# Checking the email or phone before sending a verification code

You can call a function to check the entered email or phone before we send a verification code or magic link.

## Use case

* You only allow specific list of pre-screened phone numbers or emails
* You want to know if the user is already registered, and redirect them to a Login page instead
* You want to check if the email is from a certain domain

**Check out this** [**example code that only allows business email to login**](https://codesandbox.io/s/html-magic-link-restrict-email-ellxs?file=/index.html)**.**

## Implementation

```javascript
var cotter = new Cotter("<YOUR_API_KEY_ID>"); 

cotter
  .signInWithLink(myOnBeginFunction) // 👈 Pass in your function here
  .showEmailForm()
  .then(payload => {})
  .catch(payload => {});
```

### The `OnBegin` function specification

This function will be invoked before we send the verification code or magic link. You will receive the following payload as a parameter to your function

**Payload passed into your OnBegin function**

```javascript
var payload = {
  identifier: "+12345678910",
  identifier_type: "PHONE",
  device_type: "BROWSER",
  device_name: "Chrome ...",
  client_json: { // This is available if you set up AdditionalFields
    "name": "Hello World",
    "address": "Street Address"
  }
};
```

You can do a check against the `identifier` here before the form is submitted.

If you include `OnBegin` key, you have to either **return an error string**, or **return null** if you want to continue the authentication process:

**A. If you want to continue submission:**

```javascript
return null;
```

**B. If you want to stop submission with an error:**

```javascript
return "Your error message";
```

Example with sync function:

```javascript
 const myOnBeginFunction = payload => {
  if (payload.identifier != "+12345678910") {
    return "Phone Number is not allowed";
  }
  // No error, continue submission
  return null;
}
```

Example with async function:

```javascript
 const myOnBeginFunction = async (payload)=> {
    try {
     let allowed = await checkIfPhoneAllowed(payload.identifier);
     if (!allowed) {
       return "Phone Number is not allowed";
     }
    } catch (e) {
     return e.message; // Make sure this is a string!
    }
    // No error, continue submission
    return null;
}
```

### You should also check the email when Verifying the JWT Token

When a user logs in to Cotter, [the SDK generates an `access_token`](https://docs.cotter.app/getting-access-token/handling-authentication-with-cotter) that you can send to your backend API to authorize a request. This access token contains the user's email or phone number. **You should check if the email or phone number is allowed to log in in your backend server** [**when validating the JWT token**](https://docs.cotter.app/getting-access-token/verifying-jwt-tokens) **in addition to the OnBegin function.**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cotter.app/sdk-reference/web/web-sdk-verify-email-phone/checking-the-email-or-phone-before-sending-a-verification-code.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.