Overview

LoginRadius Passwordless APIs offer a seamless and secure way for customers to access their accounts without a password. These APIs enable authentication using either a one-time passcode (OTP) sent to a phone number or a login link/token sent via email. Designed for mobile-first and user-friendly experiences, Passwordless APIs are ideal for modern apps that prioritize convenience and security over traditional credential-based logins.

LoginRadius Passwordless Login APIs require your LoginRadius API Key to authenticate and authorize API requests. This key uniquely identifies your application environment and must be included in each API call.

Retrieve Your API Key

1. Log in to the LoginRadius Admin Console.
2. Navigate to Tenant Settings.
3. Locate the API Key under the API Configuration section.
4. Use this key in all Passwordless Login API requests for proper authentication.

📌 Note: For detailed information on passwordless login, please refer to this document.

Common Passwordless API Endpoints

Login Endpoints

Passwordless APIs support both OTP (phone) and magic link/token (email) methods for login.

Endpoint	Description	Success Response Format
Passwordless Login by Email	Sends a login link to the user's registered email.	{ "IsPosted": true }
Passwordless Login by Phone	Sends an OTP to the user's registered phone number.	{ "IsPosted": true, "Data": { "AccountSid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "Sid": "SMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } }
Passwordless Login by Username	This API sends a Passwordless Login Verification Link to customers based on their username.	{ "IsPosted": true }

Verification Endpoints

Endpoint	Description	Success Response Format
Passwordless Login Verification	Verifies the login token sent to the email.	{ "Profile": { }, "access_token": "a029e8a7-****-4453-****-a5e721e1f358", "expires_in": "2017-08-17T10:52:36.1644137Z" }
Passwordless Login Phone Verification	Sends an OTP to the user's registered phone number.	{ "Profile": { }, "access_token": "a029e8a7-****-4453-****-a5e721e1f358", "expires_in": "2017-08-17T10:52:36.1644137Z" }

Common Parameter in Passwordless Login API

Query Parameter	Description.
isvoiceotp	The isvoiceotp parameter is a boolean query parameter that can be passed to trigger voice OTP functionality.When set to true, it enables voice OTP instead of regular SMS OTP. This parameter can be used in Passwordless Login via phone API
PasswordLessLoginTemplate	The PasswordLessLoginTemplate is an optional query parameter used in passwordless login flows for email and username-based authentication.The parameter allows you to specify the name of the passwordless login template used for the verification email.For more details, refer to Email Template Management.
smstemplate	The smstemplate parameter is an optional query parameter that can be used in Passwordless Phone Verification API to specify which predefined SMS template should be used when sending messages to users.For more details, refer to SMS Template Management.
g-recaptcha-response	This parameter verifies that the request originates from a legitimate user rather than an automated system. It can be used in the Passwordless Phone Verification API and should be in the request body.For more details, refer to this document.

Best Practices

• Use Passwordless Login for users who prioritize convenience and mobile accessibility.

• Customize your email/SMS templates to reflect your brand and clearly identify your application.

• Monitor OTP retry attempts and expiration settings to prevent brute-force attacks.

• Always validate OTPs or tokens via secure backend logic.

• Use secure storage for tokens and session data to prevent unauthorized access.

Related Resources

• LoginRadius SDK Documentation
• SMS Communication and Configuration
• Customer Identity APIs
• Cloud Directory APIs
• Single Sign-On APIs LoginRadius Customer Identity API Codes