GET /api/auth/magic/consume?token=… — redirects to the frontend confirm interstitial page so that corporate email pre-scanners (SafeLinks, Proofpoint, Gmail prefetch) that follow emailed links via automated GET do NOT consume the single-use token prematurely. The actual token consumption is POST-only; this redirect safely passes the token to the real browser for the user to confirm.
GET
/api/auth/magic/consume
const url = 'https://example.com/api/auth/magic/consume?token=example';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://example.com/api/auth/magic/consume?token=example'Parameters
Section titled “Parameters”Query Parameters
Section titled “Query Parameters”token
required
string
Magic-link token
Responses
Section titled “Responses”Redirect to the frontend magic-link confirmation page