Open for early access

Passkey auth for
your side projects

A shared, serverless authentication service. No passwords, no email, no recovery flows. Just passkeys.

Get your API key See the code →

How it works

Three steps. Five minutes.

Drop passwords from your side project today. SimplePasskey handles the hard parts so you can ship.

Register your app

Get a clientId for your project. Each app gets its own isolated user pool and signing keys.

Add a few lines of JS

Use @simplewebauthn/browser and two fetch calls. That's the entire integration.

Users tap to authenticate

Fingerprint, Face ID, or security key. No passwords to remember, no phishing to worry about.

Integration

Ship auth in minutes, not days

Two API calls to register. Two more to authenticate. You get back a JWT.

import { startRegistration } from '@simplewebauthn/browser';

// 1. Get registration options from the API
const { token, options } = await fetch('https://api.simplepasskey.com/register/options', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ clientId: 'your-app' })
}).then(r => r.json());

// 2. Prompt the user's browser to create a passkey
const credential = await startRegistration({ optionsJSON: options });

// 3. Verify and get a JWT back
const { jwt } = await fetch('https://api.simplepasskey.com/register/verify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ token, credential })
}).then(r => r.json());

// Done! Use the JWT to authenticate requests to your backend
console.log('Signed in:', jwt);
import { startAuthentication } from '@simplewebauthn/browser';

// 1. Get authentication options
const { token, options } = await fetch('https://api.simplepasskey.com/auth/options', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ clientId: 'your-app' })
}).then(r => r.json());

// 2. Prompt the user to authenticate with their passkey
const credential = await startAuthentication({ optionsJSON: options });

// 3. Verify and get a fresh JWT
const { jwt } = await fetch('https://api.simplepasskey.com/auth/verify', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ token, credential })
}).then(r => r.json());

// That's it — no username, no password
console.log('Authenticated:', jwt);

Features

Everything you need. Nothing you don't.

Built for developers who want auth that works without the baggage.

Passkey-only

No passwords to store, hash, or leak. Phishing-resistant by design. WebAuthn under the hood.

Multi-tenant

Each app gets its own isolated user pool, signing keys, and credential storage. No cross-tenant leakage.

Serverless

Runs on Lambda + DynamoDB. Scales to zero when idle. Your auth bill stays under $1/month for side projects.

JWT-based

Get back ES256-signed JWTs. Verify them independently using the JWKS endpoint. No callback to our servers needed.

API Reference

Six endpoints. That's the whole API.

Everything lives at api.simplepasskey.com

Method Endpoint Description
POST /register/options Generate registration challenge for a new passkey
POST /register/verify Verify registration and return a signed JWT
POST /auth/options Generate authentication challenge
POST /auth/verify Verify authentication and return a signed JWT
GET /.well-known/jwks.json Public keys for independent JWT verification
POST /credentials/* Add, list, and delete credentials (JWT-authed)

Get started

Drop passwords today.

SimplePasskey is in early access. Get your API key and start integrating passkey auth in minutes.

Get your API key View on GitHub