> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify Token

> Verify the magic token of a magic link to authenticate the user. This endpoints verifies that the magic token sent in is valid and returns the method ID and verified user ID.
## Returns

A successful response returns an object with `method_id`, `method_type`, and verified `user_id` properties. If session parameters are sent in, `session_token`, `session_jwt` and `session` will be included in the response.

<Warning>
  **Deprecated:** Magic Links are deprecated and will be removed in a future version. Please use [One-time Passcodes (OTP)](/methods/otp/overview) or [OAuth](/methods/oauth/overview) for passwordless authentication instead.
</Warning>


## OpenAPI

````yaml post /v1/auth/magic_links/verify
openapi: 3.1.0
info:
  title: MoonKey Auth API
  description: >-
    Explore all the details of MoonKey Auth API. All of our APIs are RESTful and
    accept and return JSON.
  version: v1
servers:
  - url: https://api.moonkey.fun
    description: Production
    variables: {}
security:
  - Authorization: []
tags:
  - name: Users
    description: User management API
  - name: Magic Links
    description: ''
  - name: OTPs
    description: >-
      Send OTP (One-time passcodes) by all the supported delivery methods such
      as SMS, email.
  - name: OAuth
    description: ''
  - name: Wallets Login
    description: ''
  - name: Managed Wallets
    description: ''
  - name: Wallet Import
    description: >-
      Import existing wallets into the platform using secure HPKE encryption.
      This flow ensures raw entropy (seed phrases or private keys) never touches
      the server in plaintext.
externalDocs:
  url: ''
  description: ''
paths:
  /v1/auth/magic_links/verify:
    post:
      tags:
        - Magic Links
      summary: Verify Token
      description: >-
        Verify the magic token of a magic link to authenticate the user. This
        endpoints verifies that the magic token sent in is valid and returns the
        method ID and verified user ID.

        ## Returns


        A successful response returns an object with `method_id`, `method_type`,
        and verified `user_id` properties. If session parameters are sent in,
        `session_token`, `session_jwt` and `session` will be included in the
        response.
      operationId: VerifyMagicToken
      parameters: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyMagicTokenRequest'
            examples:
              VerifyMagicTokenReq:
                value:
                  token: CzJ1WTtyCF2wqhavQYiy9m7GayazthwamK4DKC07Ac6B2Fmn
        description: ''
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                description: ''
                type: object
                properties:
                  method_id:
                    type: string
                    minLength: 1
                    description: Given ID of the method (email, phone_number, etc.).
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Type of the auth method. Possible values: email,
                      phone_number.
                    enum:
                      - email
                      - phone_number
                  user_id:
                    type: string
                    minLength: 1
                    description: Given user ID of the user.
                  session_token:
                    type: string
                  session_jwt:
                    type: string
                  session:
                    $ref: '#/components/schemas/Session'
                required:
                  - method_id
                  - method_type
                  - user_id
              examples:
                VerifyMagicLinkResp:
                  value:
                    method_id: email_24oXBL3PufzHkH1Jzyjc2EXYeo7
                    method_type: email
                    user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                description: ''
                type: object
                properties:
                  status_code:
                    type: number
                  error_message:
                    type: string
                    minLength: 1
                  error_type:
                    type: string
                    minLength: 1
                required:
                  - status_code
                  - error_message
                  - error_type
              examples:
                ErrorInvalidMagicLinkToken:
                  value:
                    status_code: 400
                    error_message: Invalid magic link format, magic link missing or invalid.
                    error_type: invalid_magic_token
components:
  schemas:
    VerifyMagicTokenRequest:
      description: ''
      type: object
      properties:
        token:
          type: string
          minLength: 1
          description: '`Required` Magic Token in the Magic Link received by the User'
        session_expires_in:
          type: integer
          description: >-
            `Optional` Extend the session expiration time to N minutes from now,
            must be between 5 to 525600 minutes (365 days). This parameter will
            create a new session if there is no existing session along with a
            `session_token` and `session_jwt`. However, if a valid
            `session_token` or `session_jwt` is sent in, it will extend that
            session by the minutes specified. If not sent in, no session will be
            created by default.
        session_token:
          type: string
          description: '`Optional` Unique session token to verify. '
        session_jwt:
          type: string
          description: '`Optional` Unique Session JWT to verify.'
      required:
        - token
    Session:
      description: ''
      type: object
      x-examples:
        Session:
          id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
          user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
          session_token: 7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
          started_at: 1643496805
          expires_at: 1643502805
          last_active_at: 1643496805
          factors:
            - delivery_channel: sms
              type: otp
              method:
                method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                method_type: phone_number
                phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                phone_number: '+14152222222'
                last_verified_at: 1643496805
          device_fingerprint:
            user_agent: ''
            ip: 123.2.1.1
          updated_at: 1643496805
          created_at: 1643496805
      title: Session
      properties:
        id:
          type: string
          minLength: 1
        user_id:
          type: string
          minLength: 1
        session_token:
          type: string
          minLength: 1
        started_at:
          type: number
        expires_at:
          type: number
        last_active_at:
          type: number
        factors:
          type: array
          uniqueItems: true
          minItems: 1
          items:
            type: object
            properties:
              delivery_channel:
                type: string
                minLength: 1
                description: >-
                  Delivery channel for this factor. Possible values: sms, email,
                  totp_authenticator, totp_recovery_code, google_oauth,
                  apple_oauth, microsoft_oauth, discord_oauth, okta_oauth,
                  github_oauth, slack_oauth, facebook_oauth,
                  webauthn_credential, eth_wallet, sol_wallet.
              type:
                type: string
                minLength: 1
                description: >-
                  Authentication type of factor. Possible values: otp, oauth,
                  wallet, totp, webauthn.
              method:
                type: object
                required:
                  - method_id
                  - method_type
                  - last_verified_at
                properties:
                  id:
                    type: string
                  method_id:
                    type: string
                    minLength: 1
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Identifier method type. Possible values: email, wallet,
                      phone_number, webauthn.
                  last_verified_at:
                    type: number
                  phone_number_id:
                    type: string
                    minLength: 1
                  phone_number:
                    type: string
                    minLength: 1
                  email_id:
                    type: string
                  email:
                    type: string
                  wallet_type:
                    type: string
                  wallet_id:
                    type: string
                  wallet_public_address:
                    type: string
                  totp_id:
                    type: string
                  webauthn_credential_id:
                    type: string
                  provider_subject:
                    type: string
            required:
              - delivery_channel
              - type
              - method
        device_fingerprint:
          type: object
          required:
            - user_agent
            - ip
          properties:
            user_agent:
              type: string
            ip:
              type: string
              minLength: 1
        updated_at:
          type: number
        created_at:
          type: number
      required:
        - id
        - user_id
        - session_token
        - started_at
        - expires_at
        - last_active_at
        - factors
        - device_fingerprint
        - updated_at
        - created_at
  securitySchemes:
    Authorization:
      type: http
      scheme: bearer
      description: >-
        Auth Platform API includes all the Auth related features. All Users,
        Phone Numbers, Emails, and OTPs are associated with an `App` as the
        container.


        Endpoints only accept App's `Secret API keys` other than certain
        endpoints that are used client side or via SDK that accept the
        `public_token`.


        ## Authentication using App Api Key


        ## Header:


        ```

        Authorization: Bearer {api_key}

        ```


        ## Authenticated Request


        ```curl

        curl \
          -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
          -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
        ```

````