HACKER Q&A
📣 boberoni

How do you manage users on your API business/product?


I am building on an API product (imagine something like Twilio or Mailgun) and I am thinking about how to manage users in the following areas:

- authentication and authorization

- rate limiting

- accepting payments and billing

- other factors that I haven't thought of yet...?

I am wondering if there are existing tools or SaaS for these problems, or if this is something that I should just implement myself.

Thanks in advance for your help and suggestions!

  👤 kkajla Accepted Answer ✓
Which service to use for billing will depend on how you plan to charge your customers (flat monthly rate, usage based, etc.), so it's worth thinking about pricing first and then exploring the options available on the market. Even though they don't have a specific usage based billing product, my default recommendation is Stripe because it's so easy to setup and manage, and they really have the best product/experience.

Rate limiting is something that's not too difficult to implement and would probably make sense to build yourself. However, it's probably not something worth spending time on until it becomes a necessity (i.e. when you have enough customers that it becomes an issue). Don't waste time on it this early.

For authentication, there are several open and closed source options like Auth0, supertokens, etc. Any of them should work really well depending on how well they integrate with your programming language of choice. Some newer ones like Stytch offer more modern authentication flows (passwordless, magic link, etc). As an API product, you might want to look into a service that helps with generating and managing API keys for API authentication instead.

Depending on the complexity of your product's access control, I would recommend using an authorization-as-a-service product to handle authorization. Warrant (https://warrant.dev/ -- disclaimer: I'm the founder) is an end-to-end authorization service that helps you add authorization at any layer of your stack (API, UI, etc.) without much code and provides a dashboard for managing your access model/access rules.

Aside from these problems, I would recommend spending some time thinking about how you'll manage API versioning and infrastructure/deployments. These are really important for giving your customers a seamless experience as API consumers.

I hope this helps!

👤 zpotty
Good afternoon! Why would you look for something like magento, when you can easily use this platform for e-commerce without any problems if you turn to specialists. For example, I turned to https://elogic.co/ , in order to implement this sales platform into your business. I advise you to read more about it.
👤 sameerav
For authorization, have you looked at Pathfix (https://pathfix.com)?

I am the founder and am happy to answer any questions regarding user auth and app authorization

👤 Irongirl1
I think this one looks interesting :https://clerk.dev