← Back to blog

Magic Links, Better Docs, and the Road to Authentication as Infrastructure

· Brandon Corbett · 53 views
seamlessauthpasswordless

Over the past few months we’ve been steadily evolving Seamless Auth toward a bigger goal:
making authentication something teams can run as infrastructure, not as a SaaS dependency.

Today we’re announcing that moves us significantly closer to that vision.

Two highlights stand out:

  • Magic Links across the entire Seamless Auth stack
  • Automatic OpenAPI documentation during development

Both are aimed squarely at improving developer experience while strengthening the passwordless-first philosophy behind Seamless Auth.


Authentication as Infrastructure

Most teams today face the same decision early in a project:

Do we build authentication ourselves, or do we outsource it?

Hosted solutions like Auth0, Clerk, or Cognito are powerful, but they often come with trade-offs:

  • Vendor lock-in
  • Per-user pricing
  • Limited infrastructure control
  • External identity infrastructure sitting beside your stack

For many teams, especially those running APIs and services internally or on private infrastructure, the better answer is:

Run authentication as part of your own infrastructure.

That’s the direction Seamless Auth is heading.

Instead of pushing authentication into a separate SaaS platform, Seamless Auth lets you run a fully featured auth system alongside your own APIs, inside your own environment, using your own database and deployment pipeline.

This means you get the features teams expect from major auth providers, while maintaining complete control over your infrastructure.

Those features include:

  • Passwordless authentication by default
  • Passkeys / WebAuthn
  • OTP flows
  • Magic links
  • SSO
  • Session management
  • Audit logging
  • Open standards (JWT, JWKS, OAuth compatible flows)

All deployed inside your infrastructure.

For many projects this can translate to thousands, sometimes tens of thousands, in avoided SaaS authentication costs over time.


Its Magic... Links

The biggest feature in this release is the addition of Magic Link authentication.

Magic links are a natural extension of our passwordless model.

Instead of typing a password, users receive a secure login link via email. Clicking that link confirms identity and completes the authentication flow.

In Seamless Auth, magic links now integrate directly with the existing authentication lifecycle:

  1. A user requests a login link
  2. The system generates a signed, time-limited token
  3. The link is delivered via email
  4. Clicking the link verifies the token and completes authentication
  5. A session and refresh token are issued

Importantly, this works alongside our existing WebAuthn and OTP flows, allowing applications to combine methods depending on user capability and security requirements.


Available Across the Entire Stack

Magic links are now supported across all Seamless Auth components.

Auth Server API

New endpoints support:

  • requesting magic links
  • polling for confirmation
  • verifying link tokens

These endpoints integrate with existing session creation and audit logging infrastructure.

Express SDK

Applications using the Express integration can now incorporate magic link flows directly into their APIs with minimal configuration.

React SDK

The React SDK now supports magic link login flows out of the box, making it simple to add passwordless login screens to frontend applications.

In practice, this means applications can implement a complete passwordless login experience with only a few lines of integration code.


Improved Developer Experience

Another improvement in this release is automatic OpenAPI documentation during development.

When running the auth server locally, developers now get a live OpenAPI spec and interactive Swagger interface.

This makes it easier to:

  • explore available endpoints
  • test authentication flows
  • understand request and response formats
  • integrate the API into other services

For teams building APIs around Seamless Auth, having a self-documenting interface during development removes a lot of friction.


A Stronger Foundation

While Magic Links are the headline feature, this release also included a substantial internal refactor that improves the maintainability of the auth server:

  • Typed request and response validation
  • Modular routing architecture
  • Automatic route registration
  • OpenAPI generation from source schemas

These changes make the system easier to extend and safer to operate.

As Seamless Auth grows toward a fully featured authentication infrastructure platform, this foundation will allow us to add features without sacrificing reliability or clarity.


What’s Next

With Magic Links now in place, Seamless Auth supports a full range of passwordless authentication flows:

  • WebAuthn / Passkeys
  • OTP verification
  • Magic link authentication

Next steps on the roadmap include deeper SSO integrations, expanded administrative tooling, and continued improvements to developer tooling and infrastructure automation.


Closing Thoughts

Authentication is a critical part of modern applications, but it shouldn’t require handing over control of your identity layer to an external platform.

Seamless Auth aims to provide a different path:
a fully featured authentication system you can run as part of your own infrastructure.

This release brings us one step closer.

If you’re interested in running authentication inside your own stack, without sacrificing modern features or developer experience, we’d love for you to try Seamless Auth and share feedback.

More updates soon.

© 2026 Seamless Auth