Home PropelAuth
PropelAuth
PropelAuth is a B2B SaaS authentication and multi-tenant user management platform purpose-built for organizations that sell to other organizations. It provides hosted login UIs, first-class organizations / tenants with custom roles and permissions, enterprise SSO via SAML and OIDC, SCIM directory sync, end-user API keys with validation and usage reporting, OAuth 2.0 / OpenID Connect identity-provider endpoints, and OAuth 2.1 MCP server authentication with dynamic client registration for AI agents. Backend SDKs span Node, Express, FastAPI, Flask, Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers; frontend SDKs cover React, JavaScript, and Next.js (App + Pages Router). A Terraform provider and official CLI back infrastructure-as-code workflows. Pricing starts free with 10,000 MAU and scales through Growth ($150/mo) and Growth Plus ($500/mo) to custom Enterprise contracts.
5 APIs5 Capabilities21 Features
Authentication Identity B2B Multi-Tenancy Authorization RBAC SSO SCIM MCP API Keys
PropelAuth publishes 5 APIs on the APIs.io network, including User API, Organization API, End-User API Keys API, and 2 more. Tagged areas include Authentication, Identity, B2B, Multi-Tenancy, and Authorization.
The PropelAuth catalog on APIs.io includes 5 machine-runnable capabilities , 1 JSON-LD context, and 1 Spectral governance ruleset.
PropelAuth’s developer surface includes developer portal, documentation, getting-started guide, pricing, engineering blog, signup flow, support, and 54 more developer resources.
Backend REST API for managing PropelAuth-managed end users. Create, fetch, query, update, delete, enable/disable, and migrate users; issue magic links and short-lived access tok...
Backend REST API for managing tenant organizations in PropelAuth. CRUD on organizations, member management (add, remove, change role), invite flows, custom role mappings, and pe...
Backend REST API for issuing, validating, listing, updating, and revoking end-user API keys that PropelAuth manages on behalf of your users and tenant organizations. Includes pe...
OAuth 2.0 / OpenID Connect identity-provider endpoints exposed by your PropelAuth Auth URL. Use PropelAuth as an OIDC provider for first-party and third-party OAuth clients, inc...
OAuth 2.1 authorization-server endpoints for Model Context Protocol (MCP) clients and AI agents. Authorize with PKCE, exchange and refresh tokens, introspect access tokens, dyna...
Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.
Run with Naftiko
PropelAuth backend capability for validating end-user API keys at a gateway and for managing their lifecycle (issue, fetch, update, revoke). Self-contained Naftiko capability.
Run with Naftiko
PropelAuth OAuth 2.1 server capability for Model Context Protocol clients. Provides authorization, token, introspection, dynamic client registration, and metadata discovery so M...
Run with Naftiko
PropelAuth OAuth 2.0 / OpenID Connect identity provider capability. Authorize, exchange tokens, refresh tokens, retrieve user info, log out, and discover the OIDC configuration.
Run with Naftiko
PropelAuth backend Organization API capability covering tenant CRUD, membership, role changes, and pending invite management. Self-contained Naftiko capability.
Run with Naftiko
PropelAuth backend User API capability covering CRUD, query, enable/disable, password, and 2FA operations on PropelAuth-managed end users. Self-contained Naftiko capability.
Run with Naftiko
Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.
Run with Naftiko
Hosted, customizable login UIs for B2B SaaS
First-class organizations / tenants with custom roles and granular permissions (RBAC)
End-user API keys (personal and org-scoped) with validation, usage stats, and import of legacy keys
Enterprise SSO via SAML and OIDC with self-service per-organization setup (Okta, Entra ID, etc.)
