Auth0 Home Blog Docs

Using Passwordless code, through API



we have been using Passwordless with Magic Link, using the /passwordless/start endpoint.

We would like to switch to the Code option (instead of Magic Link), but I see that the /passwordless/verify/ endpoint is disabled/deprecated. How should we use Passwordless with Code through API (so, not through the hosted page)?

Thank you


Can someone reply on this?



We have a similar issue open here: "passwordless/verify" incorrect documentation?

Once it’s resolved it might help you as well


@James.Morrison any news on this?

we are trying to implement the passwordless flow, but even the playground doesn’t work (getting a 404 when sending the email token)…
Documentation also seems outdated, is that true?

Is there an example of how to implement passwordless? Or at least a list of API call that I can use?

I do get a 200 status when calling /passwordless/verify but… that’s all, i’m not getting a access or refresh token :confused:

Could you please reply? If we can’t get this working i’m afraid we have to look for a different identity provider…


Hi @n.bijl, I sent you a direct message in regards to a HAR file request to further investigate the 404 you are experiencing. When you get a chance can you give that a look. The documentation is not currently known to be out of date. If you feel something is missing please let us know so we can add it accordingly.

As far as the Passwordless/verify status question as shared in the linked topic by Lukerollans, below is the quoted answer to that.

Linking Passwordless documentation as well for context:


Hi @James.Morrison,
i’m experiencing the 404 within the playground already, there the /passwordless/verify url is still used. So this is outdated…

If that URL is disabled, then how can we implement passwordless authentication? Please provide a playground where passwordless authentication is working or explain more about how to combine passwordless with the Application Grant Types.



Hi @James.Morrison
could you help us or assign my question to someone else?

If not I think we have no other option than to chose another service to handle authentication/authorization.



We finally found the solution. After some testing and finding this post:

Steps to implement:

  1. Request POST
    with body:
    “client_id”: “client_id”,
    “connection”: “email”,
    “email”: “email”,
    “send”: “code”,
    “authParams”: {
    “scope”: “openid profile offline_access”

Considering you have setup the passwordless connection you will receive an email.
Now make sure you setup ‘Default Directory’ under tenant settings, set this to “email” to use the email passwordless connection.
Also, enable the password grant type under your application settings -> Advanced -> Grant Types.
(read the warnings on this page!)

Now you can send the verification code to the following oauth endpoint:
with body:
“scope”:“openid offline_access”,
“password”: “verification code

Now we can continue implementing this in our app :slight_smile:
Please add this to the documentation pages so the next guy can find it easily.

Big inconsistency in API for passwordless

I’m happy to hear you got it handled @n.bijl and thank you for detailing steps to resolve the challenge. I will look into documenting this into a FAQ for future easy of use. Thanks again for your patience!

closed #10

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.