API v1.0 — Now Available

Authentication
Reimagined

Enterprise-grade auth infrastructure for modern applications. OTP, Magic Links, Social Login — one simple API.

99.99%
Uptime SLA
<50ms
Avg Response
10K+
Developers

Simple, Transparent Pricing

Scale from prototype to enterprise. No hidden fees, no surprises.

Free

RM0 /month

Best for testing & student projects.

  • 500 Monthly Active Users
  • Email OTP
  • Magic Links
  • Google & GitHub Login
  • 1 Project

Luviio branding · No custom domain · No SLA

Starter

RM29 /month

For indie hackers & MVP apps.

  • 5,000 MAU
  • Unlimited OTP emails
  • Social logins
  • 3 Projects
  • Basic analytics
  • Custom email branding

freelancers · side projects · startup MVPs

Most Popular

Growth

RM99 /month

Most popular plan.

  • 25,000 MAU
  • Custom domain
  • Custom SMTP
  • Webhooks
  • Teams support
  • 10 Projects

SaaS startups · agencies · production apps

Business

RM349 /month

For serious companies.

  • 150,000 MAU
  • RBAC / roles permissions
  • Audit logs
  • Admin dashboard
  • SLA uptime guarantee
  • Unlimited projects

fintech · education platforms · marketplaces

Enterprise

Custom Pricing
RM1,500 – RM10,000+/mo

For organizations with unique needs.

  • Unlimited MAU
  • SAML / SSO
  • On-premise option
  • Dedicated infrastructure
  • Security review
  • Account manager

banks · gov contractors · healthcare systems

Feature Comparison

Feature Free Starter Growth Business
Email OTP
Custom Domain
Webhooks
RBAC
SLA Guarantee

API Documentation

Everything you need to integrate Auth2U into your application.

Base URL

Base URL 
https://api.luviio.com

Authentication

All protected endpoints require an API key in the header:

Headers 
x-api-key: YOUR_API_KEY

You will receive your API key after account creation.

Create Account

POST

Creates a new Auth2U account (default plan: free).

POST /account/create

Request Body

{
  "name": "John Doe",
  "email": "john@email.com"
}

Response

{
  "success": true,
  "apiKey": "auth2u_live_xxxxx",
  "plan": "free",
  "limit": 1000
}

Send OTP

POST

Sends a one-time password to a user email.

POST /otp/send

Headers

{"x-api-key": "YOUR_API_KEY"}

Request Body

{"email": "user@email.com"}

Response

{
  "success": true,
  "message": "OTP sent"
}

Verify OTP

POST

Verifies the OTP code submitted by the user.

POST /otp/verify

Headers

{"Content-Type": "application/json"}

Request Body

{
  "email": "user@email.com",
  "otp": "123456"
}

Response

{
  "success": true,
  "message": "OTP verified"
}

Plans & Limits

Plan Monthly Limit
Free1,000 requests
Starter5,000 requests
Pro50,000 requests
Enterprise1,000,000 requests

Plan upgrades are handled automatically via billing system (Stripe).

Error Responses

Missing API Key
{"error": "Missing API key"}
Invalid API Key
{"error": "Invalid API key"}
User Exists
{"error": "User exists"}
OTP Expired
{"error": "OTP expired"}

Security Notes

  • API keys must be kept private and never shared publicly.
  • Never expose your API key in frontend or client-side code.
  • Always use server-side requests for OTP operations.
  • Requests are rate-limited based on your current plan.

Health Check

GET

Check the status of the Auth2U service.

GET /health

Response

{
  "success": true,
  "service": "Auth2U",
  "status": "running"
}