Add modern, phishing‑resistant MFA to your product
Passkeys, email links, and more—policy‑driven per app, with beautiful hosted flows.
Hosted verification UX with passkey and fallback options.
Passkeys
Built on WebAuthn for the best UX and phishing resistance.
Policies
Per-app rules: thresholds, methods, and step-up strategies.
Hosted flows
Drop-in URLs you can trigger from any stack.
Email OTP
Low-friction fallback with rate limits and audits.
Auditing
Session and challenge events recorded for visibility.
Privacy
Biometrics never leave the device. Keys are scoped to your RP.
Quickstart
Create an MFA session from your app and redirect users to our hosted flow.
Create an MFA session
export async function createMfaSession({ amount, successUrl, email = '' }) {
const origin = typeof window !== 'undefined' ? window.location.origin : '';
const body = {
appId: 'your app id',
amount: Number(Number(amount || 0).toFixed(2)),
currency: 'USD',
user: { email },
successUrl,
failureUrl: `${origin}/mfa/failure`,
};
const res = await fetch('https://open-mfa.vercel.app/api/v1/sessions', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-merchant-id': 'your merchant id',
'Authorization': 'your merchant key',
},
body: JSON.stringify(body),
});
}