Bank-level authentication and security for your fintech, wallet or neobanking app.

How it works

Out of the box authentication to protect end user accounts.

login icon

Step 1:

Login or create a project on Rehive.

insights icon

Step 2:

Register as a user using an email and password combination.

revenue icon

Step 3:

Log in using your App ID, email, and password and store the authorization token.

rewards icon

Step 4:

Include the token in the HTTP Authorization header when making an API call.

Built with the highest level of end-user security in mind.

Keeping user funds secure is of the highest importance, while also ensuring a simplified end-user experience. Auth is a reliable and battle-tested solution to help you go to market fast without re-inventing the wheel.

auth feature
branding icon

Block brute force and credential stuffing attacks

Advanced bot management and DDOS protection powered by Cloudflare Enterprise.

language icon

Flexible user identifier

Supports unique email, mobile number, username, or UUID identifiers


Authorization challenges

Protect users with multiple authentication steps


Simultaneously login across multiple devices

Easily flip between mobile and desktop devices to create and view transactions

User feature

Key features and resources

slider image


    Token-based HTTP Authentication scheme.

    Support multiple concurrent sessions with variable session durations.


    Users can register by providing an identifier (email, mobile number, or username) and a password.

    Admins can create and invite users which need to verify their email address or mobile number and set a password.


    Authentication is done via a user identifier (email, mobile number, or username) and a password.

    Optional additional authorization level checks can be configured on the API.

Password management

    Reset user passwords via a password reset link that is sent to the user’s primary email address.

    Easily modify a user password if authenticated and authorized to do so.

    Password resets can be customized to force a password reset before allowing a user to authenticate or authorize again.

Email and mobile verification

    When an email or mobile is added to the system a verification process will be triggered in order to ensure a given email/mobile belongs to the user who created it.

    Companies can individually configure whether verification is required for transacting in the system.

Authenticators and challenges (2FA)

    Users can set up multiple secondary authenticators that can be used for multi-factor authentication. Three authenticator types are currently supported: TOTP, SMS, Static

    Admins can configure when and how multi-factor authentication challenges are triggered, including specifying what specific authenticators are allowed for a given challenge.


    Users can deactivate their account via a deactivation process that will request confirmation through a deactivation link sent to their primary email.

    Admins can force deactivation or invoke deactivation on behalf of a user.