📘
Rate limit
To prevent abuse and ensure proper usage, this endpoint is subject to a rate limit. This means that a specific number of requests can be made within a certain time frame. Each email address can make a maximum of 5 requests per hour.

Description

Use this endpoint to allow your customers to request a passwordless login link. The passwordless authentication feature must be enabled in your site settings to be able to use this endpoint.

Tokens are tied to the specific site and customer account. Links sent via email and tokens delivered via the customer.passwordless_login_request webhook should be treated as sensitive authentication credentials. For security, avoid sharing or forwarding magic link emails, as well as tokens.

Token Validity & Security

Token Lifetime: Configurable in site settings (1, 30, 60, or 90 days). Default: 1 day.
Token Reusability: Tokens can be used multiple times until expiration.
Security Note: Tokens remain valid for the entire configured duration. Consider shorter TTLs for high-security environments.

Related webhook events

customer.passwordless_login_request

Related features

Passwordless authentication