SCIM directory sync for enterprise customers (Growth Plus and Enterprise tiers)
MCP server authentication via OAuth 2.1, PKCE, dynamic client registration, and token introspection
User impersonation with audit trail and alerting
Multi-factor authentication (TOTP) enforceable per organization
Magic links and password authentication with configurable password policies
Per-organization 2FA enforcement and session controls
OAuth 2.0 / OpenID Connect identity-provider endpoints including discovery
User migration from external auth providers (bcrypt, argon2, scrypt, pbkdf2, firebase scrypt)
Separate staging environment included on Growth tier and above
Custom domain on the free tier
Backend SDKs for Node, Express, FastAPI, Flask, Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers
Frontend SDKs for React, JavaScript, and Next.js (App + Pages Router)
Official PropelAuth CLI and Terraform provider for infrastructure-as-code
Postman collection for the entire backend API
10,000 MAU included on every tier; overage $0.05/MAU on Growth and Growth Plus
Advanced API Keys add-on for 5,000,000 monthly validations
Bring-Your-Own-Auth deployment mode (`byo.propelauth.com`)
0 classes · 4 properties
JSON-LD
7 rules ·
1 errors
6 warnings
SPECTRAL
Sources
aid: propelauth
url: https://raw.githubusercontent.com/api-evangelist/propelauth/refs/heads/main/apis.yml
apis:
- aid: propelauth:propelauth-user-api
name: PropelAuth User API
tags:
- Authentication
- Users
- B2B
- Identity
humanURL: https://docs.propelauth.com/reference/api/user
properties:
- url: https://docs.propelauth.com/reference/api/user
type: Documentation
- url: https://docs.propelauth.com/reference/api/getting-started
type: GettingStarted
- url: openapi/propelauth-user-api-openapi.yml
type: OpenAPI
- url: json-schema/propelauth-user-schema.json
type: JSONSchema
- url: json-ld/propelauth-context.jsonld
type: JSONLD
- url: examples/propelauth-create-user-example.json
type: Example
- url: examples/propelauth-create-magic-link-example.json
type: Example
- type: NaftikoCapability
url: capabilities/user-management.yaml
description: Backend REST API for managing PropelAuth-managed end users. Create, fetch, query, update, delete,
enable/disable, and migrate users; issue magic links and short-lived access tokens; manage 2FA and force-logout
sessions. Authenticated with a PropelAuth Backend Integration API key as a Bearer token.
- aid: propelauth:propelauth-org-api
name: PropelAuth Organization API
tags:
- Authentication
- Organizations
- Multi-Tenancy
- B2B
humanURL: https://docs.propelauth.com/reference/api/org
properties:
- url: https://docs.propelauth.com/reference/api/org
type: Documentation
- url: openapi/propelauth-org-api-openapi.yml
type: OpenAPI
- url: json-schema/propelauth-org-schema.json
type: JSONSchema
- url: json-ld/propelauth-context.jsonld
type: JSONLD
- url: examples/propelauth-create-org-example.json
type: Example
- type: NaftikoCapability
url: capabilities/org-management.yaml
description: Backend REST API for managing tenant organizations in PropelAuth. CRUD on organizations, member
management (add, remove, change role), invite flows, custom role mappings, and pending invite revocation. The
multi-tenant core of every B2B SaaS PropelAuth deployment.
- aid: propelauth:propelauth-api-keys-api
name: PropelAuth End-User API Keys API
tags:
- Authentication
- API Keys
- Machine-to-Machine
- B2B
humanURL: https://docs.propelauth.com/reference/api/apikey
properties:
- url: https://docs.propelauth.com/reference/api/apikey
type: Documentation
- url: openapi/propelauth-api-keys-api-openapi.yml
type: OpenAPI
- url: json-schema/propelauth-api-key-schema.json
type: JSONSchema
- url: examples/propelauth-validate-api-key-example.json
type: Example
- type: NaftikoCapability
url: capabilities/api-key-validation.yaml
description: Backend REST API for issuing, validating, listing, updating, and revoking end-user API keys that
PropelAuth manages on behalf of your users and tenant organizations. Includes personal and org-scoped keys,
imported legacy keys, and per-key usage reporting. Up to 5M validations / month with the Advanced API Keys
add-on.
- aid: propelauth:propelauth-oauth2-api
name: PropelAuth OAuth2 API
tags:
- Authentication
- OAuth 2.0
- OpenID Connect
- Identity Provider
humanURL: https://docs.propelauth.com/reference/api/oauth2
properties:
- url: https://docs.propelauth.com/reference/api/oauth2
type: Documentation
- url: openapi/propelauth-oauth2-api-openapi.yml
type: OpenAPI
- type: NaftikoCapability
url: capabilities/oauth2-identity-provider.yaml
description: OAuth 2.0 / OpenID Connect identity-provider endpoints exposed by your PropelAuth Auth URL. Use
PropelAuth as an OIDC provider for first-party and third-party OAuth clients, including no-code / low-code and
OIDC-aware backends. Authorize, token exchange, refresh, userinfo, logout, and OIDC discovery.
- aid: propelauth:propelauth-mcp-api
name: PropelAuth MCP Authentication API
tags:
- Authentication
- MCP
- OAuth 2.1
- AI Agents
- Beta
humanURL: https://docs.propelauth.com/mcp-authentication/overview
properties:
- url: https://docs.propelauth.com/mcp-authentication/overview
type: Documentation
- url: openapi/propelauth-mcp-api-openapi.yml
type: OpenAPI
- type: NaftikoCapability
url: capabilities/mcp-authentication.yaml
description: OAuth 2.1 authorization-server endpoints for Model Context Protocol (MCP) clients and AI agents.
