Help

Frequently asked questions

Everything from integration to security to billing. Can't find your answer? Reach us on the contact page.

Getting started

What is EmbedAuth?
EmbedAuth is an embeddable authentication platform for SaaS and B2B apps. You drop a sign-in and sign-up UI into your product via an iframe, and EmbedAuth handles passwords, OAuth, magic links, OTP, sessions, and token issuance — so the login experience stays on your domain and your brand.
How long does it take to integrate?
A basic integration takes a few minutes: embed one iframe with your client ID, then verify the RS256 JWTs EmbedAuth issues using the public JWKS endpoint. No SDK lock-in and no multi-step quickstart required.
Do my users get redirected to a third-party login page?
No. The authentication UI lives inside an iframe you embed, so users never leave your application or see another company’s branding. The session stays within your customer’s experience.

Security

How are passwords stored?
Passwords are hashed with a slow, salted algorithm (bcrypt) and never stored in plaintext. We also rate-limit authentication endpoints to defend against brute-force and credential-stuffing attacks.
What kind of tokens does EmbedAuth issue?
Short-lived access tokens signed with RS256 (asymmetric). Your backend verifies them with the public key published at our JWKS endpoint, so signing keys never leave EmbedAuth. The algorithm is pinned server-side to prevent algorithm-confusion attacks.
Is EmbedAuth GDPR compliant?
We are built with GDPR in mind. See our Privacy Policy for details on data collection, retention, and your rights, and our Cookie Policy for how cookies are used.

Features

Which authentication methods are supported?
Email and password, OAuth social providers, magic links, and one-time passcodes (OTP). All flows are tenant-aware for multi-tenant B2B products.
Does EmbedAuth support multi-tenant (B2B) apps?
Yes. Every flow — sign-up, sign-in, password reset, OAuth — is tenant-aware, so each of your customers can have their own users, branding, and OAuth providers.
Can I customize the look of the login UI?
Yes. The embedded UI is fully themable, including a CSS editor, so it matches your product rather than looking like a bolted-on third-party widget.

Pricing & billing

Is there a free plan?
Yes, you can start for free. Paid plans add higher monthly auth-event limits and advanced features. See the pricing page for current details.
How is billing handled?
Billing is processed securely through Stripe. We never store full card numbers on our servers. You can upgrade, downgrade, or cancel from your billing settings at any time.

Still have questions?

Read the documentation for integration details, or get in touch and a real engineer will reply.