends the entered data to the server. The server has a database of MariaDB. It stores the user as unverified to the database. The password is hashed and saved, but the account is not yet active. At that moment, the server also generates a unique verification token with an expiration time. Next, using an SMTP (Simple Mail Transfer Protocol) server, the server sends a verification email containing a secure, one-time link. When the user opens the link, the server checks that the token is valid and unexpired. Once verified, the account becomes active, and the user can sign in normally from the app. This keeps authentication secure and lightweight.

If these sound like a secret code, don’t worry — they’re just the tools that make the system work together. Think of Splync’s sign-up flow like a customer support center verifying someone’s identity. “May I have your name and email address?” asks SwiftUI, the friendly operator at the front desk. You tell her your details, and she says, “Could you please hold for a moment?” She immediately forwards them to FastAPI, the office’s internal phone system. FastAPI connects her to Python, the back-office specialist in charge of verification. Python checks with MariaDB, the customer database, to record your information safely — marking your status as “unverified.” Then Python asks SMTP, the external messenger, to send you a confirmation email with a secure link. When you click the link, Python verifies that it’s valid and updates your record in MariaDB to “verified.” Finally, FastAPI lets the operator know that your identity has been confirmed, and your account is now active. Together, these parts make Splync’s verification process both human-like and secure.

Email verification might seem like a small feature, but it changes everything about trust. It marks the moment when Splync evolves from a personal project among friends into a public app where anyone can join with confidence. Sending a verification link via SMTP even feels like Splync’s first handshake with a new user. Behind the scenes, this feature lays the groundwork for future improvements — password resets, multi-factor authentication, and account recovery. Every layer of security builds on the one before it. With email verification, Splync v1.1 takes a meaningful step forward — making shared expense management not only convenient, but truly dependable.