Magic Auth

Magic Auth is a passwordless authentication method that allows users to sign in or sign up via a unique, six digit one-time-use code sent to their email inbox. To verify the code, authenticate the user with Magic Auth.

Get Magic Auth code details

Get the details of an existing Magic Auth code that can be used to send an email to a user for authentication.

cURL

 curl "https://api.workos.com/user_management/magic_auth/magic_auth_01HWZBQZY2M3AMQW166Q22K88F" \
  --header "Authorization: Bearer sk_example_123456789"

 {
  "object": "magic_auth",
  "id": "magic_auth_01HWZBQZY2M3AMQW166Q22K88F",
  "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5",
  "email": "marcelina.davis@example.com",
  "expires_at": "2026-01-15T12:00:00.000Z",
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z",
  "code": "123456"
}

GET

`/user_management/magic_auth/:id`

`Parameters`

`Returns`

Create a Magic Auth code

Creates a one-time authentication code that can be sent to the user’s email address. The code expires in 10 minutes. To verify the code, authenticate the user with Magic Auth.

cURL

 curl --request POST \
  --url "https://api.workos.com/user_management/magic_auth" \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  -d @- <<'BODY'
    {
        "email": "marcelina.davis@example.com"
    }
BODY

 {
  "object": "magic_auth",
  "id": "magic_auth_01HWZBQZY2M3AMQW166Q22K88F",
  "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5",
  "email": "marcelina.davis@example.com",
  "expires_at": "2026-01-15T12:00:00.000Z",
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z",
  "code": "123456"
}

Sends email

POST

`/user_management/magic_auth`

`Returns`

Multi-Factor Auth Enroll users in multi-factor authentication for an additional layer of security

Up next

Magic Auth

Get Magic Auth code details

/user_management/magic_auth/:id

Parameters

id: string

Returns

magic_auth: object

Create a Magic Auth code

/user_management/magic_auth

email: string

invitation_token?: string

Returns

magic_auth: object

`/user_management/magic_auth/:id`

`Parameters`

`Returns`

`/user_management/magic_auth`

`Returns`