DEV Community

Alex Spinov
Alex Spinov

Posted on

Hanko Has a Free API: The Open-Source Auth Platform Built for Passkeys and Passwordless Login

#hanko #api #auth #passkeys

Passwords are broken. Users forget them, reuse them, and they get breached constantly. Hanko gives you passkey-first authentication — the same technology Apple, Google, and Microsoft are pushing — as a drop-in open-source solution.

What Is Hanko?

Hanko is an open-source authentication platform designed around passkeys and passwordless login. It provides a complete auth solution with passkeys (WebAuthn), email OTP, social login, and session management. Drop-in web components make integration trivial.

The Free API

Hanko Cloud offers a free tier:

  • Free plan: 10,000 monthly active users
  • Passkeys: WebAuthn/FIDO2 built in
  • Passwordless: Email OTP, magic links
  • Social login: Google, Apple, GitHub, etc.
  • Web components: Drop-in auth UI
  • REST API: Full programmatic control
  • Self-hosted option: Run on your infrastructure for free

Quick Start

Add Hanko Elements to your frontend:

npm install @teamhanko/hanko-elements
Enter fullscreen mode Exit fullscreen mode

Drop in the auth component:

import { register } from '@teamhanko/hanko-elements';

// Register custom elements
register('https://your-hanko-api-url');

function LoginPage() {
  return (
    <div>
      <hanko-auth />
    </div>
  );
}

function ProfilePage() {
  return (
    <div>
      <hanko-profile />
    </div>
  );
}
Enter fullscreen mode Exit fullscreen mode

That is it. The <hanko-auth> component handles the entire login flow: passkey registration, email verification, social login, and session management.

Verify sessions on your backend:

import { jwtVerify, createRemoteJWKSet } from 'jose';

const JWKS = createRemoteJWKSet(
  new URL('https://your-hanko-api/.well-known/jwks.json')
);

async function verifySession(token) {
  const { payload } = await jwtVerify(token, JWKS);
  return payload; // { sub: 'user-id', ... }
}

// Express middleware
app.use(async (req, res, next) => {
  const token = req.cookies.hanko;
  if (!token) return res.status(401).json({ error: 'Unauthorized' });

  try {
    req.user = await verifySession(token);
    next();
  } catch {
    res.status(401).json({ error: 'Invalid session' });
  }
});
Enter fullscreen mode Exit fullscreen mode

Self-host with Docker:

docker run -d --name hanko \
  -p 8000:8000 \
  -e HANKO_PUBLIC_URL=http://localhost:8000 \
  -e HANKO_SECRET=your-secret \
  ghcr.io/teamhanko/hanko:latest
Enter fullscreen mode Exit fullscreen mode

Why Teams Choose Hanko

A consumer app had a 40% signup abandonment rate. Users started registration, hit the password requirements (uppercase, number, special char, 12+ characters), and left. After switching to Hanko with passkey-first login, users signed up with a fingerprint or Face ID. Signup completion jumped to 92%, and support tickets about forgotten passwords dropped to zero.

Who Is This For?

  • Consumer app developers wanting frictionless authentication
  • Security-conscious teams eliminating password-related breaches
  • Startups wanting modern auth without building it from scratch
  • Teams preparing for the passwordless future

Start Going Passwordless

Hanko makes passkey authentication as easy as dropping in a web component. No password database to breach, no reset flows to build, no user frustration.

Need help implementing passwordless auth or passkeys? I build custom auth solutions — reach out to discuss your project.

Found this useful? I publish daily deep-dives into developer tools and APIs. Follow for more.

Top comments (0)