Generally speaking, it should be possible. But you’d need to modify the Ghost core – and given that you’re on Ghost(Pro) that will be the problem, in my opinion.
I found this blog post a few weeks ago, that explains how the Ghost authentication works:
In order to make this work with a code, you’d need to adjust the email that is sent out, create a new form where this is entered, then completely change the createSessionFromMagicLink middleware – and that’s just the tip of the iceberg.
What if a member is changing email addresses? Or signs up? For these, do you want to keep the magic link authentication, or change it to code-based as well?
We recently discussed something similar here – so, this might also give you a few ideas: https://forum.ghost.org/t/verify-ghost-membership-status-and-tier-via-api-for-3rd-party-app/