Heimdall
Auth that gets out of your way
Heimdall is an auth service for people who'd rather ship features than configure identity providers. It handles M2M tokens, multi-tenant isolation, RBAC, and user management through a clean API. No SDKs to learn, no dashboards to click through.
We're building it because the existing options are either too complex for small teams or too limited for real products. Heimdall sits in the middle: simple enough to integrate in an afternoon, complete enough to grow with you.
What's planned
Machine-to-machine tokens
Issue scoped tokens for service-to-service communication. No user interaction required.
Multi-tenancy (Apps)
Isolate data per tenant out of the box. Each of your customers gets their own space.
Role-based access control
Define roles, assign permissions, and enforce them at the API level with a single guard.
LLM-friendly API surface
Consistent, predictable endpoints designed to work well with AI coding tools and agents.
Invite flows
Generate invite links with configurable expiry and usage limits. Accept invites with one call.
Audit logging
Every permission change, login, and admin action is recorded. Query the audit trail via API.