Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

Secure & customizable authentication

Simplified Authentication for Headless CMS

Authentication for every use case

Securely manage scenarios ranging from e-commerce accounts to user profiles on social sites, Next.js apps, and anywhere else you can imagine.

Explore Docs
ecommerce authenticationecommerce authentication

Enterprise-ready security

Payload uses JWT-based tokens and HTTP-only cookies to safeguard your data and users, offering protection from threats like XSS and CSRF across your admin panel and applications.

Explore Docs
1
import { CollectionConfig } from 'payload/types'
2
3
export const Admins: CollectionConfig = {
4
slug: 'admins',
5
auth: {Code feature
6
tokenExpiration: 7200, // How many seconds to keep the user logged in
7
verify: true, // Require email verification before being allowed to authenticate
8
maxLoginAttempts: 5, // Automatically lock a user out after X amount of failed logins
9
lockTime: 600 * 1000, // Time period to allow the max login attempts
10
// More options are available
11
},
12
fields: [
13
{
14
name: 'role',
15
type: 'select',
16
required: true,
17
options: [
18
'user',
19
'admin',
20
'editor',
21
'developer',
22
],
23
},
24
],
25
}
26

Ready to use operations

Leverage pre-built login, logout, and password reset available through REST, GraphQL, and Node. Move faster with clean, reusable code—no need to build from scratch.

Explore Docs
Authentication admin and external loginAuthentication admin and external login

Alternative authorization with API keys

Simplify third-party integrations with non-expiring, user-specific API keys for seamless authentication.

Explore Docs
1
const request = await fetch("http://localhost:3000/api/pages", {
2
headers: {
3
Authorization: `${User.slug} API-Key ${YOUR_API_KEY}`,
4
},
5
});
6

Single sign-on (SSO)

Enterprise clients can seamlessly integrate with any SAML or OAuth 2.0 identity provider, and eliminate the need to maintain individual logins.

Explore SSO
this is a version of the SSO logo grid block with background fill, especially useful over the gridlinesthis is a version of the SSO logo grid block with background fill, especially useful over the gridlines

Connect with us.

Whether you need help from our active community or have questions about using Payload at the enterprise level, we’re here to help.