E-commerce
July 1, 2026
"The bot sent me a login link in the chat." "The AI displays my OTP code on the screen." "The chatbot says I'm logged in when I'm not." Three failures where a poorly calibrated passwordless bot exposes tokens or creates authentication flaws.
A passwordless login AI chatbot for e-commerce does not replace MAGICLINK agents (#837). It reads MAGICLINK-MAP, guides the email opt-in, explains the single-use nature of the link, and hands off with a secure redirect to humans without pasting URLs, OTP codes, or account data.
This guide #838 covers bot_magiclink_* intents, MAGICLINKbot flow, and magiclink_bot KPIs. Bot companion to the MAGICLINK playbook (#837). Sensitive AI use case: guiding tier 1 passwordless without exposing data.
Summary
Why automate the passwordless guide with a bot?
"Expired link", "did not receive the email", "code or link?" arrive at the login widget or account page. A calibrated bot reads MAGICLINK-MAP, guides on spam and single-use, without NO-TOKEN-EXPOSE violation.
What the tier 1 passwordless bot resolves
Explain mode: otp_diff_copy passwordless map
Guide spam: spam_copy check inbox map
Single-use link: one_click_copy TTL map
Same device: device_copy browser map
CS Handoff: #837 payload magiclink_* resend admin
MAGICLINKbot vs MAGICLINK #837, LOGINbot #295, POSTACCT #821 and anti-hallucination #123
Seven contents, seven distinct client auth journeys.
Quick matrix
#838 MAGICLINKbot : tier 1 bot passwordless handoff guide without data
#837 MAGICLINK : agents resend ML-5 link document
LOGIN #294 : historic OTP legacy global login
Account bot #295 : post-login orders distinct auth
POSTACCT #821 : post-purchase account creation distinct expired link
CONF-EMAIL #358 : order confirmation distinct auth
Anti-hallucination #123 : policy map whitelist do not invent link
Pipeline : #838 bot guide tier 1 → #837 agents execute ML-5 secure link resend.
Which bot_magiclink_* intents should be configured?
Eight passwordless bot intents mapped to magiclink_* typologies #837.
Eight bot_magiclink intents
bot_magiclink_guide : otp_diff_copy passwordless mode map
bot_magiclink_not_received : spam_copy inbox guide map
bot_magiclink_expired : one_click_copy TTL handoff resend map
bot_magiclink_device : device_copy same browser map
bot_magiclink_otp_confusion : otp_diff_copy link vs code map
bot_magiclink_no_account : no_account_copy create account map
bot_magiclink_legacy_reroute : legacy_route_copy LOGIN294 reroute
bot_magiclink_handoff : resend admin → MAGICLINK837-HANDOFF-BOT
Shopify admin link resend → ML-5 human handoff only. Bot guide explain only.
How do I consume MAGICLINK-MAP #837?
The bot reads MAGICLINK-MAP #837: magiclink_program_id, otp_diff_copy, one_click_copy, spam_copy, device_copy, no_account_copy, legacy_route_copy, resend_handoff_copy, ttl_minutes_copy, passwordless_faq_copy.
Sensitive auth guardrails
MAGICLINK-MAP-GROUNDED-BOT: passwordless response from map only
MAGICLINK-NO-TOKEN-EXPOSE-BOT: never magic link URL nor OTP in chat
NO-RESEND-EXECUTE-BOT: do not trigger resend link bot API
NO-PII-LEAK-BOT: do not display order history nor session token
LOGIN294-REROUTE-BOT: legacy password → #294 distinct passwordless
MAGICLINK837-HANDOFF-BOT: resend execute → #837 ML-5 agents
MAGICLINKBOT-SUP policy in six rules
Six rules for a responsible passwordless bot.
MAGICLINK-MAP-GROUNDED-BOT: auth guide from map only
MAGICLINK-NO-TOKEN-EXPOSE-BOT: zero URL OTP code token chat
NO-RESEND-EXECUTE-BOT: resend human link #837 only
NO-PII-LEAK-BOT: no account data before auth confirmed
ONE-CLICK-CITE-BOT: one_click_copy before handoff expired
EMAIL-ASK-BOT: ask for login email before handoff resend
Flow MAGICLINKbot MLB-1 to MLB-8
Flow eight steps bot passwordless embed page login widget.
