Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Passwordless / Magic Links

:::info Coming Soon This feature is under active development. The design below reflects our planned implementation. :::

Magic links provide a passwordless sign-in experience. Users enter their email address and receive a single-use link that signs them in instantly — no password required.

Features

  • Email-based passwordless sign-in
  • Single-use links with a 10-minute expiry
  • Automatic account creation for new users (when signup is open)
  • No passwords to remember, store, or reset

How It Works

User enters their email

The user provides their email address on the sign-in page.

Magic link sent

Aero2 sends an email containing a unique, single-use sign-in link.

User clicks the link

The user opens the email and clicks the magic link.

Signed in

Aero2 verifies the link, creates a session, and the user is signed in. If the email does not match an existing account and signup is open, a new account is created automatically.

Rate Limiting

Magic link requests are rate limited to 3 per email address per 15 minutes to prevent abuse.

Planned API Endpoint

MethodEndpointDescription
POST/api/auth/magic-linkSend a magic link to the specified email address