> ## Documentation Index > Fetch the complete documentation index at: https://stytch.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create > Create an Embeddable Magic Link token for a User. ### Important usage notes Carefully review the following notes before using Embeddable Magic Links: * Embeddable Magic Link tokens are **sensitive values**. You should handle and store them securely. * Authenticating an Embeddable Magic Link token will not mark any of a user's delivery factors (email address or phone number) as verified, since we cannot confirm how the token was sent to the user. * Embeddable Magic Links are only available in our Consumer API, and not our B2B API. When sending Embeddable Magic Links via email: * Deliverability is paramount. Carefully test your email copy to ensure it reaches your users' inboxes. Small changes can result in your emails being sent to spam. * In some cases, email security bots may follow links within incoming emails before your users open them. This consumes the Embeddable Magic Link token, preventing the user from logging in when they later click the link. Our Email Magic Links product automatically prevents this (details [here](/consumer-auth/authentication/magic-links/redirect-routing)). However, when sending your own emails containing Embeddable Magic Links, you'll be responsible for detecting and stopping bot traffic using tools like CAPTCHA or [Device Fingerprinting](/fraud-risk/device-fingerprinting/overview). We also recommend checking out our [Trusted Auth Tokens](/consumer-auth/authentication/trusted-auth-tokens/overview) product, which is available in both our Consumer and B2B APIs and can be a better fit for some use cases. ## OpenAPI ````yaml POST /v1/magic_links openapi: 3.0.3 info: title: Stytch API description: The Stytch API provides endpoints for authentication and user management. version: 2.1.1 contact: name: Stytch Support url: https://stytch.com/docs email: support@stytch.com servers: - url: https://api.stytch.com description: Production server - url: https://test.stytch.com description: Test server security: - basicAuth: [] paths: /v1/magic_links: post: tags: - Magic summary: Create description: >- Create an Embeddable Magic Link token for a User. ### Important usage notes Carefully review the following notes before using Embeddable Magic Links: * Embeddable Magic Link tokens are **sensitive values**. You should handle and store them securely. * Authenticating an Embeddable Magic Link token will not mark any of a user's delivery factors (email address or phone number) as verified, since we cannot confirm how the token was sent to the user. * Embeddable Magic Links are only available in our Consumer API, and not our B2B API. When sending Embeddable Magic Links via email: * Deliverability is paramount. Carefully test your email copy to ensure it reaches your users' inboxes. Small changes can result in your emails being sent to spam. * In some cases, email security bots may follow links within incoming emails before your users open them. This consumes the Embeddable Magic Link token, preventing the user from logging in when they later click the link. Our Email Magic Links product automatically prevents this (details [here](https://stytch.com/docs/consumer-auth/authentication/magic-links/redirect-routing)). However, when sending your own emails containing Embeddable Magic Links, you'll be responsible for detecting and stopping bot traffic using tools like CAPTCHA or [Device Fingerprinting](https://stytch.com/docs/fraud-risk/device-fingerprinting/overview). We also recommend checking out our [Trusted Auth Tokens](https://stytch.com/docs/consumer-auth/authentication/trusted-auth-tokens/overview) product, which is available in both our Consumer and B2B APIs and can be a better fit for some use cases. operationId: api_magic_v1_Create requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/api_magic_v1_CreateRequest' responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/api_magic_v1_CreateResponse' '400': description: Bad request '401': description: Unauthorized content: application/json: example: status_code: 401 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: unauthorized_credentials error_message: Unauthorized credentials. error_url: https://stytch.com/docs/api/errors/401 '429': description: Too Many Requests content: application/json: example: status_code: 429 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: too_many_requests error_message: Too many requests have been made. error_url: https://stytch.com/docs/api/errors/429 '500': description: Internal server error content: application/json: example: status_code: 500 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: internal_server_error error_message: >- Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong. error_url: https://stytch.com/docs/api/errors/500 x-code-samples: - lang: csharp label: C# source: |- // POST /v1/magic_links const stytch = require('stytch'); const client = new stytch.Client({ project_id: '${projectId}', secret: '${secret}', }); const