Add workflow runs links from scheduler pages (#SKY-8468) (#5162)

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

docs/cloud/managing-credentials/totp-setup.mdx

@@ -156,12 +156,85 @@ This turns email-based 2FA into something nearly as automated as an authenticato
 
 ---
 
+## Server-fetched codes (totp_url)
+
+Instead of pushing codes to Skyvern, you can have Skyvern pull them from your server. Pass `totp_url` when running a [task](/running-automations/extract-structured-data) or [workflow](/multi-step-automations/build-a-workflow), and Skyvern will call your endpoint when it needs a verification code.
+
+Your endpoint must accept a POST request with `task_id`, `workflow_run_id`, and `workflow_permanent_id` in the body, and return:
+
+```json
+{
+  "verification_code": "123456"
+}
+```
+
+Validate the `x-skyvern-signature` header to confirm the request came from Skyvern:
+
+```python
+import hashlib, hmac
+
+def validate_skyvern_request(request) -> bool:
+    signature = request.headers["x-skyvern-signature"]
+    payload = request.body()  # bytes
+    expected = hmac.new(
+        SKYVERN_API_KEY.encode("utf-8"),
+        msg=payload,
+        digestmod=hashlib.sha256,
+    ).hexdigest()
+    return signature == expected
+```
+
+---
+
+## Magic links (one-time login links)
+
+Some sites use one-time login links instead of numeric codes. Skyvern supports these by splitting the flow into two steps:
+
+1. **Trigger the magic link** — Run a task that initiates the login. The site emails a one-time link.
+2. **Use the link** — Monitor the inbox (e.g., via Zapier), extract the URL, then start a new task with that URL as the starting point.
+
+```python
+# Step 1: Trigger the magic link email
+await client.run_task(
+    prompt="Click 'Sign in with email link' and enter user@example.com",
+    url="https://app.example.com/login",
+    wait_for_completion=True,
+)
+
+# Step 2: Your email monitor extracts the magic link URL, then:
+await client.run_task(
+    prompt="Complete the onboarding form after login",
+    url=magic_link_url,  # The one-time URL from the email
+    wait_for_completion=True,
+)
+```
+
+The magic link URL becomes the `url` parameter for the second task — Skyvern opens it directly, which logs the user in, and then continues with the rest of the automation.
+
+---
+
 ## Viewing past codes
 
 The table below the push form shows all 2FA codes your organization has received: identifier, extracted code, source type, associated workflow run, and timestamps. Filter by identifier, OTP type (numeric code vs. magic link), and number of results per page.
 
 Use this for auditing and debugging: confirming that a code was received and delivered to the right run.
 
+### Listing codes via API
+
+```bash
+curl -X GET "https://api.skyvern.com/v1/credentials/totp?totp_identifier=user@example.com&limit=10" \
+  -H "x-api-key: $SKYVERN_API_KEY"
+```
+
+| Parameter | Description |
+|-----------|-------------|
+| `totp_identifier` | Filter by identifier (email, phone, etc.) |
+| `workflow_run_id` | Restrict to a specific workflow run |
+| `otp_type` | Filter by `totp` or `magic_link` |
+| `limit` | Number of records (default 50, max 200) |
+
+Returns a list ordered newest first. Only codes created within the last 10 minutes (configurable via `TOTP_LIFESPAN_MINUTES`) are returned.
+
 <CardGroup cols={2}>
   <Card
     title="Password Credentials"