Update Phone Number | API Reference | Descope Documentation

API Reference Magic LinkText Message (SMS)

Authorization

Descope Project ID:Refresh JWT

AuthorizationBearer <token>

Project ID:Refresh JWT as bearer token.

In: header

Request Body

application/json

loginId?string

phone?string

redirectUrl?string

addToLoginIDs?boolean

Defaultfalse

onMergeUseExisting?boolean

Defaultfalse

providerId?string

templateOptions?object

locale?string

failOnConflict?boolean

Update phone number of end user by sending magic link via SMS

Update the phone number of an existing end user by sending a magic link to the new phone number. Descope will generate and deliver a clickable magic link as an SMS to the new phone number specified. After successfully verifying the magic link token the new phone number will be used to deliver new magic links via SMS.

The clickable magic link is made up of two parts - the URI you provide in the URI field and the magic link token generated by Descope. For example, if URI=https://app.mycompany.com/magiclink/verify, the clickable magic link will be https://app.mycompany.com/magiclink/verify?t=magic-link-token. Magic links expire in the time frame configured in the Descope console, so sending multiple magic links (for example, when an end user tries to sign-up a second or third time) does not invalidate prior magic links that have already been sent.

The bearer token requires both the ProjectId and refresh JWT in the format <Project ID>:<JWT>, and can therefore only be run for end users who are currently signed-in.

Note that URI is an optional parameter. If omitted - the project setting will apply. If provided - it should to be part of the allowed Approved Domains configured in the project settings.

Descope allows you to associating multiple login IDs for a user during API update calls. For details on how this feature works, please review the details here.

Next Step

Verify the magic link token using the Verify Token endpoint.

See Also

See Magic link Authentication for details about implementing magic links.
See The User Object for further details on how to identify users and their contact information such as email addresses and phone number.

curl -X POST "https://api.descope.com/v1/auth/magiclink/update/phone/sms" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{  "maskedPhone": "string"}

TypeScript

export interface Response {maskedPhone?: string}

Was this helpful?

Ask AI about this page

Sign-In with Auto Sign-up POST

### Sign-in end user (with automatic sign-up) by sending a magic link via SMS Initiate a process that implements both sign-in and sign-up using a single endpoint. Descope will generate and deliver a clickable magic link as an SMS to the phone number specified. If the phone number is already registered (the end user has already registered) the user will be signed in. If the email address is not registered (the end user is not yet registered) the user will be signed up. The clickable magic link is made up of two parts - the URI you provide in the `URI` field and the magic link token generated by Descope. For example, if `URI=https://app.mycompany.com/magiclink/verify`, the clickable magic link will be `https://app.mycompany.com/magiclink/verify?t=magic-link-token.` Magic links expire in the time frame configured in the [Descope console](https://app.descope.com/settings/authentication/magiclink), so sending multiple magic links (for example, when an end user tries to sign-up a second or third time) does not invalidate prior magic links that have already been sent. Note that `URI` is an optional parameter. If omitted - the project setting will apply. If provided - it should to be part of the allowed `Approved Domains` configured in the project settings. ### Next Steps Verify the magic link token using the [Verify Token](/api/magic-link/verification/verify-token) endpoint. ### See Also - See [Magic link Authentication](/auth-methods/magic-link) for details about implementing magic links. - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions. - Use the [Sign-Up](/api/magic-link/sms/sign-up) endpoint if you want a sign-up flow that will fail if the end user is already registered. - Use the [Sign-In](/api/magic-link/sms/sign-in) endpoint if you want a sign-in flow that will fail if the end user isn't yet registered.

Verify Token POST

### Verify the magic link token from the end user Verify that the magic link token in the URL clicked by the end user matches and has not expired. This endpoint completes the magic link flow for: * sign up * [Sign-Up via email](/api/magic-link/email/sign-up) * [Sign-Up via SMS](/api/magic-link/sms/sign-up) * sign-in * [Sign-In via email](/api/magic-link/email/sign-in) * [Sign-In via SMS](/api/magic-link/sms/sign-in) * sign-in with auto sign-up * [Sign-In with Auto Sign-up via email](/api/magic-link/email/sign-in-auto-sign-up) * [Sign-In with Auto Sign-up via SMS](/api/magic-link/sms/sign-in-auto-sign-up) * update data * [update email](/api/magic-link/email/sign-up) * [update phone number](/api/magic-link/email/sign-up) ### Next Steps The response object will contain the user's details including the session and refresh JWTs. ### See Also - See [Magic link Authentication](/auth-methods/magic-link/with-sdks/client#introduction) for details about implementing magic links. - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number.