Open for early access

Passkey auth for
your side projects

A shared, serverless authentication service. No passwords, no email, no recovery flows. Just passkeys.

Get your API key See the code →

How it works

Three steps. Five minutes.

Drop passwords from your side project today. SimplePasskey handles the hard parts so you can ship.

Register your app

Get a clientId for your project. Each app gets its own isolated user pool and signing keys.

Add a few lines of JS

Install the SDK and add a few lines of code. That's the entire integration.

Users tap to authenticate

Fingerprint, Face ID, or security key. No passwords to remember, no phishing to worry about.

Integration

Ship auth in minutes, not days

Install the SDK. Register, sign in, and make authenticated calls. You get back a JWT.

npm install @simplepasskey/browser @simplewebauthn/browser 
import { SimplePasskey } from '@simplepasskey/browser';

const auth = new SimplePasskey({
  clientId: 'your-client-id'
});

// Register a new passkey
const { jwt, userId } = await auth.register({
  displayName: 'Sam'
});

// Sign in
const { jwt, userId } = await auth.signIn();

// Session persists across page loads
const session = await auth.ready;

// Authenticated API calls (auto-refreshes)
const resp = await auth.fetch('/api/data');

Features

Everything you need. Nothing you don't.

Built for developers who want auth that works without the baggage.

Passkey-only

No passwords to store, hash, or leak. Phishing-resistant by design. WebAuthn under the hood.

Multi-tenant

Each app gets its own isolated user pool, signing keys, and credential storage. No cross-tenant leakage.

Serverless

Runs on Lambda + DynamoDB. Free tier rate limits are 10 API calls per second, ~100k DAU.

JWT-based

Get back ES256-signed JWTs. Verify them independently using the JWKS endpoint. No callback to our servers needed.

OIDC compatible

Standard OpenID Connect discovery, authorization code flow, and token endpoint. Drop it into any app that speaks OIDC.

Self-service dashboard

Sign up with a passkey, create your tenant, register client apps, and grab your integration code — all from the browser.

API Reference

Six endpoints. That's the whole API.

Everything lives at api.simplepasskey.com

Method Endpoint Description
POST /register/options Generate registration challenge for a new passkey
POST /register/verify Verify registration and return a signed JWT
POST /auth/options Generate authentication challenge
POST /auth/verify Verify authentication and return a signed JWT
GET /.well-known/jwks.json Public keys for independent JWT verification
POST /credentials/* Add, list, and delete credentials (JWT-authed)

Get started

Drop passwords today.

SimplePasskey is in early access. Get your API key and start integrating passkey auth in minutes.

Get your API key View on GitHub