Magic link login
Org-native (dashboard) — /api/auth
Section titled “Org-native (dashboard) — /api/auth”| Method · Route | Purpose | Source |
|---|---|---|
POST /magic-link/send | Email a login link | AuthEndpoints.cs:34 |
POST /magic-link/verify | Verify the token → session (web origin gets an HttpOnly cookie; SDK keeps the body token via CookieAuthWriter) | :42 |
End-user (your app) — /api/public/apps/{applicationKey}/auth
Section titled “End-user (your app) — /api/public/apps/{applicationKey}/auth”| Method · Route | Source |
|---|---|
POST /magic-link/send | PublicEndpoints.cs:461 |
POST /magic-link/verify | :563 |
The end-user flow auto-activates the user and validates the post-login redirect against the application’s callback allowlist before returning.