Magic Login Pro provides a REST API that allows programmatic generation of login links and optional delivery via email. It is ideal for custom front-end workflows, mobile app integration, and automation scenarios.
Enable API Access #
To use the REST API, enable it from the WordPress admin panel:
- Go to Settings → Magic Login PRO → Login (tab).
- Toggle Enable REST API.
Once enabled, the plugin will register the REST endpoint.
Authentication #
You will need to use “Basic Auth” as the authorization method, which you can easily set up by creating an application token within your WordPress.
Only users with the edit_user capability can request login links on behalf of others. For example:
- Administrators can generate login links for any user.
- Subscribers can only generate links for themselves.
Endpoint Details #
- URL:
https://yourdomain.com/wp-json/magic-login/v1/token - Method:
POST
Required Headers #
Authorization: Basic base64(user:application-password)
Content-Type: application/jsonRequest Parameters #
| Parameter | Type | Required | Description |
|---|---|---|---|
user | string | Yes | User ID, username, email, or phone number. |
send | boolean | No | If true, sends the login link via email or SMS (if SMS is enabled). |
redirect_to | string | No | Optional URL to redirect to after login. |
qr | boolean | No | If true, includes a QR code URL in the response. |
qr_img | boolean | No | If true, includes an HTML <img> tag with the QR code in the response. |
Example Request
curl -X POST https://yourdomain.com/wp-json/magic-login/v1/token \
-H "Authorization: Basic <base64-credentials>" \
-H "Content-Type: application/json" \
-d '{
"user": "[email protected]",
"send": true,
"redirect_to": "https://yourdomain.com/dashboard",
"qr": true,
"qr_img": true
}'Response:
{
"link": "https://yourdomain.com/wp-login.php?user_id=12&token=...",
"mail_sent": true,
"qr": "https://yourdomain.com/magic-login-qr?url=...",
"qr_img": "<img src=\"https://yourdomain.com/magic-login-qr?url=...\" width=\"150\" alt=\"Scan to login\">"
}Error Response #
If no user is found:
{
"code": "missing_user",
"message": "No account matches the given user."
}
HTTP Status Code: 422
Notes
- Phone number login is supported if SMS login is enabled.
- The
userfield accepts user ID, username, email, or E.164-formatted phone numbers (e.g.,+1234567890). - Use
qrandqr_imgto simplify front-end QR code integrations. - The QR code URLs returned are compatible with any browser or email client.
This REST API is perfect for building custom login interfaces while retaining the security and simplicity of Magic Login.