boltauth.com

What is it

BoltAuth is an authentication and access control service for developers, featuring "Authentication without the growth penalty." Based on the main text, its core positioning is to replace authentication services that rapidly increase in price based on MAU or user count. It offers Email OTP, Magic Links, Teams, RBAC, React SDK, an admin dashboard, Webhooks, and transactional email capabilities.

Core Capabilities

In terms of protection types, BoltAuth focuses on identity authentication and access control rather than traditional perimeter security products. It defaults to passwordless authentication, using email OTP and magic links to reduce the maintenance costs associated with password leaks and reset processes. Teams & RBAC support multi-tenancy and role-based permission control, making it suitable for common SaaS scenarios like team spaces, member roles, and permission isolation. For management, the text mentions that the Admin Dashboard handles user management, sessions, email logs, and Webhooks; the Business tier adds audit logs. Integration is a key highlight: the React SDK provides useAuth, useTeam, AuthGuard, and TeamGuard, and the REST API documentation emphasizes its suitability for both human developers and AI coding agents.

Deployment, Compliance, and Pricing

Regarding deployment, the text only confirms integration via SDK/API; it does not disclose whether it supports privatization, self-hosting, or dedicated clouds. For compliance certifications, there is no mention of SOC 2, ISO 27001, GDPR, or HIPAA, nor is an SLA disclosed. Pricing is relatively clear: the Starter plan is free with no credit card required, including 50,000 monthly retained users; Pro is $15/month, including Magic Links, Teams & RBAC, Webhooks, transactional email API, and email support; Business is $49/month, scaling up to 500,000 monthly retained users, and includes audit logs, custom email domains, and priority support. Annual billing saves 20%, and it explicitly states no per-user charges.

Pros, Cons, and Who It's For

Pros include developer-friendly pricing, a generous free tier, and simple React integration, placing production-grade capabilities like Teams/RBAC and Webhooks behind a low barrier to entry. Cons include a lack of public information: there is no mention of MFA, enterprise SSO, SAML/OIDC, social login, compliance certifications, data residency, payment methods, or service SLAs. It is better suited for early-stage to mid-sized SaaS products, React applications, and teams looking to launch authentication quickly while controlling costs; for large enterprises, heavily regulated industries, or clients requiring clear compliance backing, further due diligence is needed.

Access from China

The text provides no information regarding mainland China nodes, ICP filing, payment methods, or access availability, so access from China is rated as unknown. If targeting domestic users, focus on testing API latency, email deliverability, console accessibility, and payment availability; alternatives to consider include Auth0, Clerk, Supabase Auth, Firebase Auth, Keycloak, Logto, or domestic identity authentication services.