The ability to search grants for a user was a gap in our documentation. We have since released an update to showcase/describe the use case.

https://fusionauth.io/docs/v1/tech/apis/entity-management/grants/#search-for-grants

Your API endpoint call will look like below:

GET /api/entity/grant/search?userId={uuid}

Additional possible filtering functionality is documented in this feature request.

Yes. As of 1.27, you can use a verification strategy of FormField. This is configured on the tenant: https://fusionauth.io/docs/v1/tech/apis/tenants/

You then provide the one time code in the oneTimeCode request body parameter. More about this in the email verification docs: https://fusionauth.io/docs/v1/tech/apis/users/#verify-a-users-email

Note that this feature only works with email gating at the current time, which is a reactor feature requiring a paid license.

It's configurable. If you go to the tenant details page, then to the Advanced tab, you'll see the setting there; it's called Authorization Code. It's also documented in the tenant API, search for tenant.externalIdentifierConfiguration.authorizationGrantIdTimeToLiveInSeconds here: https://fusionauth.io/docs/v1/tech/apis/tenants

Looks like valid durations are between 1 and 600 seconds.