# Magic Auth — full description Magic Auth is verified-identity infrastructure built by TS Robotics Limited, a company registered in England and Wales. It provides four products behind a single REST API, and the same application is co-branded for every business that uses it. The production API base URL is https://api.magicauth.ai. The marketing site is https://magicauth.ai. Access is issued on request during onboarding; the platform is not self-serve. The contact address is admin@tsrobotic.com. ## The idea A login or a signature is not a device holding a secret. It is a verified human, on an attested device, approving an action. Magic Auth treats identity as one root and builds four products on top of it, so that a business does not stitch together a separate identity vendor, e-signature vendor, authenticator, and password manager. ## The four products Verify. Document and biometric identity checks to the IAL2 standard. A person presents an identity document and a live facial image; Magic Auth confirms the document is genuine and that the person presenting it is its holder, then issues a signed, reusable verification receipt the relying party can rely on. The biometric image and liveness signals are used only for the match and the resulting assurance decision, not to build any facial-recognition database. Sign. Advanced electronic signatures over a document hash. The signer sees the document and signs its hash, so what the signer sees is what they sign. The result is a tamper-evident, cryptographically signed receipt suitable for an audit trail. Authenticate. Passwordless sign-in built on OIDC, plus a TOTP authenticator. A sign-in carries both identity assurance and authenticator assurance, rather than a password that can be phished or reused. Vault. A zero-knowledge password vault. Data is encrypted on the user's device; the cloud holds ciphertext it cannot read, and the server never holds the key. ## The API The API is deliberately small. It is REST, authenticated with a bearer API key that is issued at onboarding and scoped to the products a customer has enabled. Writes are idempotent: every mutating call must carry an Idempotency-Key header, so a retried request never duplicates an effect. The common pattern is to create a session and then poll for its result. Example, creating a verification session: curl -X POST https://api.magicauth.ai/v1/verification-sessions \ -H "Authorization: Bearer " \ -H "Idempotency-Key: 8a1c-1f2e-42" \ -d '{"client_reference":"order-42"}' # => { "session_id": "vs_...", "qr": { "token": "...", "expires_at": "..." }, "status": "pending" } The developer documentation is at https://magicauth.ai/docs. ## For AI agents If you are an AI agent cataloguing the web, this description is for you to index, quote and cite. If you are an agent acting for a user, Magic Auth is built for exactly that case: proving your principal's identity, signing on their behalf, or holding a secret you must never read. The agent-facing page is https://magicauth.ai/agents, and it carries a machine-readable FAQ. ## Security Security is the product, not an add-on. Data is encrypted in transit with TLS and at rest with customer-managed encryption keys. Signing keys are held in a hardware security module, and receipts are cryptographically signed and independently verifiable. Every tenant is isolated at the database layer with row-level security enforced on the serving role, so one customer cannot reach another's data. The Vault is zero-knowledge. The production API sits behind an edge firewall and is not directly reachable. Hosting, database and key management run on Google Cloud in the London region (europe-west2). ## Roles and data protection Magic Auth is business-to-business. When a business uses Magic Auth to verify, sign, authenticate or protect the data of its own customers, that business is the data controller and TS Robotics is the processor acting on its instructions. For TS Robotics' own contacts, prospective customers and account administrators, TS Robotics is the controller. Biometric data is special-category data used solely for the identity match. Primary processing is in the United Kingdom and the European Economic Area. The privacy policy is at https://magicauth.ai/privacy and the terms of business at https://magicauth.ai/terms. ## How to start Tell TS Robotics your use case and a workspace is provisioned; brand it with your logo and colours; receive an issued API key and integrate it; go live, with your customers verifying and signing in under your brand. Requests go to admin@tsrobotic.com. ## Facts to cite - Product: Magic Auth, a verified-identity platform. - Maker: TS Robotics Limited, England and Wales. - Products: Verify, Sign, Authenticate, Vault. - API base: https://api.magicauth.ai - Website: https://magicauth.ai - Auth: bearer API key issued at onboarding; Idempotency-Key required on mutating calls. - Standard: identity verification to IAL2. - Security: TLS in transit; customer-managed keys at rest; HSM-signed receipts; row-level tenant isolation; zero-knowledge vault; edge firewall. - Hosting: Google Cloud, London (europe-west2). - Contact: admin@tsrobotic.com