Banata

Start Here

Introduction

Banata Auth is a complete authentication and user management platform for web applications. Add sign-in, organizations, roles, SSO, and more to your app.

What is Banata Auth?

Banata Auth is an authentication and user management platform that gives your application everything it needs to handle users securely:

  • Sign-in methods — email/password, social OAuth (Google, GitHub, Apple, and more), magic links, email OTP, passkeys, and username/password
  • Multi-factor authentication — TOTP-based two-factor auth with backup codes
  • Organizations — multi-tenant workspaces with members, invitations, and role-based access control
  • Enterprise features — SAML/OIDC single sign-on, SCIM directory sync, audit logs, and encrypted vault storage
  • Operational tools — webhooks, email templates, domain verification, bot protection, and branding

You manage everything through the Banata dashboard (or programmatically with the SDK), and your app connects to Banata using a few lightweight packages.

How It Works

Banata Auth runs as a separate service from your application. Your app doesn't store user data or manage sessions directly — Banata handles that for you.

Here's the high-level architecture:

typescript
Your App (Next.js)                      Banata Auth (Backend)
┌──────────────────────┐                ┌──────────────────────┐
│                      │                │                      │
/api/auth/[...all]  │───proxies to──▶│  Auth runtime
(route handler)     │                │  Users & sessions
│                      │                │  Organizations
Sign-in pages       │                │  Roles & permissions
Protected pages     │                │  SSO, SCIM, etc.
│                      │                │                      │
└──────────────────────┘                └──────────────────────┘
        ▲                                        ▲
        │                                        │
   API key binds                          Dashboard manages
   your app to a                          configuration for
   Banata project                         that project
  1. You create a project in the Banata dashboard and configure your auth settings (methods, providers, emails, branding).
  2. You create an API key for that project and add it to your app's server environment.
  3. Your app proxies /api/auth requests to Banata, keeping cookies on your own domain.
  4. Your users sign in through your app's UI, powered by Banata's auth runtime behind the scenes.

Key Concepts

Projects

A project is the top-level isolation boundary in Banata. Each project has its own users, organizations, roles, providers, and configuration. When you create an API key, it's scoped to a single project — your app automatically works within that project's boundaries.

Think of a project as a complete, isolated auth environment for one application (or one environment of an application, like staging vs. production).

API Keys

An API key is how your app authenticates with Banata and identifies which project it belongs to. You store it as a server-side environment variable (BANATA_API_KEY). The API key does two things: it authenticates your server to Banata, and it tells Banata which project's data to use.

Dashboard

The Banata dashboard is where you manage your projects. From the dashboard you can configure auth methods, set up OAuth providers, manage users and organizations, customize email templates, create API keys, and more. Everything you configure in the dashboard can also be done programmatically through the SDK.

Packages

Banata Auth provides several packages for different parts of your integration:

PackageWhat it does
@banata-auth/nextjsServer-side auth proxy and helpers for Next.js apps
@banata-auth/reactPre-built sign-in/sign-up UI components and auth hooks
@banata-auth/sdkAdmin SDK for managing users, orgs, roles, and configuration by code
@banata-auth/sharedShared types, error classes, and validation utilities
@banata-auth/convexPlatform runtime package (for self-hosting Banata)

Most apps only need @banata-auth/nextjs and @banata-auth/react. Add @banata-auth/sdk if you need to manage Banata resources programmatically from your backend.

Hosted vs. Self-Hosted

Banata Auth can run in two modes:

  • Hosted — You use Banata's cloud-hosted dashboard and backend. No infrastructure to manage.
  • Self-hosted — You deploy the Banata platform yourself on your own infrastructure.

In both cases, the developer experience is the same: you sign in to a dashboard, create a project, configure your settings, generate an API key, and connect your app with the same packages and code. The only difference is where the Banata backend runs.

What's Next

Ready to get started? Head to the Quick Start guide to connect your first app to Banata in a few minutes.

If you want to understand the core concepts in more depth first: