Skip to content
Nhost Documentation
Support Dashboard

Sign in with magic link email

POST
/signin/passwordless/email

Initiate passwordless authentication by sending a magic link to the user’s email. If the user doesn’t exist and AUTH_DISABLE_AUTO_SIGNUP is not set, a new account will be created with the provided options. When AUTH_DISABLE_AUTO_SIGNUP is enabled, users must use the /signup/passwordless/email endpoint to register first.

Request Body required

Section titled “Request Body required ”

Email address and optional user options for magic link authentication

object
email
required

A valid email

string format: email
Example
john.smith@nhost.io
options
object
allowedRoles
Array<string>
Example
[
  "me",
  "user"
]
defaultRole
string
Example
user
displayName
string
<= 32 characters /^[\p{L}\p{N}\p{S} ,.'-]+$/
Example
John Smith
locale

A two or three characters locale

string
>= 2 characters <= 3 characters
Example
en
metadata
object
key
additional properties
any
Example
{
  "firstName": "John",
  "lastName": "Smith"
}
redirectTo
string format: uri
Example
https://my-app.com/catch-redirection
codeChallenge

PKCE code challenge (S256). When provided, the verification redirect will contain an authorization code instead of a refresh token.

string
>= 43 characters <= 43 characters /^[A-Za-z0-9_-]{43}$/

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Magic link sent to the user’s email. To prevent account enumeration, this response is also returned without side effects when the email is not registered and AUTH_DISABLE_AUTO_SIGNUP is enabled.

string
Allowed values: OK

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user user-already-exists email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked