Documentation
Build identity for users, organizations, and machines.
Everything you need to integrate AuthPI — from your first issuer and login flow to organizations, machine credentials, and event-driven webhooks.
Start in your stack
Pick a quickstart and authenticate your first user in under ten minutes.
Build by use case
Follow one outcome-oriented path from concepts to production.
USE CASE Build multi-tenant B2B SaaS The end-to-end path: the organization model, choosing an integration, a working app, and the go-live checklist. USE CASE Add login for consumer users Sign-in for individuals: the user and session model, wiring the OIDC flow in your framework, and going to production. USE CASE Give AI agents and services their own identity Non-human callers done right: agent identities, client_credentials for services, org API keys — and when to use which. USE CASE Create an organization and invite a teammate The core B2B onboarding task, runnable in TypeScript, Python, or cURL — with verification and failure modes.
Browse by topic
The resources you manage through the Core API and the standard protocol endpoints.
Core concepts Issuers, users, organizations, clients — and how they fit together. Users & sessions User lifecycle, sessions, personal tokens, and the self-service portal. Organizations Native multi-tenancy with memberships, invitations, and org-scoped keys. Events & webhooks 90+ event types, signed with HMAC-SHA256 and retried with backoff. Global runtime · regional data Reachable from the edge; user PII placed in a regional store at signup. API reference Complete Core API and IdP API endpoints with payloads and errors.
Popular guides
Task-focused walkthroughs for the most common integrations.
GUIDE Issue org-scoped API keys for B2B customers Machine credentials bound to an organization context. GUIDE Verify webhook signatures Validate HMAC-SHA256 signatures and handle retries idempotently. GUIDE Machine-to-machine authentication Client-credentials and scoped access for services and agents. GUIDE Validate access tokens Verify JWTs against the issuer's JWKS, the right way.
Was this page helpful?