Send Passwordless Login
This API allows you to send an email or SMS message to a user that will contain a code that can be used to complete login. This API should be used if you want to build your own login page.
If you plan to utilize the FusionAuth login page then you will not need to use this API. Instead, once passwordless authentication is enabled for the FusionAuth Application, a new button will be presented to the user on the login page which will allow them to request an email or SMS message.
This API does not require authentication.
Request#
Available Since Version 1.11.0.
OpenAPI Spec
Request Headers#
X-FusionAuth-TenantIdStringoptionalThe unique Id of the tenant used to scope this API request.
The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.
Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.
See Making an API request using a Tenant Id for additional information.
Request Body#
codeStringrequiredAvailable since 1.11.0The unique code to send via email or SMS, used to complete the login request. This value can be generated with a call to the Start Passwordless Login API. The loginStrategy value used in the Start Passwordless Login API controls whether an email or SMS is sent.
Example Request JSON
{
"code": "CynAUMCHLxCCAWyHXOVWPQd8ZY0a6U0e3YpYkT0MNxs"
}
OpenAPI Spec
- This usage of the API may be removed at a later date. Once available prefer the usage outlined above which is available beginning in
1.11.0which means you will need to use the Start API prior to calling this API. - Passwordless login with phone numbers, introduced in version
1.59.0, is not supported by this usage of this API endpoint. Use the Start Passwordless Login API to obtain a code and then provide that code to this API (see above).
Request Headers#
X-FusionAuth-TenantIdStringoptionalThe unique Id of the tenant used to scope this API request.
The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.
Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.
See Making an API request using a Tenant Id for additional information.
Request Body#
applicationIdStringrequiredThe unique Id of the Application you are requesting to log into.
loginIdStringrequiredThe login identifier of the user. The login identifier can be either the email or the username.
stateObjectoptionalAn optional object that will be returned un-modified when you complete the passwordless login request. This may be useful to return the user to particular state once they complete login using the email link.
Example Request JSON
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"loginId": "jared@piedpiper.com",
"state": {
"client_id": "10000000-0000-0002-0000-000000000001",
"redirect_uri": "https://piedpiper.com/callback",
"response_type": "code",
"scope": "openid",
"state": "CSRF123"
}
}
Response#
The response for this API does not contain a body. It only contains a status code.
Response Codes
| Code | Description |
|---|---|
| 200 | The request was successful. |
| 400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
| 500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |