Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

One Time Login Link

64 sites Security covered
View on drupal.org

The One-Time Login Link module generates secure, single-use login URLs for Drupal users through its user interface, a REST API, or Drush commands. It allows for configurable expiration and can be used to revoke links, track usage, and is protected by rate limiting.

The One-Time Login Link module provides secure, single-use login URLs for Drupal users. It now includes a full REST API, OpenAPI/Swagger documentation, Drush commands, usage statistics, and link revocation, making it suitable for both UI and programmatic workflows.

Key Features

  • Generate secure one-time login links via UI, REST API, or Drush.
  • Configurable expiration and single-use enforcement.
  • Short URL hashes with cryptographic randomness.
  • Rate limiting per user/IP to prevent abuse.
  • Manual revocation (UI, API, Drush) with audit trail.
  • Usage statistics dashboard and API endpoint.
  • Optional email delivery of generated links.
  • OpenAPI/Swagger UI for interactive API exploration.

REST API & Documentation

  • Interactive API Docs: /api/docs/onetimelogin
  • OpenAPI Spec: /api/v1/onetimelogin/openapi.json
  • Endpoints: generate, check, revoke, list, statistics

Drush Commands

drush otl:generate <uid>
drush otl:check <hash>
drush otl:revoke <hash>
drush otl:statistics

Post-Installation

  1. Enable the module and grant permissions.
  2. Use the contextual link on user profiles to generate URLs.
  3. Optionally configure rate limits, expiration, and email notifications.

Additional Requirements

No external dependencies. Compatible with Drupal 10 and 11.

Recommended Modules/Libraries

  • Admin Toolbar – Better administrative UX.
  • REST UI – Easier REST permission setup.

Similar Projects

  • Password Reset Link – Similar concept with extra steps.
  • Login As User – Direct admin impersonation without one-time links.

This module focuses on secure, single-use links with full API support and auditing.

Supporting this Module

Contributions are welcome via issues, patches, and documentation improvements on Drupal.org.

Community Documentation

Activity

Total releases
8
First release
Mar 2025
Latest release
5 months ago
Releases (12 mo)
6 ▲ from 2
Maintenance
Active

Release Timeline

Releases

Version Type Release date
1.0.6 Stable Feb 10, 2026
1.0.5 Stable Jan 28, 2026
1.0.4 Stable Jan 28, 2026
1.0.3 Stable Oct 21, 2025
1.0.2 Stable Aug 18, 2025
1.0.1 Stable Aug 5, 2025
1.0.0 Stable Apr 8, 2025
1.0.x-dev Dev Mar 5, 2025