PropelAuth website screenshot

PropelAuth

PropelAuth is a B2B SaaS authentication and multi-tenant user management platform purpose-built for organizations that sell to other organizations. It provides hosted login UIs, first-class organizations / tenants with custom roles and permissions, enterprise SSO via SAML and OIDC, SCIM directory sync, end-user API keys with validation and usage reporting, OAuth 2.0 / OpenID Connect identity-provider endpoints, and OAuth 2.1 MCP server authentication with dynamic client registration for AI agents. Backend SDKs span Node, Express, FastAPI, Flask, Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers; frontend SDKs cover React, JavaScript, and Next.js (App + Pages Router). A Terraform provider and official CLI back infrastructure-as-code workflows. Pricing starts free with 10,000 MAU and scales through Growth ($150/mo) and Growth Plus ($500/mo) to custom Enterprise contracts.

5 APIs 21 Features
AuthenticationIdentityB2BMulti-TenancyAuthorizationRBACSSOSCIMMCPAPI Keys

APIs

PropelAuth User API

Backend REST API for managing PropelAuth-managed end users. Create, fetch, query, update, delete, enable/disable, and migrate users; issue magic links and short-lived access tok...

PropelAuth Organization API

Backend REST API for managing tenant organizations in PropelAuth. CRUD on organizations, member management (add, remove, change role), invite flows, custom role mappings, and pe...

PropelAuth End-User API Keys API

Backend REST API for issuing, validating, listing, updating, and revoking end-user API keys that PropelAuth manages on behalf of your users and tenant organizations. Includes pe...

PropelAuth OAuth2 API

OAuth 2.0 / OpenID Connect identity-provider endpoints exposed by your PropelAuth Auth URL. Use PropelAuth as an OIDC provider for first-party and third-party OAuth clients, inc...

PropelAuth MCP Authentication API

OAuth 2.1 authorization-server endpoints for Model Context Protocol (MCP) clients and AI agents. Authorize with PKCE, exchange and refresh tokens, introspect access tokens, dyna...

Collections

Arazzo Workflows

PropelAuth Create And Update User

Create a user, fetch it back, then enrich the profile with a follow-up update.

ARAZZO

PropelAuth Invite Existing User By ID

Resolve an existing user by email, create a new org, and invite that user in by ID.

ARAZZO

PropelAuth Invite User To Org

Create an organization, email an invite to a user, and confirm the invite is pending.

ARAZZO

PropelAuth Issue Magic Link For New User

Create a new user, then mint a one-time magic link to sign them in.

ARAZZO

PropelAuth Migrate User With Password

Import a user from an external auth system, resolve their ID, then attach a legacy password hash.

ARAZZO

PropelAuth Offboard User From Org

Resolve a user by email, remove them from an org, and confirm the remaining membership.

ARAZZO

PropelAuth Onboard User Into Org

Create a user, create an organization, and add the user to it with a role.

ARAZZO

PropelAuth Promote Org Member

Find a user by email, change their role within an org, and confirm the new role.

ARAZZO

PropelAuth Provision Org API Key

Create an organization, issue an API key bound to it, then read the key's metadata back.

ARAZZO

PropelAuth Provision Org With Admin

Stand up a new organization, create its first admin user, add them, and verify membership.

ARAZZO

PropelAuth Revoke Pending Invite

Find a pending invite for an org and revoke it when one is outstanding.

ARAZZO

PropelAuth Rotate User API Key

Find a user's active API key, revoke it, and issue a fresh replacement.

ARAZZO

PropelAuth Upsert User By Email

Look a user up by email and update them if they exist, otherwise create them.

ARAZZO

Pricing Plans

Propelauth Plans Pricing

4 plans

PLANS

Rate Limits

Propelauth Rate Limits

4 limits

RATE LIMITS

FinOps

Features

Hosted, customizable login UIs for B2B SaaS
First-class organizations / tenants with custom roles and granular permissions (RBAC)
End-user API keys (personal and org-scoped) with validation, usage stats, and import of legacy keys
Enterprise SSO via SAML and OIDC with self-service per-organization setup (Okta, Entra ID, etc.)
SCIM directory sync for enterprise customers (Growth Plus and Enterprise tiers)
MCP server authentication via OAuth 2.1, PKCE, dynamic client registration, and token introspection
User impersonation with audit trail and alerting
Multi-factor authentication (TOTP) enforceable per organization
Magic links and password authentication with configurable password policies
Per-organization 2FA enforcement and session controls
OAuth 2.0 / OpenID Connect identity-provider endpoints including discovery
User migration from external auth providers (bcrypt, argon2, scrypt, pbkdf2, firebase scrypt)
Separate staging environment included on Growth tier and above
Custom domain on the free tier
Backend SDKs for Node, Express, FastAPI, Flask, Django REST Framework, Python, Go, Rust, .NET, Ruby, and Cloudflare Workers
Frontend SDKs for React, JavaScript, and Next.js (App + Pages Router)
Official PropelAuth CLI and Terraform provider for infrastructure-as-code
Postman collection for the entire backend API
10,000 MAU included on every tier; overage $0.05/MAU on Growth and Growth Plus
Advanced API Keys add-on for 5,000,000 monthly validations
Bring-Your-Own-Auth deployment mode (`byo.propelauth.com`)

