Frequently Asked Questions
Frequently Asked Questions
Magic Auth is a whitelabel solution that allows developers to build the look and feel of their app’s user authentication and wallet experience. Additionally, Magic Auth wallets are scoped to individual dApps. In order for end-users to use their Magic Auth wallets on other dApps, end-users will need to export the private key and import them in a 3rd-party wallet.
Magic Connect is a web-based authentication and wallet that does not require browser extensions, seed phrases, or downloads. Magic Connect solution comes with out-of-the-box functionality and range of web3 features such as:
Web2-friendly login methods such as passwordless email and Google One Tap that allows frictionless mainstream user onboarding to your dApp
Support for external wallets such as Metamask, WalletConnect and Coinbase Wallet so that you don’t have to spend time integrating with wallets.
Transaction signing module
Send transaction module
Furthermore, with the soon-to-come premium feature, developers will be able to collect verified email addresses from 3rd-party wallet users. Magic Connect also lets users use the same wallet across dApps.
Magic Connect currently supports Ethereum, Polygon and Optimism.
More EVM chains are coming. Submit this feedback form to request for chains you’d like to be supported on.
Magic Connect end-users will be able to purchase cryptocurrencies through Magic’s partner fiat on-ramps across 150+ countries and major payment methods including bank transfers and credit cards.
Magic Connect supports MetaMask, WalletConnect and Coinbase Wallet as 3rd-party wallet options. They are displayed by default for all Magic Connect apps.
Developers can toggle which third-party wallet login options they want to display via the Wallet Providers page of the developer dashboard.
Yes. Authenticated users can access their wallet recovery phrase through the User Settings view in their Magic Connect wallet.
MFA / 2FA is not currently supported but is slated for release in early 2023.
- Google One Tap
Email (one-time passcode)
Email-based account linking
Google Login supports Google Accounts with a Gmail domain and non-Gmail Google Login accounts (e.g. G-Suite domains such as `email@example.com`).
Email logins with an `@gmail.com` domain will resolve to the same user as a matching Google Login. This is to say firstname.lastname@example.org will be auto-linked to a Google Login account with the same email and viceversa but ONLY for Gmail domain emails. Auto-linking is not supported for custom G Suite/Google Workspace domains (such as `email@example.com`).
Sessions last 7 days if a user logs in with email or Google One Tap. Third-party wallet users must manually disconnect to end their session
For email and Google One Tap users, developers can request access via client-side API
The users' verified email address will be returned if the user consents to sharing. If the user denies the request, developers will not have access users' email address. Developers can instead rely on the user's public wallet address as a unique identifier.
In the coming weeks, developers will be able to request a verified email address from 3rd-party wallet users as part of Magic Connect’s premium offering.
Magic does not store unencrypted private keys. Magic does store encrypted private keys in an iframe in the browser and on Magic’s backend. Our security docs go in-depth with how the process works.
While Magic Connect will not be available everywhere, the Magic team does have working relationships with many leading NFT marketplaces and dApps via Fortmatic. The Magic team is working on a solution to ensure Magic Connect users can access leading NFT marketplaces.
Currently, MetaMask, WalletConnect and Coinbase Wallet are shown by default for all Magic Connect apps.
Developers can configure which third-party wallet login options they want to display through a toggle function on the developer dashboard.
Magic bills based on total cumulative MAUs across all Magic Auth and Magic Connect apps. Developers receive 1,000 free MAUs per month, then pay $0.05 per additional MAU.
Magic developers can specify which domains are allowed to use their application's publishable API key by configuring Domain & Mobile Access Whitelisting from the Settings page within the Magic Dashboard. The Domain & Mobile Access Whitelisting configuration is disabled by default for all newly created apps. Only the domains you specify will be accessible by your application when enabled.
To configure domain access, open your application's Settings Page from the Magic Dashboard. From there, you can Edit the list of domains you want to support. Specific domains and wildcards using * are supported. Examples are below:
There is no need to whitelist domains required to complete any Social Login (i.e., https://accounts.google.com, https://facebook.com, etc.) or Private Key Export (i.e., https://reveal.magic.link) flow. Magic automatically accepts these domains and any other domains on your whitelist.