Now in public beta

The credential layer for every integration.

Authpipe manages every integration credential—OAuth tokens, API keys, webhook secrets—so you ship features, not auth flows.

Start building free Read the docs →
credential.ts 
// Get a valid token — always fresh, always valid
const { credential } = await authpipe.getCredential({
  provider: 'slack',
  tenantId: 'org_acme',
});

// Use it directly — no refresh logic, no try/catch
const slack = new WebClient(credential);
await slack.chat.postMessage({
  channel: '#general',
  text:    'Hello!',
});

Native integrations for 221+ providers

ActiveCampaign ActiveCampaign
Acuity Scheduling Acuity Scheduling
Aircall Aircall
Airtable Airtable
Algolia Algolia
Amazon S3 Amazon S3
Amplitude Amplitude
Anthropic Claude Anthropic Claude
Apollo Apollo
Asana Asana
ActiveCampaign ActiveCampaign
Acuity Scheduling Acuity Scheduling
Aircall Aircall
Airtable Airtable
Algolia Algolia
Amazon S3 Amazon S3
Amplitude Amplitude
Anthropic Claude Anthropic Claude
Apollo Apollo
Asana Asana
Ashby Ashby
Attio Attio
Auth0 Auth0
Azure DevOps Azure DevOps
BambooHR BambooHR
Basecamp Basecamp
Baserow Baserow
Beehiiv Beehiiv
BigCommerce BigCommerce
Bitbucket Bitbucket
Ashby Ashby
Attio Attio
Auth0 Auth0
Azure DevOps Azure DevOps
BambooHR BambooHR
Basecamp Basecamp
Baserow Baserow
Beehiiv Beehiiv
BigCommerce BigCommerce
Bitbucket Bitbucket
View all providers

Capabilities

Everything credentials need.

From OAuth orchestration to encrypted storage, health monitoring, and pre-built UI components.

OAuth Orchestration

Authorization Code with PKCE, installation flows, user connections. Popup and redirect modes with provider-specific quirks handled automatically.

PKCERefreshRotationDevice Flow

Credential Vault

AES-256-GCM encryption with per-tenant isolation. Proactive token refresh before expiry.

ENCAES-256-GCM
KEYSPER-TENANT
REFRESHPROACTIVE

Native SDKs

Typed libraries with SDK-side caching. Zero-latency hot path reads.

TypeScript Python Go React

Pre-built UI Components

Drop-in React components — ConnectButton, InstallButton, ConnectedAccounts, IntegrationMarketplace. Fully themeable.

Connect Salesforce
Install App
Browse Integrations

Monitoring

Know before your users do.

Detect expired tokens, revoked API keys, and rotated secrets. Proactive refresh keeps every credential valid before anyone notices.

Scheduled health checks for every credential type
Predictive expiry with configurable refresh buffer
Webhook events on status changes
Live Dashboard

Health Score

0%

Providers

0+

Active

0

Refreshed

0

Alerts

0

Retries

Exponential backoff with jitter

Signed

HMAC-SHA256 signatures

Event Log
Live

Events

Event-driven by default.

Respond to credential lifecycle changes instantly. Webhooks for installations, connections, token refresh, and revocation—with retry and dead letter queue.

webhook-payload.json 
{
  "event": "connection.created",
  "provider": "slack",
  "user_id": "user_123",
  "scopes": ["chat:write", "users:read"]
}

Positioning

The missing piece of the stack.

Authpipe picks up where Clerk, Auth0, and Firebase Auth leave off.

Feature Auth (Clerk / Auth0) Connections (Authpipe)
Purpose Identify the user Act on behalf of the user
Token Lifecycle Session management OAuth refresh + API key rotation
Scope Logic openid, email, profile Granular platform permissions
Post-Auth JWT validation Always-valid access token via SDK

Pricing

Transparent, scalable pricing.

From side projects to enterprise infrastructure. Start free, scale when you're ready.

Developer

Free

$0 forever
  • 100 connected accounts
  • 5 providers
  • 1 workspace
  • Community support
  • 7-day audit log
  • Webhooks
Start Building
Recommended

Startup

Pro

$49 /mo
  • Everything in Free, plus:
  • 2,500 connected accounts
  • Unlimited providers
  • 5 custom providers
  • Unlimited workspaces
  • Email support
  • 30-day audit log
  • Connection health monitoring
Get Pro

Growth

Scale

$249 /mo
  • Everything in Pro, plus:
  • 25,000 connected accounts
  • Unlimited custom providers
  • Priority support
  • 90-day audit log
  • Connection health monitoring
  • Higher rate limits
Scale Now

Org

Enterprise

Custom
  • Everything in Scale, plus:
  • Unlimited connected accounts
  • Dedicated support
  • Custom audit log retention
  • SOC 2 report
  • 99.9% SLA
  • US / EU data residency
  • Self-hosted token proxy
  • Customer-managed KMS (BYOK)
Contact Sales

FAQ

Common questions.

What counts as a connected account?

A unique credential per provider and tenant. Connecting to both Google Drive and Slack for the same tenant counts as two. Each user-level connection within a tenant counts separately. Storing an API key counts as one.

Can I upgrade or downgrade later?

Yes. Upgrades take effect immediately. Downgrades apply at the start of your next billing cycle.

Do you proxy my API calls?

No. Authpipe manages connections and tokens only. You call provider APIs directly using the tokens we provide.

How does the Enterprise token proxy work?

Our open-source proxy (nginx module, Envoy filter, or standalone sidecar) runs in your network. The control plane manages orchestration while tokens stay under your control.

Ready to add the credential layer?

Get your first 100 connections free. Drop-in React components and SDKs for Node, Python, and Go.

Start building free Read the docs →