Stop building auth.
Start shipping product.
Every way to sign in -- email, social, magic links, OTP, MFA, passkeys -- from one SDK call. Branded login page included. Free for 5,000 users.
Available on Free and above. See pricing
Branded login, out of the box
Your users see your brand. Every login page is fully customizable.
Welcome to Acme
Sign in to continue
Six auth methods. One API.
Every method works out of the box. Toggle them on from the dashboard.
Email / Password
Breach detection, progressive lockout, configurable policy.
Social Login
Google, GitHub, GitLab. One click. Profile synced.
Magic Links
Passwordless email login. 15-min single-use tokens.
OTP (Email)
6-digit code, 5-min expiry, 5 attempts max.
MFA (TOTP)
Google Authenticator, Authy. QR enrollment. 10 backup codes.
Passkeys
WebAuthn / FIDO2. Biometric. Phishing-resistant.
Three lines of code. Seven languages.
Install the SDK. Initialize. Protect routes. That's it.
const auth = authfi({ tenant: 'acme' });
app.use(auth.middleware());
app.get('/api/users', auth.require('read:users'), handler);Security built in. Not bolted on.
Breached password detection
700M+ compromised passwords checked on every signup and login.
PKCE + token rotation
S256 PKCE on every flow. Automatic refresh token rotation with family detection.
Per-tenant RSA keys
Every tenant gets unique RSA-256 signing keys. No shared secrets.
Ready to get started?
Free for 5,000 monthly active users. No credit card required.