One-time magic links, OTPs, and bearer tokens — delivered via REST, MCP, or Webhook. $9/mo for 5,000 tokens. Full compliance. Zero surprises.
From autonomous coding agents to multi-agent orchestration — every agent workflow needs one-time access tokens, session hand-offs, and revocation. OneLinkToken is built for that world.
Native MCP server exposes token creation, redemption, revocation, and status as discoverable tools. Your AI agent discovers what it can do and calls it directly — no middleware, no glue code.
Agent A creates a one-time magic link for Agent B. Token encodes the scope: which actions, which data, how long. No shared secrets. No hardcoded credentials. Pure ephemeral delegation.
Every token is single-use by default. Redeemed tokens vanish. Revoked tokens propagate in <100ms. Your agent pipeline never accumulates stale credentials — each step is independently authorized.
Our official MCP server exposes 7 tools your AI agent discovers and calls directly. No REST boilerplate. No SDK. No authentication wrappers.
{
"mcpServers": {
"onelinktoken": {
"command": "uvx",
"args": ["mcp-server-onelinktoken"],
"env": {
"ONELINK_TOKEN_API_KEY": "tf_..."
}
}
}
}
Compatible with:
Same features. Same compliance. A fraction of the price. No per-token metering, no MAU math, no surprise bills.
| OneLinkToken | Magic.link | Clerk | WorkOS | Twilio | |
|---|---|---|---|---|---|
| 5,000 tokens/mo | $9 | $95 | $25 | $75 | $225 |
| 50,000 tokens/mo | $29 | $950 | $125 | $750 | $2,250 |
| SOC 2 Type II | ✅ | ✅ | ✅ | ✅ | ✅ |
| HIPAA BAA | ✅ | ✅ | ✅ | ✅ | ❌ |
| GDPR Compliant | ✅ | ✅ | ✅ | ✅ | ✅ |
| MCP-native API | ✅ | ❌ | ❌ | ❌ | ❌ |
| Agent-to-agent tokens | ✅ | ❌ | ❌ | ❌ | ❌ |
| Hot revocation <100ms | ✅ | ❌ | ✅ | ❌ | ❌ |
REST API, MCP client, or webhook — your choice. All tokens are stateless, auditable, and revocable.
Single-use, time-bound, email-delivered authentication links. Configurable expiry, max uses, and redirect URL. Full audit trail.
Time-limited one-time passwords. Rate-limited per tenant and per IP. Ideal for email or SMS verification flows.
API access tokens with hot-revocation via Redis. Instantly invalidate any token. Audit trail on every creation and revocation.
Revoke tokens in under 100ms via Redis cache layer. No waiting for DB writes. Propagates to all API nodes instantly.
Every create, redeem, and revoke logged with IP, user agent, timestamp, and actor identity. SOC 2 compliant storage.
Our MCP server lets any AI agent discover and call token operations directly. Claude, Cline, Continue — any MCP host works out of the box.
No per-token pricing. No MAU math. A flat monthly fee and use as many tokens as your plan allows.
Evaluate and prototype
For growing teams
For high-volume apps
Need more? Enterprise plans available with unlimited tokens, 99.99% SLA, SSO, and dedicated support.
Create a magic link, OTP, or bearer token with a single API call. No SDK required. No complex setup.
Create your account and get an API key.
POST /api/v1/tokens with type, target, and expiry.
POST /api/v1/tokens/redeem validates single-use. POST /api/v1/tokens/{id}/revoke kills instantly.
# POST /api/v1/tokens curl -X POST https://api.onelinktoken.com/v1/tokens \ -H "Authorization: Bearer tf_key" \ -H "Content-Type: application/json" \ -d '{ "token_type": "magic_link", "target_email": "user@hospital.org", "expires_in_minutes": 15, "max_uses": 1 }' # → { "id": "tok_abc", "magic_link_url": "https://onelinktoken.com/r/...", "status": "pending" }
Same compliance. Same features. A fraction of the price. MCP-native, agent-ready, and 75–97% cheaper than the alternatives.