Skip to main content
POST
/
v1
/
magic_links
C#
// POST /v1/magic_links
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
};

client.MagicLinks.Create(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
// POST /v1/magic_links
package main

import (
"context"
"log"

"github.com/stytchauth/stytch-go/v18/stytch/consumer/magiclinks"
"github.com/stytchauth/stytch-go/v18/stytch/consumer/stytchapi"
)

func main() {
client, err := stytchapi.NewClient(
"${projectId}",
"${secret}",
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}

params := &magiclinks.CreateParams{
UserID: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
}

resp, err := client.MagicLinks.Create(context.Background(), params)
if err != nil {
log.Fatalf("error in method call: %v", err)
}

log.Println(resp)
}
// POST /v1/magic_links
package com.example;

import com.stytch.java.common.StytchResult;
import com.stytch.java.consumer.models.magiclinks.CreateRequest;
import com.stytch.java.consumer.StytchClient;

public class Main {
public static void main(String[] args) {
StytchClient.configure("${projectId}", "${secret}");

CreateRequest params = new CreateRequest();
params.setUserId("user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6");

Object result = StytchClient.getMagicLinks().create(params);
if (result instanceof StytchResult.Success) {
System.out.println(((StytchResult.Success) result).getValue());
} else {
System.out.println(((StytchResult.Error) result).getException());
}
}
}
// POST /v1/magic_links
package com.example

import com.stytch.java.consumer.StytchClient
import com.stytch.java.consumer.models.magiclinks.CreateRequest

fun main() {
StytchClient.configure(
projectId = "${projectId}",
secret = "${secret}",
)

when (
val result =
StytchClient.magicLinks.create(
CreateRequest(
userId = "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
),
)
) {
is StytchResult.Success -> println(result.value)
is StytchResult.Error -> println(result.exception)
}
}
// POST /v1/magic_links
const stytch = require('stytch');

const client = new stytch.Client({
project_id: '${projectId}',
secret: '${secret}',
});

const params = {
user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
};

client.magicLinks.create(params)
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });
$response = $client->magic_links->create([
'user_id' => 'user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6',
]);
# POST /v1/magic_links
from stytch import Client

client = Client(
project_id="${projectId}",
secret="${secret}",
)

resp = client.magic_links.create(
user_id="user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
)

print(resp)
# frozen_string_literal: true

# POST /v1/magic_links
require 'stytch'

client = Stytch::Client.new(
project_id: "${projectId}",
secret: "${secret}"
)

resp = client.magic_links.create(
user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"

)

puts resp
// POST /v1/magic_links
use stytch::consumer::client::Client;
use stytch::consumer::magic_links::CreateRequest;

fn main() {
let client = Client::new("${projectId}", "${secret}").unwrap();
let resp = client.magic_links.create(
CreateRequest{
user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
..Default::default()
}
).await;
println!("The response is {:?}", resp);
}
# POST /v1/magic_links
curl --request POST \
--url https://test.stytch.com/v1/magic_links \
-u '${projectId}:${secret}' \
-H 'Content-Type: application/json' \
-d '{
"user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
}'
{
  "request_id": "<string>",
  "user_id": "<string>",
  "token": "<string>",
  "status_code": 123
}
{
"status_code": 401,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "unauthorized_credentials",
"error_message": "Unauthorized credentials.",
"error_url": "https://stytch.com/docs/api/errors/401"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}

Important usage notes

Carefully review the following notes before using Embeddable Magic Links:
  • Embeddable Magic Link tokens are sensitive values. You should handle and store them securely.
  • Authenticating an Embeddable Magic Link token will not mark any of a user’s delivery factors (email address or phone number) as verified, since we cannot confirm how the token was sent to the user.
  • Embeddable Magic Links are only available in our Consumer API, and not our B2B API.
When sending Embeddable Magic Links via email:
  • Deliverability is paramount. Carefully test your email copy to ensure it reaches your users’ inboxes. Small changes can result in your emails being sent to spam.
  • In some cases, email security bots may follow links within incoming emails before your users open them. This consumes the Embeddable Magic Link token, preventing the user from logging in when they later click the link. Our Email Magic Links product automatically prevents this (details here). However, when sending your own emails containing Embeddable Magic Links, you’ll be responsible for detecting and stopping bot traffic using tools like CAPTCHA or Device Fingerprinting.
We also recommend checking out our Trusted Auth Tokens product, which is available in both our Consumer and B2B APIs and can be a better fit for some use cases.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

user_id
string
required

The unique ID of a specific User. You may use an external_id here if one is set for the user.

expiration_minutes
integer<int32>

Set the expiration for the Magic Link token in minutes. By default, it expires in 1 hour. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).

attributes
object

Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id
string
required

The unique ID of the affected User.

token
string
required

The Magic Link token that you'll include in your contact method of choice, e.g. email or SMS.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.