Skip to main content

MagicToken

Magic token for passwordless authentication.

Magic tokens provide a secure way to authenticate users without requiring passwords. They can be associated with either contacts or customers and support configurable expiration and usage limits.

type MagicToken {
id: String!
contactId: Int
customerId: Int
expiresAt: DateTime
lastAccessedAt: DateTime
failedLogins: Int
successfulLogins: Int
oneTimeUse: Boolean!
extra: [String!]
contact: Contact
customer: Customer
}

Fields

MagicToken.id ● String! non-null scalar

Unique identifier for the magic token.

This UUID serves as the primary key and can be used to reference the token in authentication requests.

MagicToken.contactId ● Int scalar

Contact identifier associated with this magic token.

When specified, the magic token will authenticate as this contact. Either contactId or customerId must be provided, but not both.

MagicToken.customerId ● Int scalar

Customer identifier associated with this magic token.

When specified, the magic token will authenticate as this customer. Either customerId or contactId must be provided, but not both.

MagicToken.expiresAt ● DateTime scalar

Token expiration timestamp.

After this date and time, the magic token becomes invalid and cannot be used for authentication. If null, the token never expires.

MagicToken.lastAccessedAt ● DateTime scalar

Timestamp of the last authentication attempt using this token.

Updated each time the token is used for login, regardless of success or failure. Used for security monitoring and audit purposes.

MagicToken.failedLogins ● Int scalar

Count of failed authentication attempts using this token.

Incremented each time an authentication attempt fails. Used for security monitoring and potential token blocking after too many failures.

MagicToken.successfulLogins ● Int scalar

Count of successful authentication attempts using this token.

Incremented each time the token is successfully used for authentication. For one-time use tokens, this should never exceed 1.

MagicToken.oneTimeUse ● Boolean! non-null scalar

Whether this token can only be used once.

When true, the token becomes invalid after the first successful authentication. When false, the token can be reused until it expires.

MagicToken.extra ● [String!] list scalar

Additional metadata or context information for the token.

Can store arbitrary string data related to the token's purpose, origin, or usage context. Useful for tracking and debugging.

MagicToken.contact ● Contact object

Contact associated with this magic token.

Returns the contact that this authentication token belongs to. Used for contact-based authentication and identity verification.

MagicToken.customer ● Customer object

Customer associated with this magic token.

Returns the customer that this authentication token belongs to. Used for customer-based authentication and identity verification.

Returned By

magicToken query ● magicTokenCreate mutation ● magicTokenUpdate mutation

Member Of

Contact object ● Customer object ● MagicTokenResponse object