Auth in 5 minutes. No backend needed.

Ageinx is a hosted authentication service that removes the need to build login systems from scratch. We handle identity so you can handle your business logic.

Instead of managing passwords, sessions, hashing, and token logic yourself, you simply redirect users to Ageinx, and we handle the entire authentication flow. After a successful login, the user is redirected back to your app with a secure token.

The Golden Rule: The frontend is only used for user experience. Security is always enforced on your backend by verifying the token before granting access to sensitive data.

Ready to secure your app?

No credit card • Unlimited users • Under 5 mins setup

Try it now

How It Actually Works

Integrating Ageinx requires no heavy SDKs or complex configuration. The entire authentication lifecycle is handled through three standard HTTP steps.

1. Redirect to Ageinx

Direct your users to your hosted Ageinx login page using your unique project slug. This single flow handles both login and signup dynamically.

<!-- Send the user to the Ageinx hosted auth UI -->
<a href="https://ageinx.vercel.app/auth/YOUR_SLUG">Login</a>

2. Callback & Extraction

After a successful login, Ageinx securely redirects the user back to your app. The short-lived JWT is appended to the URL hash. You must extract this token immediately and remove it from the URL to prevent users from accidentally sharing it.

// 1. Extract the token from the hash
const token = new URLSearchParams(window.location.hash.substring(1)).get('token');

if (token) {
    localStorage.setItem('token', token);
    // 2. MUST clean the URL bar for security
    window.history.replaceState(null, null, window.location.pathname); 
}

3. Verification

Never trust the frontend alone. To secure your application, you must send the extracted token to your backend via the Authorization header and verify it against the Ageinx API on every protected request.

# Validate the token on your backend before granting access
GET https://ageinx.vercel.app/auth/userinfo
Authorization: Bearer <token>

React / Next.js

Handling the callback in modern frontend frameworks is easiest with a simple useEffect hook. This component mounts, silently extracts the token from the URL, stores it locally, and pushes the user to their protected dashboard.

import { useEffect } from 'react';
import { useRouter } from 'next/router';

export default function AuthCallback() {
    const router = useRouter();

    useEffect(() => {
        const token = new URLSearchParams(window.location.hash.substring(1)).get('token');
        if (token) {
            localStorage.setItem('ax_token', token);
            router.push('/dashboard'); 
        } else {
            router.push('/login');
        }
    }, []);

    return <div>Logging in...</div>;
}

Node.js / Express

Protect your API routes using middleware. This function intercepts the incoming request, parses the Bearer token, and asks the Ageinx API if the token is legitimate. If it is, the user data is attached to the request; if not, the request fails closed.

const axios = require('axios');

async function requireAuth(req, res, next) {
    const token = req.headers.authorization?.split(' ')[1];
    if (!token) return res.status(401).json({ error: "Access Denied" });

    try {
        const { data } = await axios.get('https://ageinx.vercel.app/auth/userinfo', {
            headers: { 'Authorization': `Bearer ${token}` }
        });
        req.user = data; 
        next();
    } catch (error) {
        return res.status(401).json({ error: "Invalid or expired token" });
    }
}

Python / FastAPI

FastAPI’s dependency injection system makes securing routes incredibly clean. By passing this dependency to your protected routes, it will automatically handle unauthorized requests and raise clean 401 exceptions when tokens expire.

import httpx
from fastapi import FastAPI, Depends, HTTPException
from fastapi.security import HTTPBearer

app = FastAPI()
security = HTTPBearer()

async def verify_user(credentials = Depends(security)):
    async with httpx.AsyncClient() as client:
        response = await client.get(
            "https://ageinx.vercel.app/auth/userinfo",
            headers={"Authorization": f"Bearer {credentials.credentials}"}
        )
        if response.status_code != 200:
            raise HTTPException(status_code=401, detail="Invalid token")
        return response.json()

Security Model

Ageinx is designed to act as a strict, impenetrable boundary between user credentials and your application logic. Because we handle identity entirely, you never see or store user passwords. Everything is heavily hashed, salted, and rate-limited on our infrastructure.

Ageinx issues secure, signed JWTs that expire in approximately 60 minutes. Because they are stateless, you don't need to maintain a complex session database. Currently, refresh tokens are not supported, meaning users will need to re-authenticate when their access window closes.

Production Best Practices

Do not store tokens forever: Always be prepared for a token to expire and gracefully redirect the user back to the login page.
Enforce HTTPS: Always use HTTPS in production to prevent man-in-the-middle attacks from intercepting the Bearer token.
Upgrade storage: For enterprise security, consider having your backend exchange the initial token and set a secure HttpOnly cookie, rather than relying on browser localStorage.

Common Failures

Auth is generally the easiest place to make a critical application error. Avoid these common implementation pitfalls:

Trusting the frontend: Checking if a token exists in localStorage does not make a route secure. Only a backend verification can grant true trust.
Not clearing the URL: If you fail to remove the hash after extracting the token, users may copy and paste their URL to friends, accidentally leaking their active session.
Ignoring 401s: Tokens will expire. If your frontend API calls fail with a 401 Unauthorized status, your app must catch it and prompt a re-login rather than failing silently.