Skip to main content
AI Loop uses a strictly passwordless, magic-link based authentication system for enhanced security.

​
Login Flow

1

Request Login

User enters their email address.
2

Magic Link Sent

System validates the user and sends a verification link via email.
3

Verify & Session

User clicks the link, which hits the validation endpoint and sets a secure HTTP-only cookie (jwt).

​
Security

  • Token Expiry: Magic links are short-lived.
  • Cookie: The session token is stored in a HttpOnly cookie to prevent XSS.

​
APIs

Login Request

Request a magic link.

Get Profile

Retrieve current session user.