Magical Auth Architecture

Understanding the technical architecture behind Magical Auth.

Architecture Overview

Magical Auth uses carrier authentication protocols to verify phone ownership without SMS:

1. Strategy Selection - Automatically determines the best verification method
2. Credential Collection - OS accesses SIM card via Digital Credentials API (Android) or carrier-privileged apps (iOS)
3. Carrier Validation - Direct authentication with mobile carrier over any internet connection
4. Result Delivery - Verified phone number returned to your application

Authentication Flow

User → Browser → Your Backend → Glide API → Carrier Network
                                               ↓
User ← Browser ← Your Backend ← Glide API ← Verification

Supported Strategies

TS43 Protocol

• Used by T-Mobile and other carriers
• Direct SIM card access via Digital Credentials API
• No user interaction required
• Works on Android and Chromium browsers

Link Protocol

• Used by Verizon
• App Clips on iOS / Instant Apps on Android
• Minimal user interaction
• No app installation required

Security Features

• End-to-end encryption - All data encrypted in transit
• Carrier signatures - Cryptographically signed by carriers
• No phone storage - Phone numbers never stored on our servers
• Session isolation - Each verification uses unique session

Learn More

• API Reference
• Security Best Practices