developers

Get an API key.

Self-service. Free for testing. The public key goes in your client SDK, the secret stays on your server. Both rotate any time from the portal.

Your name or company

App name (optional)

Mode

Test keys are issued instantly, capped at 1,000 req/h (tenant-wide), and rotate anytime. Live keys lift the cap to 10,000 req/h. Billing is pay-per-call: 1,000 free calls/month, no card needed. Add a card or buy a prepaid credit pack to remove the cap.

Scope

Pick client when you embed a pk_test_ in browser code. With GRAYPASS_REQUIRE_KEY_SCOPE=1, client keys are rejected from mutating routes (key create, webhook CRUD, GDPR erase, etc.) so a leaked browser key can't escalate.

By generating a key you agree to our terms.

Save these now.

We don't store the secret key in plaintext. If you lose it you'll have to rotate.

public_key

secret_key

Quickstart guide

5 min quickstart

Drop-in install.

Add the SDK in your client, the middleware on your server. That's it.

npm install @graypass/sdk

import { GrayPassV2 } from "@graypass/sdk";

// init returns a client instance - keep it around for the session lifetime
const gp = GrayPassV2.init({ apiKey: "pk_test_…" });

// startSession returns V2SessionStartResponse - snake_case fields, mirrors the JSON API.
const { session_id, enrolled, trust, state } = await gp.startSession({ userId: "user_42" });

gp.on("trust_change", ({ confidence, state, reasons }) => {
  console.log("trust ->", confidence, state, reasons);
});

// when the user clicks "Open dashboard":
const verdict = await gp.authorize("dashboard.example.com", { minTrust: 0.7 });
if (verdict.authorized) {
  document.cookie = `gp_token=${verdict.token}; Secure; SameSite=Lax`;
} else {
  // verdict.fallback ∈ {step_up_required, re_authenticate, wait_for_trust, session_killed}
}

// middleware.ts
import { withGrayPass } from "@graypass/middleware/nextjs";

export default withGrayPass({
  apiKey: process.env.GRAYPASS_SECRET_KEY!,
  minTrust: 0.4,
  target: "dashboard",
  stepUpRedirect: "/step-up",
});

export const config = { matcher: ["/dashboard/:path*"] };

curl -X POST https://app.graypass.org/v2/sessions/start \
  -H "Authorization: Bearer sk_test_…" \
  -H "Content-Type: application/json" \
  -d '{"user_id":"user_42"}'

Get an API key.

Save these now.

Drop-in install.

Quickstart →

API reference →

Portal →

Live demo →