Authorize with PKCE, exchange and refresh tokens, introspect access tokens, dynamically register MCP clients
(RFC 7591), and discover OAuth 2.1 server metadata. Secure MCP servers with PropelAuth identities and
organization-scoped permissions.
name: PropelAuth
tags:
- Authentication
- Identity
- B2B
- Multi-Tenancy
- Authorization
- RBAC
- SSO
- SCIM
- MCP
- API Keys
kind: contract
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
access: 3rd-Party
common:
- url: https://www.propelauth.com
type: Portal
- url: https://docs.propelauth.com
name: PropelAuth Docs
type: Documentation
- url: https://docs.propelauth.com/getting-started
name: Getting Started
type: GettingStarted
- url: https://docs.propelauth.com/reference
name: Reference Documentation
type: Documentation
- url: https://docs.propelauth.com/reference/api/getting-started
name: Backend API — Getting Started
type: Documentation
- url: https://docs.propelauth.com/reference/api/user
name: User API Reference
type: Documentation
- url: https://docs.propelauth.com/reference/api/org
name: Organization API Reference
type: Documentation
- url: https://docs.propelauth.com/reference/api/apikey
name: API Keys Reference
type: Documentation
- url: https://docs.propelauth.com/reference/api/oauth2
name: OAuth2 API Reference
type: Documentation
- url: https://docs.propelauth.com/mcp-authentication/overview
name: MCP Authentication Overview
type: Documentation
- url: https://www.propelauth.com/pricing
name: PropelAuth Pricing
type: Pricing
- url: https://status.propelauth.com/
name: PropelAuth Status
type: StatusPage
- url: https://status.propelauth.com/default/history.rss
name: PropelAuth Status RSS
type: StatusPage
- url: https://www.propelauth.com/blog
name: PropelAuth Blog
type: Blog
- url: https://www.propelauth.com/legal/terms-of-service
type: TermsOfService
- url: https://www.propelauth.com/legal/privacy-policy
type: PrivacyPolicy
- url: https://auth.propelauth.com/en/signup
name: Sign Up
type: SignUp
- url: https://byo.propelauth.com
name: Bring Your Own Auth
type: Documentation
- url: https://docs.propelauth.com/files/PropelAuth.postman_collection.json
name: Postman Collection
type: Documentation
- url: [email protected]
type: Support
- url: https://github.com/PropelAuth
type: GitHubOrganization
- url: https://github.com/PropelAuth/react
name: React SDK
type: SDK
- url: https://github.com/PropelAuth/javascript
name: JavaScript SDK
type: SDK
- url: https://github.com/PropelAuth/nextjs
name: Next.js SDK (App + Pages Router)
type: SDK
- url: https://github.com/PropelAuth/node
name: Node.js SDK
type: SDK
- url: https://github.com/PropelAuth/express
name: Express Middleware
type: SDK
- url: https://github.com/PropelAuth/propelauth-fastapi
name: FastAPI SDK
type: SDK
- url: https://github.com/PropelAuth/propelauth-flask
name: Flask SDK
type: SDK
- url: https://github.com/PropelAuth/propelauth-py
name: Python SDK
type: SDK
- url: https://github.com/PropelAuth/propelauth-django-rest-framework
name: Django REST Framework SDK
type: SDK
- url: https://github.com/PropelAuth/propelauth-go
name: Go SDK
type: SDK
- url: https://github.com/PropelAuth/rust
name: Rust Crate
type: SDK
- url: https://github.com/PropelAuth/dotnet
name: .NET SDK
type: SDK
- url: https://github.com/PropelAuth/propelauth-rb
name: Ruby SDK
type: SDK
- url: https://github.com/PropelAuth/cloudflare-worker
name: Cloudflare Worker SDK
type: SDK
- url: https://github.com/PropelAuth/frontend-apis
name: Frontend APIs
type: SDK
- url: https://github.com/PropelAuth/node-apis
name: Node Backend APIs
type: SDK
- url: https://github.com/PropelAuth/cli
name: PropelAuth CLI
type: Tool
- url: https://github.com/PropelAuth/terraform-provider-propelauth
name: Terraform Provider
type: Tool
- url: https://github.com/PropelAuth/byo-go
name: BYO Auth (Go)
type: Tool
- url: https://github.com/PropelAuth/propelauth-byo-java
name: BYO Auth (Java)
type: Tool
- url: https://github.com/PropelAuth/base-elements
name: React Base Elements
type: Tool
- url: https://github.com/PropelAuth/documentation
name: Documentation Source
type: Documentation
- url: https://github.com/PropelAuth/react-frontend-starter
name: React Frontend Starter
type: CodeExamples
- url: https://github.com/PropelAuth/express-backend-starter
name: Express Backend Starter
type: CodeExamples
