POST /tokens

Request an authentication token for a user by providing their email address. The service generates a secure token using cryptographic methods and sends it via a magic link, enabling passwordless login.

Request

Headers

Key Value
Content-type application/json
AppID <your_app_id>
AppSecret <your_app_secret>

Body 

{
  "email": "user@test.com"
}

Response

Status code Body
200 Ok Ok
400 Bad Request {"code": 1001, "message": "could not decode app id request"}
400 Bad Request {"code": 1002, "message": "could not decode token request"}
400 Bad Request {"code": 1020, "message": "invalid app id"}
400 Bad Request {"code": 1021, "message": "invalid app headers"}
400 Bad Request {"code": 1022, "message": "invalid app secret"}
500 Internal Server Error {"code": 1030, "message": "could not generate token"}
500 Internal Server Error {"code": 1031, "message": "could not generate email"}
500 Internal Server Error {"code": 1032, "message": "could not send email"}

Test

Last token received 

Make a token request first...

PUT /tokens

Validate a received token to ensure it is authentic, unexpired, and properly associated with your application and the user. This step is critical for maintaining secure sessions.

Request

Headers

Key Value
Content-type application/json
AppID <your_app_id>
AppSecret <your_app_secret>

Body 

{
  "token": "MjAyNS0wMy0zMVQwMjoyNToyNC4xMjc3NDkrMDI6MDA.6VjTMr+lyUXtxNT7MZ17E/Mvdhtx87bJM8cTQ9El8ERokB+K9ew0AWRkI5vUjmKv1Slq5nvlfdqypege0oXgCg",
  "email": "user@test.com"
}

Response

Status code Body
200 Ok {"valid": true, "expiration": "2025-03-30T22:26:29.348982254Z"}
400 Bad Request {"code": 1001, "message": "could not decode app id request"}
400 Bad Request {"code": 1003, "message": "could not decode token status request"}
400 Bad Request {"code": 1020, "message": "invalid app id"}
400 Bad Request {"code": 1021, "message": "invalid app headers"}
400 Bad Request {"code": 1022, "message": "invalid app secret"}

Test