Domain Allowlist

Domain Allowlist

#Overview

Domain Allowlist allows your application to be secure-by-default. It will reject all domains and redirect URIs that are not part of the allowlist.

#Connection

In order to interact with the Domain Allowlist for your application, you will need the following:

  • Secret Key
  • Client ID

Follow these steps to obtain the required information:

  1. On the Dashboard landing page, right-click anywhere and select Inspect.
  2. Navigate to the Network tab and look for info?magic_client_id=<CLIENT_ID>.
  3. Navigate to the Response tab and extract live_secret_key as your Secret Key and magic_client_id as your Client ID.

#Allowlist – Add

In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key value. In the body of the JSON, fill in your Client ID as the target_client_id and the domain that you'd like to add to the Domain Allowlist as the value for domain.

01curl --location --request POST 'https://api.magic.link/v1/api/magic_client/domain/allowlist/add' \
02--header 'X-Magic-Secret-Key: sk_live_06FC010DA25ED4F2' \
03--header 'Content-Type: application/json' \
04--data-raw '{
05    "target_client_id": "etjubJsY5Cvn6ukDzJYpd3MEAtgw45oetxxoX1PxvP4=",
06    "domain": "https://magic.link"
07}'

#Allowlist - Remove

In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key value. In the body of the JSON, fill in your Client ID as the target_client_id and the domain that you'd like to remove from the Domain Allowlist as the value for domain.

01curl --location --request POST 'https://api.magic.link/v1/api/magic_client/domain/allowlist/remove' \
02--header 'X-Magic-Secret-Key: sk_live_06FC010DA25ED4F2' \
03--header 'Content-Type: application/json' \
04--data-raw '{
05    "target_client_id": "etjubJsY5Cvn6ukDzJYpd3MEAtgw45oetxxoX1PxvP4=",
06    "domain": "https://magic.link"
07}'

#Allowlist - Retrieve

In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key value. In the body of the JSON, fill in your Client ID as the target_client_id.

01curl --location --request GET 'https://api.magic.link/v1/api/magic_client/domain/allowlist' \
02--header 'X-Magic-Secret-Key: sk_live_3DACC9A06D5CDC09' \
03--header 'Content-Type: application/json' \
04--header 'Cookie: __cf_bm=w34mWVZYeODU83q0alw17X408w8BxmxR8i3YTTQYVls-1669063237-0-AYuG2UZfC1uZavFSBmkMR092XzNTyfIDwEjYgxh0F3lFI5onOggETiTGpKZ3mPadfzv9MhA2e0Ie7YirysS73TA=; __cfruid=5727be2dcf833d7240c9a02a6f3c9d8b6853c6e3-1669063237' \
05--data-raw '{
06    "target_client_id": "cdoE6PoD1Kp5I4Jr_gZGAZ2-qDnYaI9Zroj6DqTV1gI="
07}'

Did you find what you were looking for?

Did you find what you were looking for?