Authentication,
without the boilerplate.
A serverless auth & user-management API on AWS Cognito - mandatory MFA, self-service recovery and the full user lifecycle, deployed with Terraform in minutes.
Key Features
CognitoAPI is an authentication and user management solution that lets you build applications without thinking about the authentication part
Mandatory MFA
TOTP multi-factor authentication is enforced at enrollment - no app ships without a second factor.
Self-service recovery
Forgot-password and lost-authenticator (MFA reset) flows built in - users recover without ever disabling MFA.
Complete user lifecycle
Create, confirm, sign in, manage, recover and delete - every user-management operation, end to end.
AWS Cognito backend
Built on AWS Cognito and a thin Lambda + API Gateway layer - secure, managed, and store-nothing by design.
Cost effective
AWS Cognito is free for the first 50K monthly active users - perfect for bootstrapping your product.
Fully automated
Nothing to click. Deploy with Terraform - simple, reproducible, and CORS pre-configured for any frontend.
Secure Serverless Architecture
API Gateway – Provides a secure and robust REST API interface with proper CORS support
Lambda Functions – Python functions that handle authentication logic and Cognito interactions
Cognito User Pool – Manage user identities and JWT-based authentication
Terraform – Infrastructure as Code for consistent, repeatable deployments
Request flow
Store-nothingObservability via CloudWatch logs + lambda warmers · least-privilege IAM role per function · 100% provisioned with Terraform (remote state in S3, locked with DynamoDB).