Verifying Tokens

Verifying that the clicked link in an e-mail is valid and retrieve its associated data.

post
Verify Email Token

https://api.magiclogin.net/v1/{app_id}/verifyEmailToken
Verify that the token that was sent in an e-mail is valid, retrieve the associated purpose, user data and e-mail address.
Request
Response
Request
Path Parameters
app_id
optional
string
Your Application ID (copy it from the Applications page)
Headers
Authorization
required
string
API token, in the form of `Bearer <api-token>`
Body Parameters
token
required
string
The token that was in the URL (with the `mtoken` key).
purpose
optional
string
Check that the token had a specific purpose. If this value is not passed no check is performed.
consume
required
string
Consumes this token after verification: the token can not be used again if you pass true here.
Response
200: OK
Verification successful āš ļø Note that the token may still be invalid āš ļø Always check data.valid. See below for the possible values of data.reason in case of an invalid token.
// Token found and it's valid
{
success: true,
data: {
valid: true,
token_id: 'GdyU4bHKeRDYxjrn7y4Fk576HHDpCLyaoNYRUgAtKKGf',
user_data: '',
purpose: 'signup',
consumed: false,
expires_at: '2021-02-16T03:51:34.511Z',
created_at: '2021-02-16T03:21:34.511Z'
}
ā€‹
ā€‹
// Token not found
// Maybe it's made up by your user, or it expired a long time ago.
{ success: true,
data: {
valid: false,
reason: 'not_found'
}
ā€‹
ā€‹
// The token was already consumed (=used).
{
success: true,
data: {
valid: false,
token_id: '9bBgLz1x6qvQzbRLDn4hZcSySSDQzM5F22FvGEYnUve3',
reason: 'already_consumed',
user_data: '',
purpose: 'signup',
consumed: true,
expires_at: '2021-02-16T03:51:34.511Z',
created_at: '2021-02-16T03:21:34.511Z'
}
}
ā€‹

Invalid token reasons

  • "not_found": Token not found, perhaps tried to make their own token or their token expired a long time ago and has since been cleaned up.

  • "expired": The token has expired.

  • "already_consumed" : This token has already been marked as "consumed".

  • "invalid_purpose" : The purpose of the token does not match the purpose passed in your request.

In the case of "expired", "already_consumed" and "invalid_purpose" the token's data will still be returned including any user_data you may have passed. In case of "not_found" this is of course not possible.