diff --git a/src/authd.cr b/src/authd.cr
index e7badc1..8ef2116 100644
--- a/src/authd.cr
+++ b/src/authd.cr
@@ -70,10 +70,9 @@ class AuthD::Response
 	end
 
 	class UserValidated < Response
-		property uid    : Int32
-		property email  : String
+		property user   : ::AuthD::User::Public
 
-		initialize :uid, :email
+		initialize :user
 	end
 
 	class UsersList < Response
@@ -199,10 +198,10 @@ class AuthD::Request
 		# to validate users.
 		property shared_key        : String
 
-		property email             : String
+		property login             : String
 		property activation_key    : String
 
-		initialize :shared_key, :email, :activation_key
+		initialize :shared_key, :login, :activation_key
 	end
 
 	class GetUser < Request
@@ -382,7 +381,7 @@ module AuthD
 			phone : String?,
 			profile : JSON::Any?) : ::AuthD::User::Public | Exception
 
-			send Request::ValidateUser.new @key, login, password, email, phone, profile
+			send Request::AddUser.new @key, login, password, email, phone, profile
 
 			response = Response.from_ipc read
 
@@ -398,9 +397,11 @@ module AuthD
 			end
 		end
 
-		def validate_user(email : String, activation_key : String) : ::AuthD::User::Public | Exception
+		def validate_user(login : String, activation_key : String) : ::AuthD::User::Public | Exception
 
-			send Request::AddUser.new @key, email, activation_key
+			pp! login
+			pp! activation_key
+			send Request::ValidateUser.new @key, login, activation_key
 
 			response = Response.from_ipc read
 
diff --git a/src/main.cr b/src/main.cr
index aec7c9d..572fac0 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -82,6 +82,8 @@ class AuthD::Service
 			user.contact.email = request.email
 			user.contact.phone = request.phone unless request.phone.nil?
 
+			pp! user
+
 			request.profile.try do |profile|
 				user.profile = profile
 			end
@@ -89,6 +91,27 @@ class AuthD::Service
 			@users << user
 
 			Response::UserAdded.new user.to_public
+		when Request::ValidateUser
+			if request.shared_key != @jwt_key
+				return Response::Error.new "invalid authentication key"
+			end
+
+			user = @users_per_login.get? request.login
+
+			if user.nil?
+				return Response::Error.new "user not found"
+			end
+
+			# remove the user contact activation key: the email is validated
+			if user.contact.activation_key == request.activation_key
+				user.contact.activation_key = nil
+			else
+				return Response::Error.new "Wrong activation key"
+			end
+
+			@users_per_uid.update user.uid.to_s, user
+
+			Response::UserValidated.new user.to_public
 		when Request::GetUserByCredentials
 			user = @users_per_login.get? request.login
 
diff --git a/src/user.cr b/src/user.cr
index 9c48aa0..e05111b 100644
--- a/src/user.cr
+++ b/src/user.cr
@@ -1,5 +1,7 @@
 require "json"
 
+require "uuid"
+
 require "./token.cr"
 
 class AuthD::User
@@ -19,10 +21,13 @@ class AuthD::User
 	class Contact
 		include JSON::Serializable
 
-		property email     : String?
-		property phone     : String?
+		# the activation key is removed once the user is validated
+		property activation_key : String?
+		property email          : String?
+		property phone          : String?
 
 		def initialize(@email = nil, @phone = nil)
+			@activation_key = UUID.random.to_s
 		end
 	end