Add authentication to any website.

Step 1: Point your website at us.

CNAME auth.yourwebsite.com → auth.accountmaker.com

Or proxy yourwebsite.com/auth/ → accountmaker.com/auth/

Step 2: Tell us who you are.

Sign up "yourwebsite.com" as an allowed origin.

Done!

POST /login

POST /register

POST /refresh

POST /request-reset-password

POST /request-email-verification

Upgrade path: Block bots by adding CSRF tokens to your forms.

GET /csrf-session

GET /csrf-token

Upgrade path: Add magic links or OTP.

POST /request-magic-link

POST /request-otp

Upgrade path: Use auth codes to hide tokens.

From user's browser, POST /authorize { response_type=code }

Then from your server, POST /token { code=[code] }

Log in devices, services or third-party websites with OAuth

API keys like POST /token { grant_type=client_credentials }

Devices like POST /token { grant_type=urn:ietf:params:oauth:grant-type:device_code }

Public/private keys POST /token { grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer }

SAML like POST /token { grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer }

Enabled feature: Roll your own auth servers.

From your server, POST /token { grant_type=password }