params = { user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", }; client.MagicLinks.Create(params) .then(resp => { console.log(resp) }) .catch(err => { console.log(err) }); - lang: go label: Go source: "// POST /v1/magic_links\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/magiclinks\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/stytchapi\"\n)\n\nfunc main() {\n\tclient, err := stytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &magiclinks.CreateParams{\n\t\tUserID: \"user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6\",\n\t}\n\n\tresp, err := client.MagicLinks.Create(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n" - lang: java label: Java source: |- // POST /v1/magic_links package com.example; import com.stytch.java.common.StytchResult; import com.stytch.java.consumer.models.magiclinks.CreateRequest; import com.stytch.java.consumer.StytchClient; public class Main { public static void main(String[] args) { StytchClient.configure("${projectId}", "${secret}"); CreateRequest params = new CreateRequest(); params.setUserId("user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"); Object result = StytchClient.getMagicLinks().create(params); if (result instanceof StytchResult.Success) { System.out.println(((StytchResult.Success) result).getValue()); } else { System.out.println(((StytchResult.Error) result).getException()); } } } - lang: kotlin label: Kotlin source: | // POST /v1/magic_links package com.example import com.stytch.java.consumer.StytchClient import com.stytch.java.consumer.models.magiclinks.CreateRequest fun main() { StytchClient.configure( projectId = "${projectId}", secret = "${secret}", ) when ( val result = StytchClient.magicLinks.create( CreateRequest( userId = "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", ), ) ) { is StytchResult.Success -> println(result.value) is StytchResult.Error -> println(result.exception) } } - lang: javascript label: Node.js source: |- // POST /v1/magic_links const stytch = require('stytch'); const client = new stytch.Client({ project_id: '${projectId}', secret: '${secret}', }); const params = { user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", }; client.magicLinks.create(params) .then(resp => { console.log(resp) }) .catch(err => { console.log(err) }); - lang: php label: PHP source: |- $response = $client->magic_links->create([ 'user_id' => 'user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6', ]); - lang: python label: Python source: | # POST /v1/magic_links from stytch import Client client = Client( project_id="${projectId}", secret="${secret}", ) resp = client.magic_links.create( user_id="user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", ) print(resp) - lang: ruby label: Ruby source: |- # frozen_string_literal: true # POST /v1/magic_links require 'stytch' client = Stytch::Client.new( project_id: "${projectId}", secret: "${secret}" ) resp = client.magic_links.create( user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6" ) puts resp - lang: rust label: Rust source: |- // POST /v1/magic_links use stytch::consumer::client::Client; use stytch::consumer::magic_links::CreateRequest; fn main() { let client = Client::new("${projectId}", "${secret}").unwrap(); let resp = client.magic_links.create( CreateRequest{ user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", ..Default::default() } ).await; println!("The response is {:?}", resp); } - lang: bash label: cURL source: |- # POST /v1/magic_links curl --request POST \ --url https://test.stytch.com/v1/magic_links \ -u '${projectId}:${secret}' \ -H 'Content-Type: application/json' \ -d '{ "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6" }' components: schemas: api_magic_v1_CreateRequest: type: object properties: user_id: type: string description: >- The unique ID of a specific User. You may use an `external_id` here if one is set for the user. expiration_minutes: type: integer format: int32 description: >- Set the expiration for the Magic Link `token` in minutes. By default, it expires in 1 hour. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins). attributes: $ref: '#/components/schemas/api_attribute_v1_Attributes' description: >- Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application. description: Request type required: - user_id api_magic_v1_CreateResponse: type: object properties: request_id: type: string description: >- Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. user_id: type: string description: The unique ID of the affected User. token: type: string description: >- The Magic Link `token` that you'll include in your contact method of choice, e.g. email or SMS. status_code: type: integer format: int32 description: >- The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. required: - request_id - user_id - token - status_code api_attribute_v1_Attributes: type: object properties: ip_address: type: string description: The IP address of the user. user_agent: type: string description: The user agent of the User. securitySchemes: basicAuth: type: http scheme: basic ````