I'm using the API to create users through a registration form on my site, and it works really well. One problem though is that by using the API to create the client account, it auto-verifies their e-mail and they're able to send campaigns right away. I think this could easily be abused.
Is there no way to force the clients to have to verify their e-mail before they're able to use the account?
We don't have anything like this built into the application so it's something you'd have to script into the process on your end, I'm afraid.