v1 · Stable

Introduction

AuthSaas is a multi-tenant authentication service. Add secure sign-in to any project with a single clientId and a lightweight SDK.

What is AuthSaas?#

AuthSaas provides authentication as a service — register as a developer, create an app, and use the issued clientId to authenticate users from your project. Your users are scoped to your app and isolated from all other tenants.

It handles the hard parts: JWT access tokens, refresh token rotation,bcrypt password hashing, email verification,audit logging, and RBAC — so you don't have to.

How it works#

Register as a developer at /docs/quickstart.
Create an app — you receive a clientId and a clientSecret (shown once).
Install the SDK in your project and pass the clientId.
Call login() or register() — the SDK handles token storage and refresh automatically.

ℹ Note

The clientSecret is only shown once at creation. Store it securely — if lost, rotate via the dashboard.

Key concepts#

Tenants#

A tenant is a developer account. Each tenant can create multiple apps. Tenant credentials authenticate you to the developer dashboard — not to your own apps.

Apps#

An app represents one of your projects (e.g. My Portfolio, Task Manager). Each app has a unique clientId and a hashed clientSecret. Users are scoped per app — the same email can register independently in two different apps.

Tokens#

Authentication returns two tokens:

Access token — short-lived JWT (15 min). Sent as Authorization: Bearer <token>.
Refresh token — long-lived (7 days), single-use. Used to issue a new token pair. Reuse triggers immediate revocation of all sessions.

Token response

{
  "accessToken":  "eyJhbGciOiJIUzI1NiIs...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
  "expiresIn":    900
}

Next steps#

Quick Start — up and running in 5 minutes
API Reference — full endpoint documentation
JavaScript SDK — React hooks and typed client
Security — token lifecycle and best practices