Zitadel Has a Free API: Self-Hosted Identity and Auth That Replaces Auth0

What is Zitadel?

Zitadel is an open-source identity management platform — a self-hosted alternative to Auth0, Okta, and Firebase Auth. It provides authentication, authorization, and user management with a comprehensive API.

Free for unlimited users when self-hosted.

Quick Start

docker run --name zitadel -p 8080:8080 \
  ghcr.io/zitadel/zitadel:latest start-from-init \
  --masterkey "MasterkeyNeedsToHave32Characters" \
  --tlsMode disabled

The Management API

export ZITADEL_URL="https://your-zitadel.com"
export TOKEN="your-pat-token"

User Management

# Create user
curl -X POST "$ZITADEL_URL/management/v1/users/human" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "userName": "john@example.com",
    "profile": {
      "firstName": "John",
      "lastName": "Doe",
      "displayName": "John Doe"
    },
    "email": {
      "email": "john@example.com",
      "isEmailVerified": true
    },
    "password": "SecureP@ss123!"
  }'

# List users
curl -X POST "$ZITADEL_URL/management/v1/users/_search" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"queries": [], "limit": 100}'

# Get user by ID
curl "$ZITADEL_URL/management/v1/users/USER_ID" \
  -H "Authorization: Bearer $TOKEN"

Projects and Applications

# Create project
curl -X POST "$ZITADEL_URL/management/v1/projects" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"name": "My Web App"}'

# Create OIDC application
curl -X POST "$ZITADEL_URL/management/v1/projects/PROJECT_ID/apps/oidc" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "name": "Frontend",
    "redirectUris": ["http://localhost:3000/callback"],
    "responseTypes": ["OIDC_RESPONSE_TYPE_CODE"],
    "grantTypes": ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"],
    "appType": "OIDC_APP_TYPE_WEB",
    "authMethodType": "OIDC_AUTH_METHOD_TYPE_NONE"
  }'

Roles and Authorization

# Add role to project
curl -X POST "$ZITADEL_URL/management/v1/projects/PROJECT_ID/roles" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"roleKey": "admin", "displayName": "Administrator"}'

# Grant role to user
curl -X POST "$ZITADEL_URL/management/v1/users/USER_ID/grants" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"projectId": "PROJECT_ID", "roleKeys": ["admin"]}'

OIDC/OAuth2 Integration

// Next.js with next-auth
import NextAuth from "next-auth";

export default NextAuth({
  providers: [{
    id: "zitadel",
    name: "Zitadel",
    type: "oidc",
    issuer: process.env.ZITADEL_URL,
    clientId: process.env.ZITADEL_CLIENT_ID,
    clientSecret: process.env.ZITADEL_CLIENT_SECRET,
  }],
});

Features

• Multi-tenancy: Manage multiple organizations
• OIDC/OAuth2/SAML: Industry-standard protocols
• MFA: TOTP, WebAuthn, SMS
• Social Login: Google, GitHub, Apple, etc.
• Branding: Custom login pages per organization
• Audit Logs: Full event sourcing

Zitadel vs Auth0

Feature	Zitadel (self-hosted)	Auth0
Price	Free (unlimited)	Free to 7,500 MAU
Users	Unlimited	7,500 then $23/mo
SSO/SAML	Included	Enterprise plan
Multi-tenancy	Built-in	Organizations add-on
Self-hosted	Yes	No

---

Need auth infrastructure or identity management setup?

📧 spinov001@gmail.com
🔧 My tools on Apify Store

Auth0, Clerk, or self-hosted? What's your auth stack?