DEV Community

Alex Spinov
Alex Spinov

Posted on

Logto Has a Free API You've Never Heard Of

#logto #authentication #opensource #identity

Logto is an open-source Auth0 alternative that you can self-host for free. It provides a complete identity infrastructure with OIDC, social sign-in, RBAC, and a Management API that rivals paid solutions.

What Makes Logto Special?

  • Open source — MIT licensed, self-host for free
  • OIDC compliant — standards-based authentication
  • Management API — full REST API for all operations
  • Multi-tenancy — built-in organization support
  • 50+ social connectors — Google, GitHub, Discord, etc.

The Hidden API: Management API

Logto exposes a comprehensive Management API for programmatic control:

const token = await getManagementToken();

// List users with pagination and search
const users = await fetch('https://your-logto.com/api/users?page=1&page_size=20&search=john', {
  headers: { Authorization: `Bearer ${token}` }
}).then(r => r.json());

// Create user
const newUser = await fetch('https://your-logto.com/api/users', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    primaryEmail: 'user@example.com',
    name: 'John Doe',
    customData: { plan: 'pro', credits: 100 }
  })
}).then(r => r.json());

// Assign roles
await fetch(`https://your-logto.com/api/users/${userId}/roles`, {
  method: 'POST',
  headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({ roleIds: ['role-admin'] })
});
Enter fullscreen mode Exit fullscreen mode

RBAC API 

// Create roles and permissions
const role = await fetch('https://your-logto.com/api/roles', {
  method: 'POST',
  headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({
    name: 'editor',
    description: 'Can edit content'
  })
}).then(r => r.json());

// Create permission (scope)
const resource = await fetch('https://your-logto.com/api/resources', {
  method: 'POST',
  headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({
    name: 'Content API',
    indicator: 'https://api.example.com/content',
    scopes: [
      { name: 'read:content', description: 'Read content' },
      { name: 'write:content', description: 'Write content' }
    ]
  })
}).then(r => r.json());
Enter fullscreen mode Exit fullscreen mode

Webhook API 

// Register webhooks for user events
await fetch('https://your-logto.com/api/hooks', {
  method: 'POST',
  headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({
    name: 'User sync',
    events: ['PostRegister', 'PostSignIn', 'User.Data.Updated'],
    config: {
      url: 'https://your-app.com/webhooks/logto',
      headers: { 'X-Secret': 'your-webhook-secret' }
    }
  })
}).then(r => r.json());
Enter fullscreen mode Exit fullscreen mode

Quick Start 

# Self-host with Docker
docker run -p 3001:3001 -p 3002:3002 ghcr.io/logto-io/logto

# Or use Logto Cloud free tier
# https://cloud.logto.io
Enter fullscreen mode Exit fullscreen mode

Why Developers Choose Logto

A developer shared: "We migrated from Auth0 to self-hosted Logto. Same features, zero monthly cost. The Management API is actually easier to use than Auth0's, and we own our data."

Need auth solutions or custom tools? Email spinov001@gmail.com or check my developer toolkit.

Self-hosting your auth? Have you compared Logto vs Auth0?

Top comments (0)