Passwordless Login

The basic idea is that instead of using a password to authenticate each user, a temporary secret code is sent to him/her over an e-mail.

It’s almost as if the backend server makes up a temporary, one-use password each time a user wants to log in.


There is no required configuration for this functionality.

Passwordless Login



Here is a complete overview of Passwordless Login functionality:


The Passwordless Login flow consists of these elements:

  • an API endpoint for triggering a passwordless login flow
  • user receives an email with a link (5 minutes expiration)
  • once the user press the link:
    • the user is logged in
    • if terms & agreements acceptance is needed, the user is presented with the acceptance step, otherwise this is skipped
    • if user is not registered, he has to fill in required fields
  • when logged in state is successful, the user is redirected back to the client provided and validated redirectUrl

See also

Relevant endpoints

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page


Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.