Stytch Rust Library

The Stytch Rust library makes it easy to use the Stytch user infrastructure API in server-side Rust applications.

It pairs well with the Stytch Web SDK or your own custom authentication flow.

The minimum supported Rust version (MSRV) of this library is Rust 1.70.

Install

Use cargo add stytch to add this to your Cargo.toml:

stytch = "10.3"

Usage

You can find your API credentials in the Stytch Dashboard.

This client library supports all of Stytch's live products:

B2C

• Email Magic Links
• Embeddable Magic Links
• OAuth logins
• SMS passcodes
• WhatsApp passcodes
• Email passcodes
• Session Management
• WebAuthn
• User Management
• Time-based one-time passcodes (TOTPs)
• Crypto wallets
• Passwords

B2B

• Organizations
• Members
• Email Magic Links
• OAuth logins
• Session Management
• Single-Sign On
• Discovery
• Passwords

Shared

• M2M

Example B2C usage

Create an API client:

let client = stytch::consumer::client::Client::new(
    &String::from("project-live-c60c0abe-c25a-4472-a9ed-320c6667d317"),
    &String::from("secret-live-80JASucyk7z_G8Z-7dVwZVGXL5NT_qGAQ2I="),
)?;

Send a magic link by email:

use stytch::consumer::magic_links_email::LoginOrCreateRequest;

let resp = client.magic_links.email.login_or_create(LoginOrCreateRequest{
    email: String::from("sandbox@stytch.com"),
    login_magic_link_url: Some(String::from("https://example.com/authenticate")),
    signup_magic_link_url: Some(String::from("https://example.com/authenticate")),
    ..Default::default()
}).await?;

Authenticate the token from the magic link:

use stytch::consumer::magic_links::AuthenticateRequest;

let resp = client.magic_links.authenticate(AuthenticateRequest {
    token: String::from("DOYoip3rvIMMW5lgItikFK-Ak1CfMsgjuiCyI7uuU94="),
    ..Default::default()
})
.await?;

Example B2B usage

Create an API client:

let client = stytch::b2b::client::Client::new(
    &String::from("project-live-c60c0abe-c25a-4472-a9ed-320c6667d317"),
    &String::from("secret-live-80JASucyk7z_G8Z-7dVwZVGXL5NT_qGAQ2I="),
)?;

Create an organization

use stytch::b2b::organizations::CreateRequest;

let resp = client.organizations.create(CreateRequest{
    organization_name: String::from("Acme Co"),
    organization_slug: Some(String::from("acme-co")),
    email_allowed_domains: Some(vec![String::from("acme.co")]),
    ..Default::default()
})
.await?;

Log the first user into the organization

use stytch::b2b::magic_links_email::LoginOrSignupRequest;

let resp = client.magic_links.email.login_or_signup(LoginOrSignupRequest{
  organization_id: String::from("organization-id-from-create-response-..."),
  email_address: String::from("admin@acme.co"),
  ..Default::default()
})
.await?;

Handling Errors

The error type for all Result values is stytch::Error. If the error is from the Stytch API, this will be the stytch::Error::Response variant, which always includes an error_type field you can use to identify it:

use stytch::consumer::magic_links::AuthenticateRequest;

let resp = client.magic_links.authenticate(AuthenticateRequest{
    token: String::from("not-a-token!"),
    ..Default::default()
})
.await;

match resp {
    Err(stytch::Error::Response(err)) => {
        if &err.error_type == "invalid_token" {
            println!("Whoops! Try again?");
        } else {
            println!("Unexpected error type: {}", err.error_type);
        }
    }
    Err(err) => println!("Other error: {:?}", err),
    Ok(resp) => println!("Unexpected success: {:?}", resp),
}

Learn more about errors in the docs.

Cargo Features

The library supports different TLS backends for HTTPS connections:

• rustls (default): Uses rustls with aws-lc cryptography. Recommended for most users. Pure Rust implementation with excellent performance.
• native-tls: Uses platform-native TLS (OpenSSL on Linux, Secure Transport on macOS, SChannel on Windows).

To use native-tls instead of the default:

stytch = { version = "10.3", default-features = false, features = ["native-tls"] }

Note: The default TLS backend changed from native-tls to rustls in version 10.0. See the migration guide below if upgrading from v9.x.

For situations where the system doesn't include CA root certificates (Docker images like Alpine, Debian-slim, etc.) and your application is updated frequently you can use the webpki-root-certs feature to add the Mozilla trusted root certificates to the client instead of adding system root certificates if desired.

To use this feature simply include stytch to following way:

stytch = { version = "10.3", features = ["webpki-root-certs"] }

Migrating from v9.x to v10.0

Breaking Changes

1. Default TLS backend changed

• Previous default: native-tls (platform TLS)
• New default: rustls (pure Rust TLS with aws-lc)
• Migration: If you need to keep using native-tls, specify it explicitly:

  stytch = { version = "10.0", default-features = false, features = ["native-tls"] }
  

2. Feature flags renamed

• reqwest-native-tls → native-tls

• reqwest-rustls-tls → rustls

• Migration: Update your Cargo.toml feature names:

  # Before (v9.x)
  stytch = { version = "9.4", features = ["reqwest-rustls-tls"] }
  
  # After (v10.0)
  stytch = "10.0"  # rustls is now default, or explicitly:
  stytch = { version = "10.0", features = ["rustls"] }
  

3. Crypto providers updated

• Both JWT verification and HTTPS connections now use aws-lc-rs instead of ring
• No code changes required - this is internal to the library

Why These Changes?

• Modern crypto: Aligns with Rust ecosystem direction (reqwest 0.13, jsonwebtoken 10.x)
• No ring dependency: Eliminates ring from the dependency tree entirely
• Unified crypto: Single crypto provider (aws-lc-rs) for all cryptographic operations
• Fewer dependencies: 31% reduction in dependency tree size vs separate crypto backends

Documentation

See example requests and responses for all the endpoints in the Stytch API Reference.

Follow one of the integration guides or start with one of our example apps.

Support

If you've found a bug, open an issue!

If you have questions or want help troubleshooting, join us in Slack or email support@stytch.com.

If you've found a security vulnerability, please follow our responsible disclosure instructions.

Development

See DEVELOPMENT.md

Code of Conduct

Everyone interacting in the Stytch project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

Acknowledgements

Special thanks to @itsyaasir for donating the stytch package name to this project and starting us on our Rust journey!