Everything you need to secure your applications with enterprise-grade authentication.
Stateless authentication using JSON Web Tokens. Tokens are signed with a secure secret and expire after 24 hours for security.
New accounts require email verification before they can log in. Verification tokens expire after 24 hours.
8+ characters with uppercase, lowercase, number, and special character. Passwords are hashed with bcrypt.
Every login is logged with user agent, browser, OS, and IP address for security monitoring.
Distributed rate limiting using Redis. Survives container restarts and works across multiple instances.
Automatic fallback to in-memory rate limiting if Redis is unavailable. Never blocks legitimate users.
Automatic account lockout after configurable failed attempts. Default: 10 attempts, 30 minute lockout.
All production traffic is encrypted with TLS. Secure cookies and headers protect against attacks.
Host authentication for multiple projects from a single PM7 Auth instance. Each project has isolated users.
Configure rate limits, lockout thresholds, email verification, and more individually for each project.
Each project gets a unique API key for server-to-server authentication. Rotate keys without downtime.
Enable or disable features per project. Control signups, OAuth providers, and more.
Full-featured admin panel for managing users, projects, and settings. Role-based access control.
View, edit, and manage all users. Reset passwords, verify emails, and lock accounts.
Monitor login attempts, failures, signups, and security events. Export data for analysis.
Every authentication event is logged with timestamp, IP, device, and outcome for audit trails.
Create your account and start securing your applications today.