Verify

GET 
/auth/verify

Consume a verification magic link and issue tokens (SCRIFT-79).

Returns the same shape the pre-SCRIFT-79 register used to return: accessToken, refreshToken, apiKey, user. The raw API key is surfaced here - the registration-time key is rotated away so the caller receives exactly one persistent key.

Errors:

• 400 invalid_token - hash not found
• 400 token_expired - past expires_at
• 400 token_already_used - second click on the same link

Request

Responses

200

Successful Response

422

Validation Error