Passkeys as a service
Passkeys are the next generation of internet authentication, leaving the usability of passwords in the dust while also improving security. They allow authenticating in one click, can't be forgotten or phished, and are never reused across websites.
SnapAuth provides "passkeys as a service" - we host and manage all of the infrastructure to add passkey support to your website or native app. Instead of spending weeks or months upfront and taking on the burden of ongoing maintenance, SnapAuth will let you get up and running in minutes. We offer passkeys as a service so you can focus on your product.
Why use a hosted passkey service?
In order to improve upon the security of passwords and other authentication factors, passkeys require a substantial amount of new infrastructure. It's not a simple new column in your database, like you might have for a password hash.
Passkeys (and other forms of Web Authentication) need you to deeply understand many data formats, be able to shift between them, and perform numerous cryptographic operations. Expect to build at least a half-dozen public-facing APIs, along with others for internal use. For the highest level of security and best user experience, you'll also want to have a FIDO metadata service, which provides information about authenticator capabilities, chains of trust, and user-visible metadata.
And of course, passkeys are based on native browser and platform APIs, which let you experience all of the ahem joys of browser bugs and inconsistencies in a security-critical path.
SnapAuth does the hard work for you.
As a leading passkey service provider, we:
- Keep client code up to date and cross-browser compatible
- Build, host, and maintain all of the necessary (and optional!) APIs
- Actively monitor and response to all changes to the WebAuthn spec
- Add support for the latest WebAuthn features and capabilities
- Work directly with browser vendors if we detect regressions and rapidly patch around them
Should you self-host passkeys?
Passkey and Web Authentication support can be built and managed entirely in-house. Like with any SaaS offering, there's a "build vs buy" decision to make when adding passkey support.
If you already know you want to self-host - great!
We're genuinely happy to see wider adoption, even if you don't become our customer. Passkeys make the internet more secure than passwords and other easily phished and leaked authentication factors.
We have a passkey integration guide for self-hosting. It details many of the APIs you'll need to build, as well as a lot of the less-documented challenges associated with self-hosting.
Our SDKs are BSD-3 licensed, so feel free to adapt and modify them, or use as reference material.
How does SnapAuth compare to self-hosting?
SnapAuth aims to offer most of the benefits of self-hosting passkeys:
No vendor-lock-in
When a passkey is created, it's bound to a single domain—this is part of what makes them highly phishing-resistant.
Passkeys created with SnapAuth are on your domain, not ours. Not all passkey service providers work this way, which can lead to vendor lock-in.
We do not hold your passkey data hostage, and allow you to export your data at any time. In fact, we encourage it as a backup strategy!
Additionally, we build on top of open standards and documented data formats. If you ever need to leave for any reason, the data migration should be straightforward.
Complete UI flexibility with no co-branding
Not only does SnapAuth not add branding to your website, we don't even offer hosted UI elements. We focus on core infrastructure and offer easy-to-use APIs.
You can continue to create your own sign-in and registration experience that fits your needs and design.
No redirects, no "powered by", no brittle customization options. SnapAuth won't get in the way.
Private
SnapAuth does not and can not cross-reference user accounts across different sites and apps. We collect no user PII, and perform one-way hashing of account handles when provided to ensure we hold no sensitive data.
Passkeys never provide any service with biometric data.
While biometrics such as a fingerprint or face scan are often used to unlock passkeys, that data never leaves the end-user's device.
Stability and independence
We understand how frustrating it can be when a SaaS provider changes its product direction or pricing, especially due to pressure from investors.
At SnapAuth, we are independently owned and operated, and are committed to maintaining a stable, reliable service.
Our focus is solely on being the best passkey service provider for our customers. You can trust that our product will remain consistent and aligned with your needs.
We'll of course continue to add valuable features—in a way that lets you move at your own pace based on your own roadmap.
Cost-effective
Before deciding to self-host, consider the upfront and ongoing engineering costs. The Web Authentication standard is huge, the details matter, and errors could lead to a security compromise. Engineering time is not cheap, and keeping up with an evolving standard is not a one-time cost.
SnapAuth starts at just $5/month, and has simple usage-based pricing. By having a small laser-focused team with no outside investors, we're able to offer competitive rates.
Add passkey support today
We make it super easy to add passkey support to your app. Create a safer and easier sign-in experience by going passwordless, or add frictionless MFA.