API Reference/Magic Link/Email
POST
/v1/auth/magiclink/signup/email

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
emailstring
loginIdstring
userobject
redirectUrlstring
providerIdstring
loginOptionsobject
curl -X POST "https://api.descope.com/v1/auth/magiclink/signup/email" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "string",
    "loginId": "string",
    "user": {
      "loginId": "string",
      "name": "string",
      "phone": "string",
      "email": "string",
      "givenName": "string",
      "middleName": "string",
      "familyName": "string"
    },
    "redirectUrl": "string",
    "providerId": "string",
    "loginOptions": {
      "customClaims": {},
      "templateOptions": {
        "property1": "string",
        "property2": "string"
      },
      "locale": "string",
      "pkceChallenge": "string"
    }
  }'

OK

{
  "maskedEmail": "string"
}

Was this helpful?

Magic Link Authentication API Overview

Use the Descope REST API to build magic link authentication for your application.

Sign-In POST

### Sign-in existing end user by sending a magic link via email Initiate a sign-in process by sending a magic link to an existing end user. Descope will generate and deliver a clickable magic link to the email address specified. The clickable magic link is made up of two parts - the URI you provide in the `URI` field and the magic link token generated by Descope. For example, if `URI=https://app.mycompany.com/magiclink/verify`, the clickable magic link will be `https://app.mycompany.com/magiclink/verify?t=magic-link-token.` Magic links expire in the time frame configured in the [Descope console](https://app.descope.com/settings/authentication/magiclink), so sending multiple magic links (for example, when an end user tries to sign-up a second or third time) does not invalidate prior magic links that have already been sent. The endpoint will return a failure code if the email address is not registered. Note that `URI` is an optional parameter. If omitted - the project setting will apply. If provided - it should to be part of the allowed `Approved Domains` configured in the project settings. ### Next Steps Verify the magic link token using the [Verify Token](/api/magic-link/verification/verify-token) endpoint. ### See Also - See [Magic link Authentication](/auth-methods/magic-link/with-sdks/client#introduction) for details about implementing magic links. - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions. - Use the [Sign-Up](/api/magic-link/email/sign-up) endpoint to sign-up a new end user. - Use the [Sign-In with Auto Sign-up](/api/magic-link/email/sign-in-auto-sign-up) endpoint to create a single sign-up and sign-in flow, which will create a new end user if they are not already registered. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`