- url: https://github.com/PropelAuth/flask-backend-starter
name: Flask Backend Starter
type: CodeExamples
- url: https://github.com/PropelAuth/fastapi-backend-starter
name: FastAPI Backend Starter
type: CodeExamples
- url: https://github.com/PropelAuth/python-chalice-backend-starter
name: Python Chalice Backend Starter
type: CodeExamples
- url: https://github.com/PropelAuth/rust-axum-starter
name: Rust Axum Starter
type: CodeExamples
- url: https://github.com/PropelAuth/redwood
name: RedwoodJS Starter
type: CodeExamples
- url: https://github.com/PropelAuth/postgraphile-propelauth-starter
name: PostGraphile Starter
type: CodeExamples
- url: https://github.com/PropelAuth/nextjs-example-app
name: Next.js Example App
type: CodeExamples
- url: https://github.com/PropelAuth/react-express-comment-example
name: React + Express Comment Example
type: CodeExamples
- url: https://github.com/PropelAuth/demo-genai-api-keys
name: GenAI API Keys Demo
type: CodeExamples
- url: https://github.com/PropelAuth/demo-b2b-coupon-generator
name: B2B Coupon Generator Demo
type: CodeExamples
- url: https://github.com/PropelAuth/windows-login-pages
name: Windows Login Pages
type: CodeExamples
- url: plans/propelauth-plans-pricing.yml
type: Plans
- url: rate-limits/propelauth-rate-limits.yml
type: RateLimits
- url: finops/propelauth-finops.yml
type: FinOps
- url: vocabulary/propelauth-vocabulary.yml
type: Vocabulary
- url: rules/propelauth-rules.yml
type: SpectralRuleset
- type: Features
data:
- Hosted, customizable login UIs for B2B SaaS
- First-class organizations / tenants with custom roles and granular permissions (RBAC)
- End-user API keys (personal and org-scoped) with validation, usage stats, and import of legacy keys
- Enterprise SSO via SAML and OIDC with self-service per-organization setup (Okta, Entra ID, etc.)
- SCIM directory sync for enterprise customers (Growth Plus and Enterprise tiers)
- MCP server authentication via OAuth 2.1, PKCE, dynamic client registration, and token introspection
- User impersonation with audit trail and alerting
- Multi-factor authentication (TOTP) enforceable per organization
- Magic links and password authentication with configurable password policies
- Per-organization 2FA enforcement and session controls
- OAuth 2.0 / OpenID Connect identity-provider endpoints including discovery
- User migration from external auth providers (bcrypt, argon2, scrypt, pbkdf2, firebase scrypt)
- Separate staging environment included on Growth tier and above
- Custom domain on the free tier
- Backend SDKs for Node, Express, FastAPI, Flask, Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers
- Frontend SDKs for React, JavaScript, and Next.js (App + Pages Router)
- Official PropelAuth CLI and Terraform provider for infrastructure-as-code
- Postman collection for the entire backend API
- 10,000 MAU included on every tier; overage $0.05/MAU on Growth and Growth Plus
- Advanced API Keys add-on for 5,000,000 monthly validations
- Bring-Your-Own-Auth deployment mode (`byo.propelauth.com`)
sources:
- https://www.propelauth.com
- https://www.propelauth.com/pricing
- https://docs.propelauth.com
- https://docs.propelauth.com/reference/api/getting-started
- https://github.com/PropelAuth
updated: '2026-05-25'
created: '2026-05-25T00:00:00.000Z'
modified: '2026-05-25'
position: Providing
description: PropelAuth is a B2B SaaS authentication and multi-tenant user management platform purpose-built for
organizations that sell to other organizations. It provides hosted login UIs, first-class organizations / tenants
with custom roles and permissions, enterprise SSO via SAML and OIDC, SCIM directory sync, end-user API keys with
validation and usage reporting, OAuth 2.0 / OpenID Connect identity-provider endpoints, and OAuth 2.1 MCP server
authentication with dynamic client registration for AI agents. Backend SDKs span Node, Express, FastAPI, Flask,
Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers; frontend SDKs cover React,
JavaScript, and Next.js (App + Pages Router). A Terraform provider and official CLI back infrastructure-as-code
workflows. Pricing starts free with 10,000 MAU and scales through Growth ($150/mo) and Growth Plus ($500/mo) to
custom Enterprise contracts.
maintainers:
- FN: Kin Lane
email: [email protected]
X: apievangelist
url: https://apievangelist.com
specificationVersion: '0.16'
