[SOLVED] Password Recovery Emails Not Sending in Production (Works on Localhost) | Appwrite | Page 1

proven oasis Jan 7, 2025, 10:06 PM

#

Hey everyone! 👋

I'm currently facing an issue with the password recovery feature in my Appwrite-based application. I'm using Appwrite's built-in email solution to send password recovery emails, and everything works perfectly when I'm running the app on localhost. However, once I deploy the application to my live domain, the password recovery emails are not being sent.

Here's my current backend endpoint for initiating password recovery:
`.post(
"/forgot-password",
zValidator("json", z.object({ email: z.string().email() })),
async (c) => {
const { email } = c.req.valid("json");
const { account } = await createAdminClient();

    try {
        await account.createRecovery(
            email,
            `${APP_URL}/reset-password`
        );
        return c.json({ success: true });
    } catch (error) {
        console.error("Password recovery creation failed:", error);
        return c.json({ error: "Failed to initiate password recovery" }, 400);
    }
}

)`

When I input an email to recover the password on the live version, I see this error in the browser console:
POST https://my-app.com/api/auth/forgot-password 400 (Bad Request)

What I've Tried So Far:
The application works fine in localhost.
I've verified my domain by creating a CNAME record in my DNS for appwrite.my-app.com.
I've double-checked my API endpoint and Appwrite project configuration.
I've also added my production domain in Appwrite's Domain Whitelist.
Despite these steps, the recovery emails are still not being sent in production. I've been stuck on this for a while and can't figure out what I'm missing.

Does anyone have any ideas on why this might be happening or what else I should check?
Thanks in advance for your help!

tender crown Jan 7, 2025, 10:15 PM

#

Do you get an Appwrite error?

proven oasis Jan 7, 2025, 10:16 PM

#

I am new to appwrite and the interface, but cant see any errors.

tender crown Jan 7, 2025, 10:17 PM

#

What exactly do you see in your console? What is the error you get from that console.error?

#

From my understanding, I thought most anything to do with account must be done on an appwrite client that has a users session set on it? How is your adminClient initalized?

proven oasis Jan 7, 2025, 10:19 PM

#

I only get the POST error, and this is my createAdmin:
export async function createAdminClient() {
const client = new Client()
.setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT!)
.setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT!)
.setKey(process.env.NEXT_APPWRITE_KEY!);

    return {
        get account() {
            return new Account(client);
        },
        get users() {
            return new Users(client);
        }
    };

};

#

What’s confusing me is that everything works perfectly on localhost.

tender crown Jan 7, 2025, 10:21 PM

#

Can you not see server side logs from your production app? Are you using vercel, or similar?

proven oasis Jan 7, 2025, 10:24 PM

#

I’m currently deploying my application using Vercel, and this is the log output I’m seeing for the failed password recovery attempt:

Password recovery creation failed: AppwriteException: Invalid url param: URL host must be one of: localhost, cloud.appwrite.io, appwrite.io
at e.call (/var/task/.next/server/chunks/874.js:53:12477)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async q.createRecovery (/var/task/.next/server/chunks/874.js:53:18699)
at async /var/task/.next/server/app/api/[[...route]]/route.js:1:85132
at async i (/var/task/.next/server/app/api/[[...route]]/route.js:1:10867)
at async /var/task/.next/server/app/api/[[...route]]/route.js:1:25622
at async i (/var/task/.next/server/app/api/[[...route]]/route.js:1:10867)
at async /var/task/.next/server/app/api/[[...route]]/route.js:1:13864
at async /var/task/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:36957
at async eC.execute (/var/task/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:27552) {
code: 400,
type: 'general_argument_invalid',
response: {
message: 'Invalid url param: URL host must be one of: localhost, cloud.appwrite.io, appwrite.io',
code: 400,
type: 'general_argument_invalid',
version: '1.6.1'
}
}

#

writing this, i see that my url is not there

tender crown Jan 7, 2025, 10:25 PM

#

Did you add your production domain as a platform in the appwrite console?

proven oasis Jan 7, 2025, 10:28 PM

#

I have probably not done it right. 🙂 I've already added appwrite.my-app.com (with my real domain ofc.) and verified the CNAME record in my vercel DNS.

tender crown Jan 7, 2025, 10:29 PM

#

Can you send a screenshot of your platforms? Block out anything you don't want to share.

#

Like what I've got here

proven oasis Jan 7, 2025, 10:29 PM

#

yes, one sek

#

#

I'm not entirely sure which other images you're looking for besides thees ones.

tender crown Jan 7, 2025, 10:36 PM

#

Sure, I think I know the issue. On the overview page of your project, scroll towards the bottom. You should see a header for integrations and a pink button that says add platform. Click that button, then click web app, fill out this form putting the domain of your web application in. This should whitelist your domain.

#

I believe this is a security measure to prevent people from highjacking recovery tokens or something

#

It also is what prevents CORS errors if you didn't setup your own subdomain for appwrite

#

Please note that in order to avoid a Redirect Attack the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.

https://appwrite.io/docs/references/cloud/client-web/account#updateRecovery

proven oasis Jan 7, 2025, 10:40 PM

#

Tbh, i dont see the header "integrations" under overview.

#

it is in appwrite, right?

#

nvm, i found it

#

sorry

tender crown Jan 7, 2025, 10:41 PM

#

My bad, I think the UI changes when you add one

#

After you add a platform the UI for adding one changes lol, I was referencing that. Going to add this just incase someone else has the same issue and finds this support post.

proven oasis Jan 7, 2025, 10:44 PM

#

Thanks, you are a big help.

tender crown Jan 7, 2025, 10:44 PM

#

Did that work out for you?

proven oasis Jan 7, 2025, 10:45 PM

#

can i ask you to be sure, what should i put as Hostname and Name?

tender crown Jan 7, 2025, 10:46 PM

#

Name is purely vanity for you to know what it's for, for hostname you would put the domain of your app leaving out the http(s)://

So for example, if I have the website https://kennethbass.com, and want to add it I would put kennethbass.com in the hostname.

proven oasis Jan 7, 2025, 10:46 PM

#

should i use my base url ad the hostname or the appwrite CNAME i mead?

tender crown Jan 7, 2025, 10:47 PM

#

Or if I had a subdomain of https://cdn.kennethbass.com, I could do cdn.kennethbass.com or *.kennethbass.com. The wildcard allows any subdomain on my main domain to be whitelisted, this is fine if you own the domain, but if you're using something like vercel.app then you probably don't want to do that because you've now just whitelisted any vercel.app domain on your appwrite instance.

tender crown Jan 7, 2025, 10:47 PM

#

proven oasis should i use my base url ad the hostname or the appwrite CNAME i mead?

base url

proven oasis Jan 7, 2025, 10:48 PM

#

perfect! it works now

#

thank you so much

tender crown Jan 7, 2025, 10:49 PM

#

Awesome!

#[SOLVED] Password Recovery Emails Not Sending in Production (Works on Localhost)