Stytch - Auth platform for developers

The Authenticate method wraps the authenticate Magic Link API endpoint which validates the magic link token passed in.

If this method succeeds, the user will be logged in, granted an active session,and the session data will be persisted on device.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchSession hook.

Method parameters

token* string

The token to authenticate.

Configuration* object

Additional configuration.

session_duration_minutes* int

Set the session lifetime to be this many minutes from now. This will return both an opaque session_token and session_jwt for this session, which will automatically be stored either in the browser cookies if you're using our JavaScript SDK, or in the iOS Keychain/ Android SharedPreferences if you're using one of our mobile SDKs. The session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will be automatically refreshed by the SDK in the background over time.

This value must be a minimum of 5 and may not exceed the maximum session duration minutes value set in the Frontend SDK page of the Stytch Dashboard.

A successful authentication will continue to extend the session this many minutes.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

user_id string

The unique ID of the affected User.

method_id string

The email_id or phone_id involved in the given authentication.

session_token string

A secret token for a given Stytch Session.

session_jwt string

The JSON Web Token (JWT) for a given Stytch Session.

session object

If you initiate a Session, by including session_duration_minutes in your authenticate call, you'll receive a full Session object in the response.

See Session object for complete response fields.

session_id string

A unique identifier for a specific Session.

user_id string

The unique ID of the affected User.

authentication_factors array[objects]

An array of different authentication factors that comprise a Session.

started_at string

The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_accessed_at string

The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

expires_at string

The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

attributes object

Provided attributes help with fraud detection.

ip_address string

The IP address of the user.

user_agent string

The user agent of the User.

custom_claims map<string, any>

The custom claims map for a Session. Claims can be added to a session during a Sessions authenticate call.

import React, { useEffect } from 'react'; import { Text } from 'react-native'; import { useStytch, useStytchSession } from '@stytch/react-native'; import { useNavigation } from '@react-navigation/native'; export const Authenticate = ({ token }) => { const stytch = useStytch(); const { session } = useStytchSession(); const navigation = useNavigation(); useEffect(() => { const authenticateUser = async () => { if (session) { navigation.navigate('Profile'); } else if (token) { try { await stytch.magicLinks.authenticate(token, { session_duration_minutes: 60, }); navigation.navigate('Profile'); } catch (error) { console.error('Authentication error:', error); } } }; authenticateUser(); }, [stytch, session, navigation, token]); return <Text>Loading</Text>; };

{ "status_code": 200, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", "method_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953", "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q", "session_jwt": "eyJ...", "session": {...}, }

{ "status_code": 400, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "invalid_user_id", "error_message": "user_id format is invalid.", "error_url": "https://stytch.com/docs/api/errors/400" }

{ "status_code": 401, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "unable_to_auth_magic_link", "error_message": "The magic link could not be authenticated because it was either already used or expired. Send another magic link to this user.", "error_url": "https://stytch.com/docs/api/errors/401" }

{ "status_code": 404, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "magic_link_not_found", "error_message": "The magic link could not be authenticated, try sending another magic link to the user.", "error_url": "https://stytch.com/docs/api/errors/404" }

{ "status_code": 429, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "too_many_requests", "error_message": "Too many requests have been made.", "error_url": "https://stytch.com/docs/api/errors/429" }

{ "status_code": 500, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "internal_server_error", "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.", "error_url": "https://stytch.com/docs/api/errors/500" }