Verify a magic link

POST

/v1/iam/auth/magic-link/verify

const url = 'http://localhost:8080/v1/iam/auth/magic-link/verify';
const options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: '{"token":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url http://localhost:8080/v1/iam/auth/magic-link/verify \
  --header 'Content-Type: application/json' \
  --data '{ "token": "example" }'

Single-use : la consommation marque magicLinkConsumedAt=now(). Si l’email n’était pas vérifié (verifiedAt IS NULL), met aussi verifiedAt=now() dans la même transaction. Mint une session ; si User.passwordHash IS NULL le JWT porte requiresPasswordSetup=true (C11=a — l’admin-panel force le /set-password avant tout autre accès).

Request Body^required

application/json

object

token

required

string

>= 20 characters <= 128 characters

Example ^generated

{
  "token": "example"
}

Responses

200

Session minted.

application/json

object

status

required

string

Allowed value: success

code

required

string

data

required

object

sessionId

required

string

expiresAt

required

string format: date-time

requiresPasswordSetup

required

boolean

csrfToken

required

string

cache

object

hit

required

boolean

key

string

ageSeconds

integer

expiresAt

string format: date-time

timing

object

totalMs

required

integer

dbMs

integer

externalMs

integer

deprecation

object

sunset

required

string format: date-time

successor

string

note

string

Example

{
  "status": "success"
}

400

Requête mal formée (validation_error, invalid_idempotency_key, invalid_sort_field, invalid_filter).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

401

Authentification manquante ou invalide.

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

Verify a magic link

Request Body required

Example generated

Responses

200

Example

400

Example

401

Example

Request Body^required

Example ^generated