Members

Send or generate a magic login link

Generates a magic login link for the member. By default the link is sent to the member's email address and the response does NOT include the link URL.

Set sendEmail to false in the request body to skip the email and receive the link URL in the response instead, for delivery via your own channel (e.g. your own email provider, chat, or SMS). The returned URL logs the visitor in as the member with no further checks until it expires (24 hours) — treat it like a credential: deliver it over a secure channel and avoid writing it to logs or analytics.

Rate limited to 5 requests per minute per member and 50 requests per minute per site (both delivery modes share the same limits). Returns 429 Too Many Requests if the rate limit is exceeded.

POST /members/{memberId}/login-links

curl --request POST \
  --url 'https://api.sotion.so/api/v1/members/{MEMBERID}/login-links' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
  "key": "value"
}'

{
  "data": {
    "memberId": "<uuid>",
    "status": "sent",
    "url": "<url>",
    "expiresAt": "<date-time>"
  }
}

Login link sent (status `sent`), or generated and returned (status `created` when `sendEmail` is false — the `url` and `expiresAt` fields are present only in this case).

Authorizations

Authorization string required header

Per-site API key (prefix: so_...). Each key is scoped to exactly one Sotion site — the site context is determined entirely by the key. No site ID is needed in any URL. Pass as: Authorization: Bearer so_...

Path Parameters

memberId string (uuid) required

UUID of the member. Get member IDs from listMembers or createMember responses.

Request Body

application/json

sendEmail boolean default

When false, no email is sent and the response includes the magic link url and its expiresAt so you can deliver the link via your own channel. Default: true.

Response

application/json

Location string response header

URL of the login-links resource.
X-RateLimit-Limit integer response header

Maximum requests allowed in the current window.
X-RateLimit-Remaining integer response header

Requests remaining in the current window.
X-RateLimit-Reset integer response header

Unix timestamp (seconds) when the rate limit window resets.
X-Request-Id string (uuid) response header

Unique request identifier for support and debugging.
data object
+ - Show Child Attributes
- memberId string (uuid)
- status string enum enum
  
  sent when the link was emailed to the member; created when sendEmail was false and the link is returned in url. Allowed values: sent, created.
- url string (uri)
  
  The magic login link. Present only when sendEmail is false. Treat as a credential — it logs the visitor in as the member until it expires.
- expiresAt string (date-time)
  
  When the returned link expires (24 hours after creation). Present only when sendEmail is false.

Send or generate a magic login link

curl --request POST \
  --url 'https://api.sotion.so/api/v1/members/{MEMBERID}/login-links' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
  "key": "value"
}'

{
  "data": {
    "memberId": "<uuid>",
    "status": "sent",
    "url": "<url>",
    "expiresAt": "<date-time>"
  }
}

Login link sent (status `sent`), or generated and returned (status `created` when `sendEmail` is false — the `url` and `expiresAt` fields are present only in this case).