MLB-1 Classify: bot_magiclink_* detect keyword login link email code
MLB-2 Auth state check: no data access if not logged in
MLB-3 MAGICLINK-MAP: otp_diff spam one_click device handoff
MLB-4 Explain: TPL-MAGICLINKbot-GUIDE if otp_confusion
MLB-5 Guardrail: MAP-GROUNDED NO-TOKEN-EXPOSE NO-RESEND NO-PII
MLB-6 Respond: TPL-MAGICLINKbot max 3 phrases grounded
MLB-7 Handoff or close: #837 payload or close self-service OK
MLB-8 Log: intent token_blocked handoff Y/N pii_blocked
Example TPL-MAGICLINKbot-GUIDE
“Passwordless login: [otp_diff_copy map.] Single-use link, expires in [ttl_minutes_copy map.] [spam_copy map.] NO-TOKEN-EXPOSE-BOT.”
TPL-MAGICLINKbot templates and touchpoints
Four short passwordless embed login templates.
TPL-MAGICLINKbot-GUIDE
[otp_diff_copy map.] [one_click_copy map.] MAGICLINK-MAP-GROUNDED-BOT.
TPL-MAGICLINKbot-SPAM
[spam_copy map.] Relaunch connection from account page. NO-RESEND-EXECUTE-BOT.
TPL-MAGICLINKbot-EXPIRED
[one_click_copy map.] New link: handoff agent. MAGICLINK837-HANDOFF-BOT.
TPL-MAGICLINKbot-DEVICE
[device_copy map.] TTL [ttl_minutes_copy map.] ONE-CLICK-CITE-BOT.
Touchpoints
Link error login page: bot_magiclink_expired instant
Email not received keyword: bot_magiclink_not_received trigger
Login code keyword: bot_magiclink_otp_confusion proactive
Post-checkout account CTA: bot_magiclink_guide embed
Edge cases and reroutes
Five cases outside tier 1 bot passwordless standard.
Legacy password account: LOGIN294-REROUTE-BOT distinct magic link
Customer requests link in chat: NO-TOKEN-EXPOSE handoff #837
Post-login orders: bot account #295 distinct auth
Account creation failed: POSTACCT #821 reroute
Order confirmation email: CONFEMAIL358 distinct login
Essential magiclink_bot KPIs
Five MAGICLINKbot steering metrics, security included.
magiclink_bot_clarity_deflect: closed resolved without agent repeat 7d
magiclink_bot_token_expose_violations: OTP URL in chat audit target 0
magiclink_bot_one_click_cite_rate: ONE-CLICK-CITE before handoff expired
magiclink_bot_legacy_reroute_rate: % legacy correctly routed #294
magiclink_bot_handoff_rate: escalate #837 / total passwordless bot
Target: magiclink_bot_token_expose_violations 0 and magiclink_bot_one_click_cite_rate greater than 95%.
Anti-patterns MAGICLINKbot
Five common passwordless bot mistakes.
Pasting magic link URL : NO-TOKEN-EXPOSE-BOT handoff #837
Displaying client OTP code : never read bot email, input guide only
Triggering API link resend : NO-RESEND-EXECUTE-BOT human ML-5
Showing commands before auth : NO-PII-LEAK-BOT post-login #295
Offering passwordless password reset : otp_diff_copy legacy reroute if needed
MAGICLINKbot with Qstomy
Qstomy on Shopify: detect bot_magiclink intent login page, MAGICLINK-MAP RAG grounded, NO-TOKEN-EXPOSE guardrail, enriched handoff #837 tier 2.
Pipeline: #838 bot guider tier 1 → #837 agents execute ML-5 link resend.
Explore AI support and request a demo.
Checklist, FAQ and going further
MAGICLINKbot Checklist (8 steps)
Sync MAGICLINK-MAP #837: RAG bot login embed page account
Policy MAGICLINKBOT-SUP: 6 rules NO-TOKEN-EXPOSE NO-RESEND NO-PII
8 intents bot_magiclink_*: flow MLB-1 to MLB-8
4 templates TPL-MAGICLINKbot-*: GUIDE SPAM EXPIRED DEVICE
Block resend API write: bot read-only auth do not trigger link
Red team 20 prompts: ask link chat display OTP account data
Login error proactive: bot_magiclink_expired trigger error page
Dashboard KPI: magiclink_bot_* section 9 token_expose_violations
FAQ
Difference #837?
#837 = agents resend link document ML-5. #838 = bot guide tier 1 without data.
Can the bot resend the link?
No. NO-RESEND-EXECUTE-BOT. MAGICLINK837-HANDOFF humans ML-5.
Customer asks for URL in chat?
Refuse politely. TPL-MAGICLINKbot-SPAM then secure resend handoff.
Connected customer looking for orders?
Reroute account bot #295 post-auth distinct passwordless guide.
Going further
This week: deploy MAGICLINK-MAP RAG login embed, red team token_expose_violations audit, sync bot_magiclink_expired proactive scenario expired link handoff test.

Enzo
July 1, 2026





