Magic Link
Passwordless sign-in, two endpoints
Generate a single-use sign-in link, send it through the channel of your choice, and verify the click on your callback. We handle the cryptographic token, expiry, single-use enforcement, and brute-force throttling.
How it works
One link sent. One token verified.
Step 1 · Issue the link
curl -X POST https://api.zevsend.com/v1/magic-link/issue \ -H "Authorization: Bearer zs_live_***" \ -H "Content-Type: application/json" \ -d '{ "channel": "email", "to": "jane@example.com", "callback_url": "https://acme.com/auth/callback", "expires_in": 600 }'
We sign a single-use token, embed it in your callback URL, and send the link through the channel you picked.
Step 2 · Verify the callback
curl -X POST https://api.zevsend.com/v1/magic-link/verify \ -H "Authorization: Bearer zs_live_***" \ -H "Content-Type: application/json" \ -d '{ "token": "ml_8a7c5f00..." }'
When the user clicks the link, your callback receives a token. POST it back to us and we tell you whether to sign them in.
What you get
6 things you don't have to build.
On by default the moment you mint your first API key. No premium tier, no add-on.
- Send by email, SMS, or WhatsApp from one API
- Cryptographically signed, single-use tokens
- Configurable expiry and one-time enforcement
- Branded callback URL on your own domain
- Per-recipient throttling to defeat link harvesting
- Per-challenge audit log for compliance reviews
Ready when
you are.
Open the console, verify a domain, and send your first message in under five minutes. Free sandbox, no credit card.