Skip to main content
Latest release is live — self-hosted identity + API gateway

Own Your Auth.Own Your Security.

Secure identity. Protect every API.

Self-hosted identity and API gateway controls for teams that need secure sessions, tenant-aware routing, and server-side key handling — without trusting the browser with secrets.

Start building freeRead the docs
HIPAA ReadySOC2 PostureHttpOnly CookiesCSRF ProtectedOffline FriendlyAudit Ready
Self-hosted
Multi-tenant
White-label
Zero-trust
Edge-ready
API gateway
SSO / SAML
Security architecturePublic-safe overview — no secrets, no internal runbooks.

Public surfaces

Landing pages, docs, and support intake stay fast, branded, and safe for internet-facing visitors.

Authenticated control plane

Tenant-specific setup, operational flows, and sensitive examples live behind the main dashboard.

Gateway enforcement

Services sit behind centralized identity, policy, audit, and abuse controls instead of duplicating auth logic.

HttpOnly
CSRF-aware
Tenant scoped
Audit logged
Rate limited
GeoIP ready

Self-hosted

Deployment

Run in your controlled environment

HttpOnly

Sessions

Opaque cookies, memory-only UI state

Tenant-aware

Access

Context without trusting the browser

Audit-ready

Operations

Structured events for security review

Capabilities

Everything you need to manage APIs

From authentication to request governance, AuthDeep gives operators one controlled place to secure API access without leaking service secrets.

Zero-Trust Frontend

No service keys in browser code. Opaque cookie sessions keep auth material outside JavaScript.

Server-Side Key Injection

Service credentials stay server-side at the gateway boundary. Frontend code never receives them.

Rate Limiting

Protect APIs with per-user and per-endpoint limits configured in the gateway.

Real-time Analytics

Review request volume, errors, and latency trends from gateway telemetry.

Multi-service Routing

Route requests to multiple registered services through one policy-aware gateway.

Permission-Based Access

Define access by tenant, role, method, and path without exposing private service credentials.

Dashboard

Operator-grade visibility without browser secrets

Inspect service routes, request activity, and access controls from a console designed for secure operations.

dashboard preview
Live
12%

Live

Request stream

3ms

Trend

Latency view

Policy

Rules

Access checks

2

Multi

Service routes

Connected Services

users-api
2.4M8ms
payments-api
890K12ms
search-api
1.2M6ms

Recent Requests

GET/api/users
2008ms
POST/api/payments
20145ms
GET/api/search
20012ms
PUT/api/users/123
20015ms

How it works

A safer path from browser to service

Three launch steps that keep credentials server-side while operators define tenant and service boundaries.

01

Register Your Backend

Register a service endpoint, store service credentials server-side, and define tenant-aware access rules.

  • Service catalog
  • Server-side credential handling
  • Tenant-aware policy
02

Grant User Access

Define public or restricted access per method and path. Set rate limits and usage quotas per user or team.

  • Role-aware access
  • Rate limits
  • Usage quotas
03

Call from Frontend

Use credentialed browser requests while AuthDeep keeps service credentials on the server side.

  • No browser secrets
  • Central gateway enforcement
  • Clean application response

Pricing

Per-service pricing, not per-seat

Pay for what you protect. Gateway services and enterprise SSO connections drive cost. Users come free until you scale past generous soft limits.

Free

$0/mo

Evaluate AuthDeep with no commitment. 2 services, full local auth stack.

2 services · 10 users hard cap · 7-day audit logs

Get started free
  • 2 gateway services
  • 10 users (hard cap)
  • Local auth (email + magic link)
  • MFA — TOTP & email OTP
  • Social login (OAuth2/OIDC)
  • API key management (CAK/SAK)
  • 5 API keys
  • 7-day audit log retention
  • LDAP / Active Directory
  • SAML 2.0 / WebAuthn
  • SSO / OIDC IdP
  • Custom domain
SupportCommunity
SLANone

Starter

$19/mo

Small teams standardising identity. LDAP, SAML, and passkeys included.

5 services (+$4/extra) · 100 users · 30-day audit logs

Start Starter
  • 5 gateway services (+$4 each)
  • 100 users (+$0.50/10 overage)
  • Local auth + MFA + Social
  • LDAP / Active Directory
  • SAML 2.0 SP
  • WebAuthn / Passkeys
  • IP allowlist/blocklist
  • 30-day audit log retention
  • API key management
  • Directory Sync (SCIM)
  • Custom domain
  • GeoIP restrictions
SupportEmail
SLA99.5%
Most popular

Growth

$59/mo

Product teams protecting real workloads. Up to 2 enterprise SSO connections.

20 services (+$3/extra) · 500 users · 90-day audit logs

Start Growth
  • 20 gateway services (+$3 each)
  • 500 users (+$0.30/100 overage)
  • Everything in Starter
  • 2 SSO / OIDC IdPs (+$25 each extra)
  • Directory Sync (SCIM, Entra, Keycloak)
  • Custom domain
  • GeoIP restrictions
  • Audit log export (CSV / JSON)
  • 90-day audit log retention
  • White-label (logo, colors, CSS)
  • Self-hosted license
  • Dedicated CSM
SupportPriority email
SLA99.9%

Scale

$179/mo

Growing businesses with complex multi-tenant and multi-SSO requirements.

100 services (+$2/extra) · 2,000 users · 365-day audit logs

Start Scale
  • 100 gateway services (+$2 each)
  • 2,000 users (+$0.20/100 overage)
  • Everything in Growth
  • 10 SSO / OIDC IdPs (+$18 each extra)
  • Unlimited tenants
  • White-label (logo, colors, CSS)
  • 365-day audit log retention
  • Custom HMAC integrations
  • Priority support queue
  • Self-hosted license
  • Dedicated CSM
  • 99.99% SLA contract
SupportPriority
SLA99.9%

Enterprise

Custom

Unlimited services, self-hosted license, dedicated support, and a contractual SLA.

Unlimited services · Unlimited users · 730-day audit logs

Talk to sales
  • Unlimited gateway services
  • Unlimited users
  • Everything in Scale
  • Unlimited SSO / OIDC IdPs
  • Self-hosted offline license
  • 730-day audit log retention
  • Dedicated Customer Success Manager
  • On-premise / VPC deployment
  • Custom SLA contract (99.99% uptime)
  • Security review & pen-test support
  • HIPAA / SOC2 deployment guidance
  • Custom SAML / OIDC integrations
SupportDedicated CSM
SLA99.99%
Current billing (v0.24.0): Plans are activated manually after invoice confirmation. Stripe payment processing arrives in v0.25.0. 14-day free trial rolls to Free limits on expiry \u2014 no data deleted. Contact sales \u2192

Pricing FAQ

What counts as a service?

Each protected route or API proxy target in AuthDeep's service registry counts as one service.

What counts as an SSO / IdP connection?

Each SAML IdP or enterprise OIDC provider configured under a tenant. Social providers (Google, GitHub, etc.) do not count.

Can I upgrade mid-cycle?

Yes. Admin changes the plan; billing is pro-rated manually. Stripe integration arrives in v0.25.0.

What happens when the trial expires?

The account rolls to Free plan limits automatically. No data is deleted.

Can I run AuthDeep without internet access?

Yes. Enterprise self-hosted licensing works offline with no call-home requirement.

How is billing handled today?

v0.24.0 uses manual activation: you contact us, receive an invoice, and admin activates the plan. Stripe arrives in v0.25.0.

Ready to secure your APIs?

Review the security model, map your tenant and service boundaries, then launch with controls that keep secrets out of browser code.

Start rollout planningRead the Docs