I am trying to create a system in which only users with a valid token can register. You can think of the token as a string that lets the user enroll in my system.
The token should cover
Status: (pending, verified, suspended)
2nd expiration date.
5. User (user who used the token for registration)
6.Token Type: Email Registration, Coupon, etc.
The token should really be random and not derived from related information.
Ideally, the token is base62 encoded (A-Z a-z 0-9) to avoid problems with the URL.
Save only one hash of the token in the database. Otherwise, an attacker with read access to the database can register an account.
I just need more ideas on this topic and 1 table named "token" should be enough. This validation is hosted as an API.