DEV Community

Alex Spinov
Alex Spinov

Posted on

Logto Has a Free API That Adds Auth to Your App Without Auth0 Pricing

#logto #authentication #api #opensource

Logto is the open-source Auth0 alternative. User authentication, social login, MFA, organization management — all via API. Self-host free or use Logto Cloud.

What Is Logto?

Logto provides a complete identity solution: sign-up/sign-in flows, social connectors (Google, GitHub, Discord), passwordless auth, RBAC, and multi-tenancy.

Quick Start 

# Docker
docker run -p 3001:3001 -p 3002:3002 logtoio/logto
# Admin console: http://localhost:3002
# Auth endpoint: http://localhost:3001
Enter fullscreen mode Exit fullscreen mode

React Integration 

import { LogtoProvider, useLogto } from '@logto/react'

const config = {
  endpoint: 'https://your-logto.com',
  appId: 'your-app-id',
}

function App() {
  return (
    <LogtoProvider config={config}>
      <AuthButtons />
    </LogtoProvider>
  )
}

function AuthButtons() {
  const { signIn, signOut, isAuthenticated, getIdTokenClaims } = useLogto()

  if (isAuthenticated) {
    const claims = await getIdTokenClaims()
    return (
      <div>
        <p>Welcome, {claims?.name}!</p>
        <button onClick={() => signOut('http://localhost:3000')}>Sign Out</button>
      </div>
    )
  }

  return <button onClick={() => signIn('http://localhost:3000/callback')}>Sign In</button>
}
Enter fullscreen mode Exit fullscreen mode

Management API 

export LOGTO_URL="https://your-logto.com"
export LOGTO_TOKEN="your-management-api-token"

# List users
curl -s "$LOGTO_URL/api/users?page=1&page_size=20" \
  -H "Authorization: Bearer $LOGTO_TOKEN" | jq '.[].primaryEmail'

# Create user
curl -s -X POST "$LOGTO_URL/api/users" \
  -H "Authorization: Bearer $LOGTO_TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"primaryEmail": "alice@example.com", "name": "Alice", "password": "SecurePass123!"}'

# Assign role
curl -s -X POST "$LOGTO_URL/api/users/USER_ID/roles" \
  -H "Authorization: Bearer $LOGTO_TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"roleIds": ["role-admin"]}'

# Create organization
curl -s -X POST "$LOGTO_URL/api/organizations" \
  -H "Authorization: Bearer $LOGTO_TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"name": "Acme Corp", "description": "Enterprise customer"}'
Enter fullscreen mode Exit fullscreen mode

Social Connectors

Built-in connectors for:

  • Google, Apple, Microsoft, Facebook
  • GitHub, GitLab, Discord, Slack
  • WeChat, Kakao, Naver, LINE
  • SAML, OIDC (any provider)
  • Email + SMS passwordless

Backend Verification 

import { createRemoteJWKSet, jwtVerify } from 'jose'

const JWKS = createRemoteJWKSet(new URL('https://your-logto.com/oidc/jwks'))

async function verifyToken(token: string) {
  const { payload } = await jwtVerify(token, JWKS, {
    issuer: 'https://your-logto.com/oidc',
    audience: 'your-api-resource',
  })
  return payload // { sub: 'user-id', roles: ['admin'], org_id: 'org-1' }
}

// Express middleware
app.use('/api', async (req, res, next) => {
  const token = req.headers.authorization?.replace('Bearer ', '')
  if (!token) return res.status(401).json({ error: 'Unauthorized' })
  try {
    req.user = await verifyToken(token)
    next()
  } catch {
    res.status(403).json({ error: 'Invalid token' })
  }
})
Enter fullscreen mode Exit fullscreen mode

Free Tier

Feature Free Pro ($16/mo)
MAU 50,000 50,000
Social connectors 3 Unlimited
Organizations 1 Unlimited
MFA Yes Yes
Custom domain No Yes
Self-hosted Unlimited N/A

Logto vs Auth0

Feature Logto Auth0
Open source Yes No
Self-hosted Yes No
Free MAU 50K 7.5K
Social login 20+ 20+
Organizations Yes Paid
MFA Free Free

Need auth for your scraping platform? Scrapfly provides authenticated web scraping. Email spinov001@gmail.com for secure data solutions.

Top comments (0)