# Checking the email or phone before sending a verification code

You can call a function to check the entered email or phone before we send a verification code or magic link.

## Use case

* You only allow specific list of pre-screened phone numbers or emails
* You want to know if the user is already registered, and redirect them to a Login page instead
* You want to check if the email is from a certain domain

**Check out this** [**example code that only allows business email to login**](https://codesandbox.io/s/html-magic-link-restrict-email-ellxs?file=/index.html)**.**

## Implementation

```javascript
var cotter = new Cotter("<YOUR_API_KEY_ID>"); 

cotter
  .signInWithLink(myOnBeginFunction) // 👈 Pass in your function here
  .showEmailForm()
  .then(payload => {})
  .catch(payload => {});
```

### The `OnBegin` function specification

This function will be invoked before we send the verification code or magic link. You will receive the following payload as a parameter to your function

**Payload passed into your OnBegin function**

```javascript
var payload = {
  identifier: "+12345678910",
  identifier_type: "PHONE",
  device_type: "BROWSER",
  device_name: "Chrome ...",
  client_json: { // This is available if you set up AdditionalFields
    "name": "Hello World",
    "address": "Street Address"
  }
};
```

You can do a check against the `identifier` here before the form is submitted.

If you include `OnBegin` key, you have to either **return an error string**, or **return null** if you want to continue the authentication process:

**A. If you want to continue submission:**

```javascript
return null;
```

**B. If you want to stop submission with an error:**

```javascript
return "Your error message";
```

Example with sync function:

```javascript
 const myOnBeginFunction = payload => {
  if (payload.identifier != "+12345678910") {
    return "Phone Number is not allowed";
  }
  // No error, continue submission
  return null;
}
```

Example with async function:

```javascript
 const myOnBeginFunction = async (payload)=> {
    try {
     let allowed = await checkIfPhoneAllowed(payload.identifier);
     if (!allowed) {
       return "Phone Number is not allowed";
     }
    } catch (e) {
     return e.message; // Make sure this is a string!
    }
    // No error, continue submission
    return null;
}
```

### You should also check the email when Verifying the JWT Token

When a user logs in to Cotter, [the SDK generates an `access_token`](https://docs.cotter.app/getting-access-token/handling-authentication-with-cotter) that you can send to your backend API to authorize a request. This access token contains the user's email or phone number. **You should check if the email or phone number is allowed to log in in your backend server** [**when validating the JWT token**](https://docs.cotter.app/getting-access-token/verifying-jwt-tokens) **in addition to the OnBegin function.**