Authentication (Magic Links + API Keys)

veriova is passwordless for humans (magic links) and API-key based for machines (SDK/MCP). This keeps the web UX clean while keeping integrations simple.

Web App Sign-In (Magic Link)

Enter your email on /login or /signup. You’ll receive an email with a one-time link that signs you in.

API Endpoints

magic-link request

POST /api/v1/auth/magic-link/request

{ "email": "you@company.com" }

# Always returns 200 to avoid user enumeration.

magic-link verify

POST /api/v1/auth/magic-link/verify

{ "token": "cvml_..." }

# Sets cv_session cookie.
# Returns api_key only on first login.

logout

POST /api/v1/auth/logout

API Key Auth (SDK/MCP)

SDK/MCP calls use a Bearer token:

http

Authorization: Bearer cv_...

Mail Delivery (Mailgun)

Magic links require an email provider. For production, configure your Mailgun domain and API key on the server (and in GitHub Actions secrets for automated deploys).