Magic URL login

Magic URL sends a login link to your user's email. They click the link, they're logged in. No passwords to forget, no codes to type, just instant authentication that feels like magic.

How it works

Request link - User enters email address
Email arrives - Login link delivered to inbox
Click link - User clicks the magic link
Authenticated - Link verifies, session created automatically

Send the magic link

Start the flow by creating a magic URL token:

import { Client, ID } from "@nuvix/client";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

const account = nx.account;

// Create magic URL token
const token = await nx.account.createMagicURLToken(
    ID.unique(),                    // User ID
    'user@example.com',            // Email address
    'https://yourapp.com/verify'   // Redirect URL
);

// User will receive email with login link

What happens:

New email → Creates account automatically
Existing email → Sends login link to existing account
Link generated → Secure token created for authentication

Handle the redirect

User clicks email link, gets redirected to your app with auth data:

// On your redirect page (https://yourapp.com/verify)
const urlParams = new URLSearchParams(window.location.search);
const secret = urlParams.get('secret');
const userId = urlParams.get('userId');

// Create session from magic link data
const session = await nx.account.createSession({
    userId: userId,
    secret: secret
});

// User is now authenticated - redirect to app
window.location.href = '/dashboard';

Magic URL vs Email OTP

Both are passwordless, but work differently:

Magic URL	Email OTP
Clickable link	6-digit code
Automatic redirect	Manual code entry
Requires browser/email	Works offline
Can break app flow	Consistent experience

Pick Magic URL when:

Users are on devices with email access
You want the smoothest possible experience
Building web apps with reliable redirects
Prioritizing ease of use over control

Implementation tips

Redirect URL setup:

// Use a dedicated verification page
const redirectUrl = 'https://yourapp.com/auth/verify';

// Handle both success and failure
const token = await nx.account.createMagicURLToken(
    ID.unique(),
    email,
    redirectUrl
);

Handle verification states:

// On your verify page
async function handleMagicLink() {
    try {
        const session = await nx.account.createSession({
            userId: userId,
            secret: secret
        });
        
        // Success: redirect to app
        window.location.href = '/dashboard';
        
    } catch (error) {
        // Handle expired or invalid links
        showError('This login link has expired. Please request a new one.');
        redirectToLogin();
    }
}

Email template considerations:

Link expires after 1 hour for security
Include app name and branding
Add "Not you?" security notice
Provide fallback login options

Mobile app handling:

// Deep link configuration for mobile
const redirectUrl = Platform.OS === 'ios' 
    ? 'myapp://auth/verify'
    : 'myapp://auth/verify';

Common patterns

Auto-redirect after verification:

// Immediately redirect after successful auth
const session = await nx.account.createSession({...});
window.location.href = '/dashboard';

Fallback for expired links:

// Detect expired links and offer alternatives
try {
    await nx.account.createSession({...});
} catch (error) {
    if (error.code === 'user_invalid_token') {
        showLoginForm();
        showMessage('Login link expired. Please log in again.');
    }
}

Track magic link usage:

// Add analytics to track email login success
const session = await nx.account.createSession({...});
analytics.track('magic_link_login_success', {
    userId: session.userId,
    timestamp: new Date().toISOString()
});

Magic URL: The authentication method that feels like actual magic - users click, they're in, no friction, no fuss.