Magic Link Endpoints
Magic Link Endpoints define profiles for Mideye Server’s passwordless single-factor web authentication (SFWA) service. Each profile configures an externally accessible endpoint that third-party applications can invoke to trigger SMS- or push-based authentication for end users.
Navigate to External Endpoints → Magic Link Endpoints to manage profiles. Requires the Administrator role or above.
Profile List
Section titled “Profile List”The list view displays all configured Magic Link profiles.
| Column | Description |
|---|---|
| Name | Profile name. Default sort column (ascending). |
| Endpoint for external API | The full URL for the SFWA endpoint. Includes a copy-to-clipboard button. For the default profile, the URL is /api/sfwa/auth. For named profiles, the URL is /api/sfwa/auth/{name}. |
| Default | Boolean indicator — checked if this is the default endpoint. |
| Action | Edit and Delete buttons (administrator only). The default endpoint cannot be deleted. |
Profile Editor
Section titled “Profile Editor”The editor uses a tabbed form. The API Token Management tab is only available when editing an existing profile — it is hidden during creation.
General Settings Tab
Section titled “General Settings Tab”| Field | Description | Default |
|---|---|---|
| Name | Unique profile name. Validated asynchronously for uniqueness. Max 255 characters. | — |
| Enable plus activation links | When enabled, includes Mideye+ app activation links in authentication messages. | Enabled |
| Use Mideye+ if activated | When enabled, prefers Mideye+ push authentication for users who have activated the mobile app. | Enabled |
Assisted Login Tab
Section titled “Assisted Login Tab”Configures user repository sources for the assisted login workflow. An informational alert describes the prerequisites for enabling assisted login with Magic Links.
| Field | Description | Default |
|---|---|---|
| Assisted login profiles | Select an assisted login profile to enable the approver-based workflow. Optional. | None |
| Use Mideye database | When enabled, searches the local Mideye user database for authentication. | Disabled |
| LDAP Profiles | Select one or more LDAP profiles as user repositories. | None |
| Azure Active Directories | Select one or more Entra ID profiles as user repositories. | None |
User Messages Tab
Section titled “User Messages Tab”Configures the text displayed to end users during authentication flows. Two message sets are available:
Touch Accept Messages
Section titled “Touch Accept Messages”Controls the content shown during push-based (Mideye+) authentication.
| Field | Description | Max Length |
|---|---|---|
| Title text | Heading displayed on the authentication page. | 255 |
| SMS text | Text included in the SMS notification. | 20 |
| Button label for accept | Label on the approve button. | 50 |
| Button label for reject | Label on the reject button. | 50 |
| Information text in authentication page | Body text shown while waiting for the user’s response. | 1024 |
| Information text in touch accepted page | Message shown after the user approves. | 1024 |
| Information text in touch rejected page | Message shown after the user rejects. | 1024 |
Assisted Login Messages
Section titled “Assisted Login Messages”Same seven fields as Touch Accept Messages, but applied to the assisted login flow where an approver validates the user.
API Token Management Tab
Section titled “API Token Management Tab”Available only when editing an existing profile. Manages the API tokens that external applications use to authenticate against the SFWA endpoint.
Token List
Section titled “Token List”| Column | Description |
|---|---|
| API token name | Name of the token. |
| Expires at | Expiration date, or “N/A” for tokens with no expiry. |
| Action | Delete button. |
The list uses server-side pagination.
Creating a Token
Section titled “Creating a Token”Click Create new API token to open the creation dialog.
| Field | Description | Validation |
|---|---|---|
| Name | Token identifier. | Required. 3–42 characters. |
| Expires at | Optional expiration date. Tokens without an expiry date remain valid indefinitely. | — |
After creation, the dialog displays the plain-text token value in {name}:{token} format with a copy button.
Importing a Token
Section titled “Importing a Token”Click Import existing API token to import a pre-generated token.
| Field | Description | Validation |
|---|---|---|
| Name | Token identifier. | Required. 3–42 characters. |
| Plain text token | The token value to import. | Required. 16–42 characters. |
| Expires at | Optional expiration date. | — |
External API Usage
Section titled “External API Usage”Third-party applications call the SFWA endpoint with an API key header to trigger authentication.
Request format:
GET /api/sfwa/auth[/{endpointName}]Header: api-key: {tokenName}:{tokenValue}Query: msisdn={phoneNumber}Optional query parameters: sms-text, touch-accept-text, touch-reject-text, authentication-text, button-accept-text, button-reject-text, title-text, touch-timeout.
Permissions
Section titled “Permissions”| Action | Required Role |
|---|---|
| View profiles | Any authenticated user |
| Create, edit, or delete profiles | Administrator or above |
| Manage API tokens | Administrator or above |