Get Started

Authaz

3 min read·Updated Apr 29, 2026

Authaz is an authentication and authorization platform built for B2B SaaS. Drop it into your application and you get login pages, social sign-in, multi-factor auth, role-based permissions, multi-tenant isolation, and machine-to-machine credentials — without writing any of it yourself.

curl https://your-app.authaz.io/api/v1/users \
  -H "X-API-Key: your_api_key"

That's the whole hello-world: a typed, paginated user list scoped to your application.

Why Authaz#

Multi-tenant by design. Your customers each get their own user pool, roles, and configuration. Pick shared-pool or fully-isolated tenancy — the API is the same either way.
Fine-grained authorization. A Zanzibar-style relation engine (Zeratul) checks permissions in under a millisecond, even with millions of users and resources.
Universal Login out of the box. Hosted login, signup, MFA, social sign-in, and password reset pages. Customizable to your brand and domain.
Every common auth method. Email/password, social (Google, Microsoft, GitHub, Apple), magic links, machine-to-machine, API keys, passkeys.
Standards, not ceremony. OAuth 2.0 with PKCE, OIDC userinfo, JWKS for token verification. Bring any OAuth-aware client.

Quickstart	When to pick it
cURL / any language	You want to see the OAuth flow end-to-end before committing to an SDK. 5 minutes.
Next.js	App Router app. Uses `@authaz/next`.
React SPA	Vite, CRA, or any React app talking to its own backend. Uses `@authaz/react`.
Hono	Hono backend (Node, Bun, Cloudflare Workers, Deno). Uses `@authaz/hono`.
.NET	ASP.NET Core service calling the Management API. Uses the `Authaz.Sdk` NuGet package.

Authaz

Why Authaz#

How it works

Concepts in 30 seconds#

Get started#

What's covered#