Skip to content
AppHandoff AppHandoff Docs

Send passwordless magic link

POST
/auth/send-magic-link
 
curl --request POST \
  --url https://example.com/api/auth/send-magic-link \
  --header 'Content-Type: application/json' \
  --data '{ "email": "hello@example.com", "callback_origin": "https://example.com", "callback_next": "example" }'

Admin generateLink (magiclink) + Mailgun. IP rate limited. Callback URL from body callback_origin, X-AppHandoff-Callback-Origin, Origin, or Referer (allowlisted). Optional callback_next preserves a safe in-portal destination after the email link completes.

Request Body required

Section titled “Request Body required ”
Media type application/json
object
email
required
string format: email
callback_origin
string format: uri
callback_next
string

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Magic link sent

Media type application/json
object
ok
boolean

400

Section titled “400 ”

Invalid request

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number

429

Section titled “429 ”

Rate limited

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number
retryAfter

Seconds until the rate limit resets

number

Headers

Section titled “Headers ”
Retry-After
string