AccountMaker.com
English
Get Started Free

Architecture with clear boundaries.

AccountMaker is designed around explicit identity surfaces, limited scope, and predictable behavior.

Read the docs

High-level overview

AccountMaker provides authentication and identity-related email as a single system, bound to a verified domain. Each capability is scoped narrowly to reduce complexity and attack surface.

Authentication

OAuth 2.0 and OpenID Connect flows served from a verified domain.

Transactional Email

Identity-triggered email sent from the same domain as authentication.

Inbound Identity Email

Controlled handling of generic identity addresses such as support@ or legal@.

Architectural principles

Single identity surface

Users interact with one domain for login and identity-related communication.

Restricted scope

Only authentication and identity-related email are supported.

Explicit boundaries

Each capability has a clear responsibility and does not bleed into application logic.

Predictable behavior

No hidden automation, heuristics, or cross-cutting side effects.

Identity flow

Step 1

Domain verification

A domain is verified before any customer-facing identity behavior is enabled.

Step 2

Authentication requests

Users authenticate through OAuth or OpenID Connect endpoints served from the verified domain.

Step 3

Transactional communication

Identity-triggered emails originate from the same domain and reference the same identity surface.

Step 4

Inbound handling

Messages sent to identity-related addresses are received and processed under the same domain boundary.

Separation of concerns

Application logic

Product-specific behavior, UI, and business rules remain entirely in the application.

Identity infrastructure

Authentication, email identity, and domain enforcement are handled by AccountMaker.

Operational communication

Security and identity-related messages are isolated from marketing or user-generated content.

Explicit non-goals

User interface hosting

AccountMaker does not host application UI beyond authentication flows.

Marketing or outreach email

The system cannot be used for campaigns, promotions, or bulk sending.

General email hosting

No personal inboxes, employee mailboxes, or IMAP/POP access.

Application authorization logic

Fine-grained product permissions remain the responsibility of the application.

Operational considerations

Limited blast radius

Narrow scope reduces the impact of misconfiguration or failure.

Domain stability

Identity remains stable even as application features change.

Auditable behavior

Authentication and email actions are observable and reviewable.

Where this architecture fits

For

  • Production SaaS platforms
  • B2B products with security-sensitive workflows
  • Teams that value clear ownership boundaries

Not for

  • Experimental prototypes
  • Anonymous consumer apps
  • Products seeking all-in-one marketing platforms

Architecture that stays out of the way.

AccountMaker focuses on identity infrastructure so product teams can focus on product behavior.

View architecture docs Back to overview