Email Endpoints
These APIs allow you to authenticate a user using a magic link.
Method | Resource | Description |
---|---|---|
POST | /email/requests | Send an authentication request |
POST | /email/tokens | Exchange an authorization code for an access_token |
POST /email/requests
This endpoint sends an authentication request to the provided user’s email
.
The user is redirected to the callback_uri
URL with an authorization code
.
Request Body
Response
Response Codes
Code | Description |
---|---|
200 | Request successful. |
400 | Malformed request. This could be due to an invalid email or callback_uri . Note: The callback URL must use https . |
429 | Too many authentication requests. The user must retry after retry_at . This can occur if too many requests are made for a specific email address or from an abusive IP. |
Usage
Simple Authentication
Optional: With Proof Key for Code Exchange (PKCE)
For additional security and to prevent the authorization code from being intercepted (e.g., via URL scheme spoofing on apps, malicious browser extensions, web server logs), you can generate a random string and send the associated hash result (code_challenge
) to the authentication endpoint.
POST /email/tokens
Once the user has clicked on the link sent by email, they will be redirected to the URL defined by callback_uri
with the parameter code
.
This can be exchanged for an access token
using the following API endpoint.
The authorization code
is valid only once and for up to 20 minutes. Users must click on the authorization link within this time frame to grant access.
Request Body
Response
The access token
is valid for 10 minutes.
Response Codes
Code | Description |
---|---|
200 | Request successful. |
400 | Malformed request. |
401 | The authorization code is invalid (malformed, expired, or already used). |