Semantic Vocabularies

Propelauth Context

0 classes · 4 properties

JSON-LD

API Governance Rules

PropelAuth API Rules

7 rules · 1 errors 6 warnings

SPECTRAL

Example Payloads

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🌐
Portal
Portal
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
🔗
Documentation
Documentation
🔗
Documentation
Documentation
🔗
Documentation
Documentation
🔗
Documentation
Documentation
🔗
Documentation
Documentation
🔗
Documentation
Documentation
🔗
Documentation
Documentation
💰
Pricing
Pricing
🟢
StatusPage
StatusPage
🟢
StatusPage
StatusPage
📰
Blog
Blog
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
📝
Signup
Signup
🔗
Documentation
Documentation
🔗
Documentation
Documentation
💬
Support
Support
👥
GitHubOrganization
GitHubOrganization
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
📦
SDKs
SDKs
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔗
Documentation
Documentation
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
💻
CodeExamples
CodeExamples
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
FinOps
FinOps
🔗
Vocabulary
Vocabulary
🔗
SpectralRuleset
SpectralRuleset

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: PropelAuth User API
  version: 1.0.0
request:
  auth:
    type: bearer
    token: '{{bearerToken}}'
items:
- info:
    name: Users
    type: folder
  items:
  - info:
      name: Create User
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/
      body:
        type: json
        data: '{}'
    docs: Create a new user in your PropelAuth instance.
  - info:
      name: Fetch User By User ID
      type: http
    http:
      method: GET
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId
      params:
      - name: userId
        value: ''
        type: path
    docs: Returns the user with the supplied user ID.
  - info:
      name: Update User
      type: http
    http:
      method: PUT
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId
      params:
      - name: userId
        value: ''
        type: path
      body:
        type: json
        data: '{}'
    docs: Update mutable user fields (metadata, locked state, properties, etc.).
  - info:
      name: Delete User
      type: http
    http:
      method: DELETE
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId
      params:
      - name: userId
        value: ''
        type: path
    docs: Permanently delete a user. This action cannot be undone.
  - info:
      name: Fetch User By Email
      type: http
    http:
      method: GET
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/email
      params:
      - name: email
        value: ''
        type: query
    docs: Returns the user with the supplied email address.
  - info:
      name: Fetch User By Username
      type: http
    http:
      method: GET
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/username
      params:
      - name: username
        value: ''
        type: query
    docs: Returns the user with the supplied username.
  - info:
      name: Query For Users
      type: http
    http:
      method: GET
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/query
      params:
      - name: page_size
        value: ''
        type: query
      - name: page_number
        value: ''
        type: query
      - name: order_by
        value: ''
        type: query
      - name: email_or_username
        value: ''
        type: query
      - name: include_orgs
        value: ''
        type: query
    docs: Page through users filtered by email substring, legacy user ID, role, and more.
  - info:
      name: Update User Email
      type: http
    http:
      method: PUT
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/email
      params:
      - name: userId
        value: ''
        type: path
      body:
        type: json
        data: '{}'
    docs: Change a user's email address. Optionally require email verification.
  - info:
      name: Update User Password
      type: http
    http:
      method: PUT
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/password
      params:
      - name: userId
        value: ''
        type: path
      body:
        type: json
        data: '{}'
    docs: Programmatically set a user's password.
  - info:
      name: Clear User Password
      type: http
    http:
      method: PUT
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/clear_password
      params:
      - name: userId
        value: ''
        type: path
    docs: Remove a user's password, forcing them to reset on next login.
  - info:
      name: Disable User
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/disable
      params:
      - name: userId
        value: ''
        type: path
    docs: Block the user from signing in. Existing sessions are invalidated.
  - info:
      name: Enable User
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/enable
      params:
      - name: userId
        value: ''
        type: path
    docs: Re-enable a previously disabled user.
  - info:
      name: Disable User 2FA
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/disable_2fa
      params:
      - name: userId
        value: ''
        type: path
    docs: Remove the user's two-factor authentication enrollment.
  - info:
      name: Resend Email Confirmation
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/resend_email_confirmation
      body:
        type: json
        data: '{}'
    docs: Resend the email verification message to a user.
- info:
    name: Sessions
    type: folder
  items:
  - info:
      name: Logout All User Sessions
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/user/:userId/logout_all_sessions
      params:
      - name: userId
        value: ''
        type: path
    docs: Invalidate every refresh token / session for the user.
- info:
    name: Magic Links
    type: folder
  items:
  - info:
      name: Create Magic Link
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/magic_link
      body:
        type: json
        data: '{}'
    docs: Generate a one-time magic link that signs in or signs up the supplied user.
- info:
    name: Access Tokens
    type: folder
  items:
  - info:
      name: Create Access Token
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/access_token
      body:
        type: json
        data: '{}'
    docs: Mint a short-lived access token for a user (impersonation, testing, scripted automation).
- info:
    name: Migration
    type: folder
  items:
  - info:
      name: Migrate User From External Source
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/migrate_user/
      body:
        type: json
        data: '{}'
    docs: Import a user from another auth provider, optionally including a hashed password.
  - info:
      name: Migrate User Password
      type: http
    http:
      method: POST
      url: https://{authId}.propelauthtest.com/api/backend/v1/migrate_user/password
      body:
        type: json
        data: '{}'
    docs: Attach a legacy hashed password to an existing user.
- info:
    name: Employees
    type: folder
  items:
  - info:
      name: Fetch Employee By ID
      type: http
    http:
      method: GET
      url: https://{authId}.propelauthtest.com/api/backend/v1/employee/:employeeId
      params:
      - name: employeeId
        value: ''
        type: path
    docs: Look up a PropelAuth dashboard employee (your internal team member) by ID.
bundled: true