Is passwordless login available via API, without SMS or Email?

Is password less login available via API, not SMS or Email?

We have a situation where magic link login would work well, but would like 3rd party API users to call our API, we provide magic link that they use to redirect users and login users.

Is this possible?

or possible using rules, to update and change passwords on the fly to achieve something similar? we would to magic link to a page, which doe the initial login, to get get an access token etc, then have a redirect back to the 3rd party app when logged out.

To my knowledge that would be a no, the passwordless artefacts used during the authentication flow are always sent directly to the end-user; either SMS or email depending on the type of connection.