Magic link fails (billing_not_verified_for_email)

Hi, while doing dev work on localhost (having already set redirect uri and tried setting it directly on LoginOrCreateParams{}, I keep getting an error while trying out magic link to my secondary gmail account:

"You can only send magic links to emails matching your project's domain until credit card details are added to your account. Once your billing information is verified, emails can be sent to anyone. Collecting this information helps us prevent abuse of the platform. Please see https://stytch.com/settings/billing to provide billing information.",

Afaik magic links from localhost (on a test instance) should be exempted from this. I double checked and my env variables are correctly pointing to the test instance, not the live one.

Is this the intended behaviour?

Hi Zach, thanks for posting!

This is the intended behavior. This restriction prevents bad actors from creating a Stytch account and sending spam emails without any guardrails.

You’ll either need to add a credit card to your account (you won’t be charged for any requests made in our Test environment – this is just for accountability purposes), or send test emails to the Gmail account that you signed up with.

Happy to help with any additional questions you may have!

Ok thanks! For my own understanding, I was able to send magic links to my own email registered with Stytch, is this because by default admin’s registered email address is whitelisted?

(Fwiw I already added my credit card, but I’m thinking how I would explain this if I recommend Stytch to friends or colleagues.)

Yep, that’s correct!

If you use a business email/ email with a custom domain to sign up for Stytch (like yourname@companyname.com, for example) you can send emails to any email address with that custom domain (like othername@companyname.com) without adding a credit card.

If you sign up with an email address with a standard domain (like @gmail.com, for example), you can send emails to yourself, but not to other email addresses, since allowing emails to all @gmail.com addresses would be too broad.

1 Like