Passwordless Authentication
for Every App
Add passkey login to your website in minutes. No passwords, no friction, no compromise.
Why MasterKey2?
Zero Passwords
Authenticate with fingerprint, face, or security key. No passwords to leak, phish, or forget.
Drop-In Components
Add <masterkey2-authenticate> or <masterkey2-register> to your HTML. Browser detection and QR fallback handled automatically.
Multi-Tenant
One service, many apps. Tenant-scoped users, isolated passkeys, per-tenant relying party IDs.
Cross-Device QR
Desktop users scan a QR code with their phone. Works everywhere, including Firefox.
Framework Agnostic
Web components, JavaScript API, or event-driven. Works with vanilla JS, React, Vue, Svelte, Astro.
Open Source
Self-host with SQLite for a single node, or scale with PostgreSQL for multi-instance HA.
How It Works
Load the SDK
<script type="module"
src="https://auth.example.com
/sdk/masterkey2.js">
</script>Drop in a component
<masterkey2-authenticate
api-base-url=
"https://auth.example.com">
</masterkey2-authenticate>Handle the event
el.addEventListener(
'success', (e) => {
location.href =
e.detail.redirectUrl;
});
Built on Web Standards
WebAuthn / FIDO2 at its core. No shared secrets cross the network. Phishing-resistant by design—credentials are bound to the origin.
Three Ways to Integrate
Pick the approach that fits your stack.
Web Components
Zero-JS HTML. Drop in a custom element, add attributes, done. Works with any framework or none.
JavaScript API
Full programmatic control. Callbacks or promises for passkey login, QR auth, and registration.
Event-Driven
Decoupled event listeners for React, Vue, Svelte. Multiple components reacting to the same auth events.
<!-- Five lines. That's it. -->
<script type="module"
src="https://auth.example.com/sdk/masterkey2.js">
</script>
<masterkey2-authenticate api-base-url="https://auth.example.com">
</masterkey2-authenticate>