I went ahead and slipped this topic across to Feature because forcing members to reverify their email address on a schedule is not a feature that exists in Discourse currently. If there is more demand for it, then perhaps it could be added.
One solution might be an admin setting to always require email verification when logging in locally. I’ve seen this myself recently. Just yesterday my wife set up a family subscription to a newspaper we all read, and I was no longer able to log in using her account because it sent her an email verification link.
External solutions could also work, e.g. by using SSO using a tool that does provide this, and disabling local login. That would take some research to see if one exists!
Beyond that, yes, the best approach would be to use the API. If you try Ethan’s and it works for you, let us know! Would be cool actually to see folks sharing scripts for API use, here on meta. If you want to work on this, please start a new topic in Dev.