Browserless Login

Seamless User Authentication

Secure authentication with Curity's hypermedia API enabling browser-less login.

Get StartedTalk to an Expert
Curity Authentication API

The Perfect Match for Single Page Applications

Easy, integrated login - users never leave your site

No need to change the client when authentication requirements change

Instant requests with no full page reloads

A Streamlined User Experience

Secure multi-factor authentication done within the app

Secure multi-factor authentication done within the app

Your customer never leaves your brand

Your customer never leaves your brand

Easy user login from any device or browser

Easy user login from any device or browser

Common Use Cases

API-driven authentication facilitating seamless user experiences on any device or browser.

Mobile Apps

User

Client Application

Opaque Token
User authentication and consent
Opaque Token
Token management
Opaque Token
Token usage
Curity Identity Server

Authentication API

API/Resource Server

On mobile platforms, user login and authentication can be done without leaving the app or using a browser. Client attestation ensures it’s secure and the API only communicates with a genuine client (app).

What is Hypermedia Authentication API

Why Curity Authentication API?

OAuth & OpenID Connect compliant

OAuth & OpenID Connect compliant

Client attestation for increased security

Client attestation for increased security

No browser required

No browser required

Talk to an ExpertStart free trial

Full Control over Every Step in the Authentication Flow

The hypermedia API gives you the power to customize your users’ login experience and ensure the customer journey is optimal and in line with your brand.

Full control over every step in the authentication flow
True mobile

True Native Mobile Experiences

Easily integrate with native components to authenticate users inside the app, making the login experience secure, consistent and simple.

SDK

SDKs Available for iOS, Android and Web

Easy to use SDKs to help developers build more secure integrations and deploy apps and services faster.

Authenticators

Authenticators

Use of the many established authentication methods available or build your own using our SDK.

Explore Authenticators
Authenticators

Actions

Orchestrate what happens after the credentials are verified but before the session is committed using authentication actions.

Explore Actions
Authenticators

Branding

User-facing screens can be customzed to match your brand or you can use pre-existing templates.

Explore Branding

Frequently Asked Questions

Is the Hypermedia Authentication API a part of the Curity Identity Server or is it a separate product?
The Hypermedia Authentication API (HAAPI) is part of the product and is enabled by default for all paid editions of the Curity Identity Server.
How do I enable the Hypermedia Authentication API?
The Hypermedia Authentication API (HAAPI) is enabled by default in the Curity Identity Server, for all paid editions.
Does the Hypermedia Authentication API follow the OAuth standard?
Yes, the Hypermedia Authentication API (HAAPI) is OAuth compliant.
Are PKCE, OAuth assistant etc still necessary if we start to use the Hypermedia Authentication API?
The Hypermedia Authentication API provides high security through client attestation and sender-constrained tokens. If you decide to provide authentication in your applications using HAAPI, then you can drop the usual solutions used because of browser vulnerabilities (as now no browser is used in the flow).
Is it actually ok to enter credentials in the app? I thought the recommendation was not to do that.
Credentials can be entered in the app if it is a first-party application. Then the same entity owns both the application and credentials, so this is not against recommendations. For third-party apps that use HAAPI, you should only use authentication methods that do not require entering credentials in the app (e.g., use an e-mail link).
We have existing user-facing authentication actions. What happens with that flow if we use the Hypermedia Authentication API?
Everything that can be rendered server side can also be used via the Hypermedia Authentication API (HAAPI).
Will the Hypermedia Authentication API work for all mobile users?
Yes, HAAPI works on all modern mobile devices. It also provides a fallback method for devices that do not support client attestation (e.g., phones with Android version less than 8.0.)
How can the Hypermedia Authetication API be used for mobile?
On mobile, user authentication and login can be done without leaving the app or involving a browser. Client attestation ensures it’s secure, and the API only communicates with a genuine client (app).
What type of authentication can be used?
You can use all types of authentication. If the authentication requires the user to leave the API flow, e.g., federation, the step on how to proceed will be presented. Once done, the HAAPI flow will continue.
Is the Hypermedia Authentication API a part of the Curity Identity Server or is it a separate product?
The Hypermedia Authentication API (HAAPI) is part of the product and is enabled by default for all paid editions of the Curity Identity Server.
Can the Hypermedia Authentication API only be used on mobile (iOS and Android)?
In addition to mobile, you can also use the Hypermedia Authentication API (HAAPI) for Single Page Applications to create a smooth authentication experience.
Is there a way to handle rooted mobile devices?
Yes. The configuration specifies which security levels should be used. Rooted devices are one of these settings. In production, it is strongly recommended not to allow rooted devices.

More in