OPEN SOURCE · MIT  RUNS ON YOUR CLOUDFLARE $0 ON THE FREE TIER

Your auth. Your users.
Your Cloudflare.

One click deploys a complete user-management stack — Better Auth backend, hosted login pages, and an admin dashboard — into your own Cloudflare account. No servers. No auth vendor. No one else's database.

// one secret to paste, zero migrations to run
authkit.democra.ai / launch
01 /

Three surfaces. One Worker.

Everything ships in a single Cloudflare Worker: the API your app calls, the login pages your users see, and the dashboard you manage them from.

Hosted login page
/auth/*

Hosted login pages

Sign-in, sign-up, passkeys, email codes and social buttons — themed in Cloudflare orange, light & dark, English & 中文. Zero frontend work.

Better Auth Studio admin dashboard
/ (admin only)

Admin dashboard

Better Auth Studio built in: browse, create, ban, role and delete users and organizations — live event stream included, gated to admins.

// your app, anywhere
const s = await fetch(
  "https://auth.you.com" +
  "/api/auth/get-session",
  { credentials: "include" }
).then(r => r.json())

s.user.email
// → "ada@example.com"
/api/auth/*

Better Auth API

The full Better Auth surface, public where it should be. Point any SDK at it, share sessions across subdomains, add trusted origins per app.

02 /

The parts you'd have built anyway.

7
sign-in methods
password · email OTP · passkeys · Google · Apple · GitHub · Microsoft
$0
on the free tier
Workers + D1 + KV, comfortably within Cloudflare's free plan
1
worker for everything
API, login pages and admin UI in a single deploy
100%
yours
your account, your database, your code — MIT licensed
03 /

Deployed before your coffee drips.

STEP 01

Click deploy

Cloudflare clones the repo into your GitHub and auto-provisions a D1 database and a KV namespace. Every push redeploys.

STEP 02

Paste one secret

32+ random characters to sign your sessions. That's the whole configuration.

$ openssl rand -base64 33
STEP 03

You're live

The schema creates itself on first request — no migrations. Social providers switch on automatically when you add their keys.

https://auth-kit.you.workers.dev ● live
04 /

Small on ceremony, big on surface.

Login page light and dark

A login page you don't have to design

Built from better-auth-ui's shadcn components and themed like it belongs to Cloudflare. Light and dark. English and 中文. Passkeys and email codes appear the moment you enable them — the page always mirrors your config.

  • Passkeys (WebAuthn) with cross-subdomain support
  • Email OTP via Cloudflare Email Routing or Resend
  • Google, Apple, GitHub, Microsoft — auto-enabled by config
Studio dashboard

An admin you'd actually open

Live session events, growth charts, user and organization management, CSV export, ban / role / delete — Better Auth Studio ships inside the same Worker, locked to admins only.

  • Role-gated: admins in, everyone else bounced to login
  • Organizations & members with owner roles
  • Works on day zero — no separate deploy
Multi-app control panel

One deployment, many apps

Mount extra apps under their own path — each with its own D1 database, KV namespace and signing secret. Users of one app can never leak into another: isolation is declared in config, enforced by bindings.

  • Per-app databases — hard isolation, not row filters
  • Per-app login pages & OAuth callback routing
  • Cross-subdomain SSO when you want it, host-only when you don't
RENT-FREE · VENDOR-FREE · SERVER-FREE

Stop renting your users.
Own them.