Drop-in authentication API with JWT tokens, email verification, and API key management. Get your app authenticated in minutes, not days.
curl -X POST https://auth.pennypeak.com/api/auth/login \
-H "Content-Type: application/json" \
-H "X-API-Key: pp_your_api_key_here" \
-d '{
"email": "user@example.com",
"password": "securePassword123!"
}'A complete authentication platform built for developers who want security without complexity.
Create up to 5 API keys per project. Keys are hashed with SHA-256 – shown once, stored securely forever.
Short-lived access tokens (15 min) with long-lived refresh tokens. Automatic rotation and revocation.
Built-in sliding-window rate limiting protects against brute-force attacks out of the box.
Two-factor email code verification for sign-up and login. Configurable SMTP support.
One account, multiple projects. Each API key is scoped to a project with independent tracking.
Backend-to-backend token validation endpoint. No JWT secret sharing required between services.
Sign up with your email and create your developer account in seconds.
Name your project and generate a secure API key. Copy it immediately – it won't be shown again.
Use your API key in the X-API-Key header to access all auth endpoints. Sign up, login, verify – all through the API.
RESTful endpoints protected by your API key.
/api/auth/signupRegister a new user/api/auth/loginAuthenticate a user/api/auth/refreshRefresh access token/api/auth/validate-tokenValidate a token (service-to-service)/api/auth/forgot-passwordSend password reset email/api/auth/logoutRevoke tokens/api/auth/userGet current user infoStop building auth from scratch. Get enterprise-grade authentication in your app today.
Create Free Account