Live identity layerForjio suite, IDR-priced

Auth and permissions in one API.
Ship in an afternoon.

Email, social, MFA, and AWS-IAM-style fine-grained authorization — under one API. Priced in rupiah, not USD. Drop in the SDK and forget about identity for the rest of the quarter.

  • 10,000 MAU free
  • No credit card
  • IDR invoicing
  • PPN-compliant
server.ts
import { verifyAccessToken } from '@forjio/huudis-node';

app.get('/me', async (req, res) => {
  const claims = await verifyAccessToken(req.headers.authorization);
  res.json({ userId: claims.sub, email: claims.email });
});

Token in. Claims out. Same call for every Huudis flow, every framework.

How it works

Three calls. Zero auth code to maintain.

We handle JWKS rotation, refresh tokens, MFA challenges, password resets, OIDC discovery, IAM policy evaluation. You handle your product.

01

Install the SDK

npm install @forjio/huudis-node — or the Python or Go SDK. Same wire format across every language.

02

Verify a token

Call verifyAccessToken() in your route handler. Token in, claims out. JWKS cache + clock-skew tolerance built in.

03

Authorize with policies

AWS-IAM-style JSON policies. Canned tiers for Admin / Developer / ReadOnly / Billing. Custom Conditions when you need them.

Features

Everything auth should be. Nothing you'd outgrow.

One API for user identity and authorization. The bits other providers charge Enterprise for — in the free tier.

Email + password

Verification flows, password reset, rate-limited sign-in. Strong-password checks by default.

Social sign-in

Google and Apple ready. Drop-in buttons, ID-token verification, email-based account linking.

MFA + backup codes

TOTP with any authenticator app. Step-up auth gated by Condition keys in your policies.

OIDC provider

Full discovery, JWKS, authorize, token, userinfo, end-session + RFC 8628 device flow.

AWS-IAM-style policies

The exact JSON shape your devs already know. Canned Admin / Developer / ReadOnly / Billing per service.

HMAC access keys

AKIA long-term + ASIA session keys. HMAC-SHA256 signing, ±5 min skew, constant-time compare.

Pricing

Fair, in rupiah, no asterisks.

Free forever for small apps. Pay only when you grow.

Free

For your next side project.

Rp 0/forever

10,000 MAU

  • OIDC provider + OAuth clients
  • Email + password + social sign-in (Google, Apple)
  • TOTP multi-factor auth
  • AWS-IAM-style policies (Admin/Developer/ReadOnly/Billing tiers)
  • Up to 3 organizations, 3 seats, 2 service accounts
Start free
Most popular

Pro

Ship your first paying product.

Rp 99.000/month

50,000 MAU

  • Everything in Free
  • 1 SAML/OIDC enterprise connection
  • Passkeys (WebAuthn) + TOTP
  • Up to 25 organizations, 10 seats, 10 service accounts
  • 30-day audit log
Get started

Business

For Indonesian SaaS that’s scaling.

Rp 299.000/month

200,000 MAU

  • Everything in Pro
  • 5 SAML/OIDC connections
  • SCIM directory sync
  • Unlimited organizations, 50 seats, 50 service accounts
  • All MFA methods (TOTP, WebAuthn, SMS)
Get started

Scale

Dedicated support, SLA, and compliance-ready.

Rp 999.000/month

1,000,000 MAU

  • Everything in Business
  • Unlimited SAML/OIDC connections
  • Bring-your-own custom IdP
  • SCIM + JIT provisioning
  • Adaptive/risk-based MFA
Talk to sales

Compare

Cheaper than Auth0. Sharper than Cognito.

We built Huudis for devs who got tired of paying USD-priced enterprise tiers for auth features that should be free.

CapabilityHuudisAuth0ClerkCognito
Free MAU10,0007,50010,00050,000
Lowest paid tierRp 99k/mo ($7)~Rp 380k/mo ($23)~Rp 410k/mo ($25)Pay-as-you-go
IDR pricing + PPN invoice
AWS-IAM-style policies (free)
CLI-first
OIDC + JWKS + Device Flow
TOTP MFA in free tier
Local Indonesian support

For developers

CLI-first. Type-safe SDKs. Webhooks that don't lie.

Real CLI, type-safe SDKs for Node.js, Python, and Go, REST API, signed webhooks. Test-mode access keys mean you can prototype policies before flipping the live switch.

  • huudis iam, huudis audit, huudis account — fully scriptable
  • OpenAPI spec + type-safe SDKs (Node, Python, Go)
  • Webhooks with HMAC signatures + replay protection (t=…,v1=…; 5-min window)
  • AWS-IAM-style access keys (AKIA long-term, ASIA STS-style assumed roles)
server.ts
import { verifyAccessToken } from '@forjio/huudis-node';

app.get('/me', async (req, res) => {
  const claims = await verifyAccessToken(req.headers.authorization);
  res.json({ userId: claims.sub, email: claims.email });
});

One login

Powering identity for every Forjio product.

Huudis is the identity layer behind every Forjio product. One sign-in, one IAM surface, one place to revoke access — across the entire suite.

Huudis

identity

Huudisidentityyou are here
LinkSnaplinks + QR
Storlaunchstorefront
Plugipaypayments
Serrontservice invoicing
Fulkrumafulfillment
Ripllomarketing
MalaposPOS
Suppuosupport

One Huudis account unlocks every product in the Forjio family.

FAQ

Common questions.

  • Where is my user data stored?
    In our Singapore-region Postgres (DigitalOcean SGP1). Backups encrypted at rest, daily snapshot retention 7 days. We can also stand up a dedicated tenant in your region on Enterprise — useful if you need data residency for regulated workloads.
  • Can I migrate my existing users from Auth0 / Firebase / Cognito?
    Social-only users migrate by re-linking on first sign-in — no action needed from them. For password-based users we currently support bcrypt rehashing on first successful login (the bulk-import API for scrypt / PBKDF2 hash formats is on the roadmap; talk to us if you need it sooner).
  • How does this handle Indonesian regulatory requirements?
    PPN-compliant IDR invoicing on every paid tier. PSE Lingkup Privat (Kominfo) registration is in progress. Data residency in SG by default; ID-region tenancy available on Scale. Audit log retention: 7d Free, 30d Pro, 90d Business, 1y Scale.
  • What happens if I exceed my MAU on the free tier?
    Nothing breaks. Existing users keep signing in. We email you when you cross 90% of the limit, and again at 100%. After 30 days over the limit you need to upgrade or new sign-ups will be paused (existing users still work). No surprise overage bills, ever.
  • Can I self-host?
    Scale tier offers a dedicated tenant on infrastructure of your choice (your DO project, your AWS account, on-prem) — same Huudis, your hardware, custom contract. Full self-host with no vendor connection is on the roadmap for 2026 H2.
  • What if Huudis goes down?
    Scale tier ships a formal 99.95% SLA with credits per the SLA terms. Pro and Business run on the same infra with best-effort uptime targets while we collect launch-period data. JWKS and refresh tokens remain verifiable for 24h via cached keys even if our control plane is offline — your apps keep authenticating users while we recover. Status page at status.huudis.com.
  • Is the source open?
    The SDKs are MIT-licensed (Node, Python, Go) on GitHub. The Huudis service itself is closed-source, but every endpoint is documented with OpenAPI and the SDKs are thin enough to fork if you ever need to.

Ship the auth. Get back to the product.

Sign up, drop in the SDK, and forget about identity for the rest of the quarter.

10,000 MAU free forever. No credit card. PPN-compliant invoicing.