POST /v1/auth/login/magic-link/request
POST /v1/auth/login/magic-link/request — request a sign-in email.
Always returns the same 200 OK body regardless of whether the
email maps to an enrolled user. Leaking enrollment status would
hand attackers a free account-enumeration oracle. Rate limiting on
the verification-token mint inside the service caps abuse at 5
per email per hour.
Tags: auth
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
Idempotency-Key | header | string,null | Optional idempotency token; replays return cached response. |
Request body
Required.
JSON
{
"$ref": "#/components/schemas/RequestMagicLinkRequest"
}Responses
200 — Always returned; constant message — DOES NOT leak enrollment.
JSON
{
"$ref": "#/components/schemas/RequestMagicLinkResponse"
}Code samples
TypeScript
TypeScript
import { firecase } from "@firecase/sdk";
const result = await firecase.post("/auth/login/magic-link/request", { /* body */ });
console.log(result);Python
Python
import firecase
result = firecase.post("/auth/login/magic-link/request", json={})
print(result)curl
Bash
curl -X POST https://api.firecase.ai/v1/auth/login/magic-link/request \
-H "Authorization: Bearer $FIRECASE_API_KEY" \
-H "Content-Type: application/json" \
-d '{}'