Domain Allowlist
Domain Allowlist
#Overview
Domain Allowlist allows your application to be secure-by-default. It will reject all domains and redirect URIs that are not part of the allowlist.
#Connection
In order to interact with the Domain Allowlist for your application, you will need the following:
- Secret Key
- Client ID
Follow these steps to obtain the required information:
- On the Dashboard landing page, right-click anywhere and select Inspect.
- Navigate to the Network tab and look for
info?magic_client_id=<CLIENT_ID>
. - Navigate to the Response tab and extract
live_secret_key
as your Secret Key andmagic_client_id
as your Client ID.
#Allowlist – Add
In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key
value. In the body of the JSON, fill in your Client ID as the target_client_id
and the domain that you'd like to add to the Domain Allowlist as the value for domain
.
01curl --location --request POST 'https://api.magic.link/v1/api/magic_client/domain/allowlist/add' \
02--header 'X-Magic-Secret-Key: sk_live_06FC010DA25ED4F2' \
03--header 'Content-Type: application/json' \
04--data-raw '{
05 "target_client_id": "etjubJsY5Cvn6ukDzJYpd3MEAtgw45oetxxoX1PxvP4=",
06 "domain": "https://magic.link"
07}'
#Allowlist - Remove
In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key
value. In the body of the JSON, fill in your Client ID as the target_client_id
and the domain that you'd like to remove from the Domain Allowlist as the value for domain
.
01curl --location --request POST 'https://api.magic.link/v1/api/magic_client/domain/allowlist/remove' \
02--header 'X-Magic-Secret-Key: sk_live_06FC010DA25ED4F2' \
03--header 'Content-Type: application/json' \
04--data-raw '{
05 "target_client_id": "etjubJsY5Cvn6ukDzJYpd3MEAtgw45oetxxoX1PxvP4=",
06 "domain": "https://magic.link"
07}'
#Allowlist - Retrieve
In the Headers section, pass through the Secret Key in the X-Magic-Secret-Key
value. In the body of the JSON, fill in your Client ID as the target_client_id
.
01curl --location --request GET 'https://api.magic.link/v1/api/magic_client/domain/allowlist' \
02--header 'X-Magic-Secret-Key: sk_live_3DACC9A06D5CDC09' \
03--header 'Content-Type: application/json' \
04--header 'Cookie: __cf_bm=w34mWVZYeODU83q0alw17X408w8BxmxR8i3YTTQYVls-1669063237-0-AYuG2UZfC1uZavFSBmkMR092XzNTyfIDwEjYgxh0F3lFI5onOggETiTGpKZ3mPadfzv9MhA2e0Ie7YirysS73TA=; __cfruid=5727be2dcf833d7240c9a02a6f3c9d8b6853c6e3-1669063237' \
05--data-raw '{
06 "target_client_id": "cdoE6PoD1Kp5I4Jr_gZGAZ2-qDnYaI9Zroj6DqTV1gI="
07}'