Now building in the open

Security your apps
actually use.

Identity, authorization, and traffic policies — centralized, self-hosted, and built for developers who'd rather ship features than debug auth flows.

Explore the Suite How It Works →
~/my-app 
# Register your app. Get tokens. Ship it.
$ curl -X POST https://authdev.cloud-monitor.com/admin/apps \
    -d '{"name": "My App", "registration_policy": "open"}'

{
  "id": "a1b2c3d4-...",
  "client_secret": "sk_live_...",
  "status": "active"
}

# That's it. Your app has auth now.
The Suite

Three tools. One platform.
Zero excuses for bad security.

Live
🗝️

Keymaster

Identity Broker

Centralized authentication for all your apps. One integration gives you Google, Microsoft, Apple, email, invite codes — whatever your users need. JWT tokens, refresh rotation, per-app roles. Your apps never touch a password.

  • OAuth 2.0 / OIDC compliant
  • Per-app branding & login pages
  • Invite, open, or approval-based registration
  • RS256 JWT with local verification
In Progress
🛡️

Gatekeeper

Auth Middleware

Drop-in middleware that sits between your users and your API. Validates tokens, enforces roles, gates routes — so your application code stays clean and your endpoints stay locked.

  • Token validation via JWKS (no network calls)
  • Role-based route protection
  • Framework-agnostic (Angular, React, FastAPI, Express)
  • Request-level authorization policies
Planned
👁️

Zuul

Traffic Control

Identity-aware traffic policies. Rate limiting that knows who's asking, not just which IP. Abuse detection, geo-fencing, device trust — security decisions made at the identity layer, where they actually matter.

  • Per-user and per-role rate limiting
  • Credential stuffing detection
  • Geographic and device trust policies
  • Real-time audit and alerting
Architecture

Your app talks to us.
We talk to everyone else.

Your App
Web, mobile, API — anything
Cloud Monitor
One integration, one token format
Providers
Google, Microsoft, Apple, SAML...
01

Register your app

Get an app ID and client secret. Choose which auth methods your users see. Set roles, branding, registration policy.

02

Redirect to login

Send users to your branded login page on Cloud Monitor. They authenticate with whatever provider you've enabled.

03

Receive tokens

Cloud Monitor redirects back with a signed JWT. Verify locally with our public key. No ongoing API calls needed.

04

Ship features, not auth code

Add providers, manage users, rotate keys, view audit logs — all from the dashboard. Your app code doesn't change.

For Developers

Auth shouldn't be the hardest
part of your stack.

Self-Hosted

Runs on your infrastructure. Docker Compose up and you're live. No vendor lock-in, no per-MAU billing surprises.

🔑

One Registration

Register once with each OAuth provider. Every app gets auth for free. Add a new app? It already has Google login.

📱

Native App Ready

Built-in support for Capacitor and native apps. Biometric unlock, secure token storage, silent refresh.

🏢

Multi-Tenant

Cell-based architecture. Each tenant gets isolated containers. Clean teardown, no noisy neighbors, compliance-ready.

🔒

Standards-Based

OAuth 2.0, OIDC, RS256 JWT, JWKS. Not a proprietary protocol — just the standards, implemented correctly.

🎨

Your Brand

Login pages branded per app. Your colors, your logo. Users see your product, not ours.

Stop building auth.
Start building your app.

Cloud Monitor is in active development. Keymaster is live. Gatekeeper and Zuul are on the way.

View API Docs Try the Dev Environment →