GET /v1/auth/login/magic-link/consume
GET /v1/auth/login/magic-link/consume?token=… — consume a magic
link and finish signing in.
On success this either (a) sets both auth cookies and returns 200
OK with \{user\} for the no-MFA path, or (b) returns 200 OK with
the mfa_required payload for the MFA path — same response shape
as POST /v1/auth/login. The dashboard's /auth/magic page hits
this endpoint and branches on mfa_required exactly like the
password flow.
Tags: auth
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
token | query | string | ✓ | The ml_* token emailed to the user; single-use. |
Responses
200 — Either cookies are set OR mfa_required:true is returned.
JSON
{
"$ref": "#/components/schemas/LoginResponse"
}401 — INVALID_TOKEN / TOKEN_EXPIRED / TOKEN_ALREADY_USED
403 — ACCOUNT_SUSPENDED
Code samples
TypeScript
TypeScript
import { firecase } from "@firecase/sdk";
const result = await firecase.get("/auth/login/magic-link/consume");
console.log(result);Python
Python
import firecase
result = firecase.get("/auth/login/magic-link/consume")
print(result)curl
Bash
curl -X GET https://api.firecase.ai/v1/auth/login/magic-link/consume \
-H "Authorization: Bearer $FIRECASE_API_KEY" \
-H "Content-Type: application/json"