Magic-Link — Installation

TL;DR

Install the npm package, enable in config/plugins.ts, ensure you have an email provider (Magic-Mail recommended), rebuild, activate license. Total setup time: under 5 minutes.

Prerequisites

• Strapi v5.0.0 or higher
• Node.js 18.x, 20.x, or 22.x
• An email provider — see Email provider setup below

1. Install

npm install strapi-plugin-magic-link-v5

2. Enable

// config/plugins.ts
export default () => ({
  'magic-link': {
    enabled: true,
    config: {
      // All optional — safe defaults apply
      tokenExpiry: 15 * 60,          // seconds (15 min default)
      autoCreateUsers: true,          // create users on first magic-link
      rateLimitPerIP: {
        window: 15 * 60,              // seconds
        maxAttempts: 5,
      },
      rateLimitPerEmail: {
        window: 60 * 60,              // 1 hour
        maxAttempts: 10,
      },
    },
  },
});

3. Email provider

Magic-Link sends authentication emails. Two options:

Option A: Magic-Mail (recommended)

npm install strapi-plugin-magic-mail strapi-plugin-magic-link-v5

export default () => ({
  'magic-mail': { enabled: true },
  'magic-link': { enabled: true },
});

Configure email accounts in the Magic-Mail admin UI. Magic-Link picks them up automatically.

Option B: Any Strapi email provider

npm install @strapi/provider-email-nodemailer strapi-plugin-magic-link-v5

export default () => ({
  email: {
    config: {
      provider: 'nodemailer',
      providerOptions: {
        host: process.env.SMTP_HOST,
        port: process.env.SMTP_PORT,
        auth: {
          user: process.env.SMTP_USER,
          pass: process.env.SMTP_PASSWORD,
        },
      },
    },
  },
  'magic-link': { enabled: true },
});

4. Rebuild and start

npm run build
npm run develop

5. Activate license

1. Open Strapi admin → Magic-Link in the sidebar.
2. Click Activate License.
3. Enter your name and email (free tier is free, no credit card).
4. Configure auth mode, token expiry, and rate limits in the plugin settings.

6. Test the magic-link flow

Use any HTTP client:

curl -X POST http://localhost:1337/api/magic-link/send \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com"}'

You should receive an email with a magic link. Click it to be logged in.

Environment variables

# Strong secret for signing magic-link tokens
MAGIC_LINK_SIGNING_SECRET=your-random-hex-string

# Optional: distinct JWT secret (otherwise uses Strapi's JWT_SECRET)
MAGIC_LINK_JWT_SECRET=another-random-hex-string

Generate one:

openssl rand -hex 32

---

Next: Authentication Flows →