SDKs

Three lines of code.
Seven languages.

Install. Initialize. Protect routes. JWT validation, permission checks, session management -- all handled by the SDK.

Available on Free and above. See pricing

Pick your language

Express, Fastify, Hapi, Koa
npm install @authfi/node
const auth = authfi({ tenant: 'acme' });
app.use(auth.middleware());
app.get('/api/users', auth.require('read:users'), handler);

What the SDK handles

JWT validation

RS256 signature verification, expiry checks, issuer validation. Keys fetched and cached from JWKS endpoint.

Permission checks

auth.require("read:users") -- middleware returns 403 if the JWT lacks the permission. No if-statements.

Session management

Automatic refresh token rotation. Token family detection. Session revocation via API.

User context

auth.user() returns the full identity -- email, roles, groups, permissions, metadata. Typed in every language.

MFA verification

Check mfa_verified claim. Require step-up auth for sensitive operations.

Workload identity

Service-to-service auth. Machine tokens with scoped permissions. No user context needed.

Install in one command

Node.js npm install @authfi/node
Go go get github.com/authfi/sdk-go
Python pip install authfi
C# dotnet add package AuthFI.AspNetCore
PHP composer require authfi/authfi-php
Ruby gem install authfi

Ready to get started?

Free for 5,000 monthly active users. No credit card required.

Start free Read the docs