在AWS Cognito中，API用户必须经过确认过程才能访问受保护的资源。下面是一个基本的确认过程示例，步骤如下：

1. 创建一个用户池：

AWSCognitoIdentityProvider cognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder.defaultClient();
CreateUserPoolRequest createUserPoolRequest = new CreateUserPoolRequest()
    .withPoolName(userPoolName)
    .withAdminCreateUserConfig(new AdminCreateUserConfig()
        .withAllowAdminCreateUserOnly(true));
CreateUserPoolResult poolResult = cognitoIdentityProvider.createUserPool(createUserPoolRequest);
String userPoolId = poolResult.getUserPool().getId();

2. 创建一个应用程序客户端：

CreateUserPoolClientRequest userPoolClientRequest = new CreateUserPoolClientRequest()
    .withUserPoolId(userPoolId)
    .withClientName(clientName)
    .withGenerateSecret(false)
    .withRefreshTokenValidity(REFRESH_TOKEN_VALIDITY_SECONDS)
    .withAccessTokenValidity(ACCESS_TOKEN_VALIDITY_SECONDS)
    .withIdTokenValidity(ID_TOKEN_VALIDITY_SECONDS);
CreateUserPoolClientResult createUserPoolClientResult = cognitoIdentityProvider.createUserPoolClient(userPoolClientRequest);
String userPoolClientId = createUserPoolClientResult.getUserPoolClient().getClientId();

3. 向用户池添加一个新用户，并初始化密码：

Map userAttributes = new HashMap<>();
userAttributes.put("email", userEmail);
userAttributes.put("email_verified", "true");

AdminCreateUserRequest adminCreateUserRequest = new AdminCreateUserRequest()
    .withUserPoolId(userPoolId)
    .withUsername(username)
    .withUserAttributes(
        new AttributeType()
            .withName("email_verified")
            .withValue("true"),
        new AttributeType()
            .withName("email")
            .withValue(userEmail))
    .withTemporaryPassword(temporaryPassword)
    .withMessageAction("SUPPRESS");

AdminCreateUserResult adminCreateUserResult = cognitoIdentityProvider.adminCreateUser(adminCreateUserRequest);
String userId = adminCreateUserResult.getUser().getUsername();

4. 验证邮件地址：