Trusted by Cachee, H33, BabyZilla, Fit1 & more

The Auth Platform That's
42x Faster. And Actually Secure.

Rust-native middleware. 6 auth methods. BotShield fraud scoring. Multi-tenant from day one.
npm install @auth1/react — drop in <SignIn /> — ship.

Start Free Read the Docs
8+
Production Tenants
42x
Faster (Rust)
5 min
To Deploy
6
Auth Methods
App.jsx
import { Auth1Provider, SignIn } from '@auth1/react';

function App() {
  return (
    <Auth1Provider apiKey="auth1_pk_...">
      <SignIn
        methods={['phone', 'email', 'google', 'github']}
        onSuccess={(user) => console.log('Welcome', user.name)}
      />
    </Auth1Provider>
  );
}
Production ready
React Node.js REST API

Ship auth in three steps

From npm install to production in under 5 minutes

Install the SDK

npm install @auth1/react

  • React components included
  • Core JS SDK available
  • TypeScript support

Add your API key

Configure your tenant

  • Custom branding
  • Choose auth methods
  • Set rate limits

You're live

Full auth with fraud protection

4.36 us per auth request (Rust)

Already have an app? Add Auth1 in 5 minutes.

Start Free

Trusted in production by

Features

Everything you need to ship auth.
Nothing you don't.

SMS OTP, magic links, OAuth, MFA, fraud protection, and multi-tenancy — in one platform. No add-ons.

Every Auth Method

SMS OTP with VOIP detection, Email OTP, Magic Links, Email + Password, OAuth (Google, GitHub, Apple), and TOTP/MFA with backup codes. All in one platform.

6 Auth methods
3 OAuth providers

42x Faster via Rust

Auth middleware compiled to native code via napi-rs. JWT verification, tenant resolution, and rate limiting fused into a single native call.

4.36 us Per request
42x vs JS middleware

Bot & Fraud Protection

BotShield + AI fraud scoring on every public endpoint. VOIP detection blocks fake numbers. 3-layer rate limiting: Rust token bucket, Redis sliding window, app-level lockout.

  • BotShield on all endpoints
  • VOIP number detection
  • Timing-safe OTP verification

Multi-Tenant Native

Built for SaaS. Every query scoped by tenant. Custom branding per tenant — SMS sender name, email templates, colors, logos. Isolated rate limits. Not bolted on.

Your App
Your YourApp code: 847291

Drop-in React Components

<SignIn />, <SignUp />, <UserProfile />, <ProtectedRoute />. Dark and light themes. Works in 5 minutes. Also available as a core JS SDK.

@auth1/react @auth1/js REST API

Self-Hostable

Deploy on your servers. Docker, Kubernetes, or AWS. Full source code. No vendor lock-in. Or use our managed cloud.

Docker K8s AWS Managed

Argon2id via Rust

Password hashing with Argon2id through a native Rust module. Not JS bcrypt. Constant-time OTP comparison prevents timing attacks.

Post-Quantum Ready

Optional ML-DSA-65 (Dilithium) signatures on webhooks. Kyber key exchange module available. PQ public key at /.well-known/pq-public-key.

Production Infrastructure

Circuit breakers for Twilio, SES, Stripe, Redis. HMAC-signed webhooks with 5 retry attempts. Structured JSON logging. Health checks at /health/ready and /health/live.

Comparison

How we stack up

Side-by-side with Auth0, Clerk, and SuperTokens

Feature Auth0 Clerk SuperTokens
Price (10K MAU) Free Free Free Free (self-hosted)
Price (50K MAU) $79/mo Best value $375+/mo Free $900/mo
Price (100K MAU) $329/mo $750+/mo ~$1,000/mo $1,800/mo
Rust Native Performance 42x faster
SMS + Email + Magic Link + OAuth + MFA All included All included All included All included
BotShield + Fraud Scoring Built-in CAPTCHA (paid plans)
VOIP Detection Built-in
Multi-Tenant Native Yes Organizations add-on Organizations Yes
Post-Quantum Ready ML-DSA-65
Self-Hostable Full source Yes
React Components <SignIn /> SDK + Redirect <SignIn /> <SignIn />
Password Hashing Argon2id (Rust) bcrypt bcrypt bcrypt

All providers offer generous free tiers. Auth1's advantage is at scale: $0.005/MAU overage vs $0.015 (Auth0/Cognito) and $0.02 (Clerk/SuperTokens). Plus unique features no competitor offers: Rust middleware, VOIP detection, and post-quantum security.

Pricing

Simple, transparent pricing

No hidden fees. No surprise charges. Cancel anytime.

Monthly Annual Save 20%

Starter

$ 39 /month

Perfect for small apps

  • 1,500 SMS/month included
  • All 6 auth methods
  • VOIP detection
  • BotShield + fraud scoring
  • React & JS SDKs
  • Argon2id password hashing
  • Email support (48h)
  • 99.9% uptime SLA
  • $0.02/SMS after 1,500
Start Free

14-day free trial • No credit card required

Most Popular

Growth

$ 99 /month

For growing applications

  • Everything in Starter
  • 4,000 SMS/month included
  • Multi-tenant dashboard
  • Custom branding (SMS, email, UI)
  • Webhook delivery with HMAC
  • Priority email support (24h)
  • OpenAPI 3.0 docs
  • $0.018/SMS after 4,000
Start Free

14-day free trial • No credit card required

Business

$ 249 /month

For production apps

  • Everything in Growth
  • 10,000 SMS/month included
  • Post-quantum webhooks (ML-DSA-65)
  • Circuit breakers (Twilio, SES, Redis)
  • 99.95% uptime SLA
  • Priority support (12h)
  • Structured JSON logging
  • $0.015/SMS after 10,000
Start Free

14-day free trial • No credit card required

Enterprise

$ 999 /month

For large-scale deployments

  • Everything in Business
  • 40,000 SMS/month included
  • Dedicated infrastructure
  • Self-hosted option (Docker/K8s)
  • 99.99% uptime SLA
  • Phone support (4h response)
  • Custom SLAs & contracts
  • $0.012/SMS after 40,000
Contact Sales

Frequently asked questions

Do all plans include BotShield and fraud protection?

Yes. Every tier includes BotShield, AI fraud scoring, VOIP detection, and 3-layer rate limiting. No add-on fees.

What auth methods are included?

All plans include SMS OTP, Email OTP, Magic Links, Email + Password (Argon2id), OAuth (Google, GitHub, Apple), and TOTP/MFA with backup codes.

Can I bring my own Twilio account?

Yes. All plans support BYOT (Bring Your Own Twilio). We also have built-in Twilio with SNS failover for bulletproof delivery.

Is the React SDK really free?

Yes. @auth1/react and @auth1/js are included in every plan. Drop-in components with dark/light themes, fully customizable.

Can I self-host Auth1?

Yes. Full source code available. Deploy with Docker, Kubernetes, or directly on AWS. Enterprise plan includes support for self-hosted deployments.

What is post-quantum webhook signing?

Business and Enterprise plans can sign webhooks with ML-DSA-65 (Dilithium), a NIST-standardized post-quantum signature algorithm. Future-proof your integrations.

Ready to ship auth today?

8 companies already run their auth on Auth1. You can be live in 5 minutes.

Start Free Read the Docs

14-day free trial • No credit card required • Cancel anytime