About the Project

    Open source, by Toc Consulting

    CognitoApi is an MIT-licensed, serverless authentication API on AWS Cognito - cost-effective, secure by default, and deployed entirely with Terraform.

    Our Mission

    The CognitoApi project was created to address common challenges developers face when integrating AWS Cognito into their applications. Our goal is to provide a turnkey solution that abstracts away complex authentication flows while maintaining security.

    We're committed to making user management with AWS Cognito accessible to all developers, from startups to enterprises. By providing a standardized, well-tested API, we help teams focus on building their core features instead of wrestling with authentication.

    As an open-source MIT licensed project, we believe in transparency and community-driven development. CognitoApi is designed to be cost-effective, leveraging AWS Lambda's serverless architecture to minimize infrastructure costs while providing enterprise-grade security.

    Project Highlights

    Key aspects of CognitoApi

    License
    MIT License
    AWS Services
    Cognito, Lambda, API Gateway
    Audience
    Application Developers
    CI/CD
    Terraform
    Pricing
    Cost-Effective

    Project Timeline

    Oct 24, 2023

    CognitoApi is born

    Project initialization with foundational architecture design for integrating AWS Cognito into applications.

    • Repository structure setup
    • Initial AWS service integration planning
    • Core architecture design documentation

    Oct 30, 2023

    Update the postman collection

    Enhanced the API testing capabilities with updated Postman collection.

    • Added comprehensive API endpoint examples
    • Improved request and response documentation
    • Organized collections for better usability

    Feb 19, 2024

    Lambda Runtime Upgrade

    Upgrade the deprecated lambda runtime nodejs14.x to nodejs18.x for the handling of the emails related to the user lifecycle.

    • Updated Lambda functions to the latest Node.js runtime
    • Improved email handling for user lifecycle events
    • Enhanced security and performance

    Feb 20, 2024

    Token Claims Extraction

    Getting userinfo from token claims to improve user data handling.

    • Added functionality to extract user info from token claims
    • Improved user data handling
    • Enhanced security and authentication workflow

    Mar 25, 2025

    Project Website Launch

    Launched the dedicated project website to provide comprehensive documentation and resources.

    • Interactive API documentation
    • Getting started guides
    • Architecture overview

    Jun 29, 2025

    Release 1.0.0

    Production-ready release with MIT License for maximum flexibility and adoption.

    • Switched from Mozilla Public License to MIT License
    • Production-ready stable release
    • New React demo application
    • Enhanced documentation

    Dec 25, 2025

    Toc Consulting Rebrand

    Project transferred to Toc Consulting organization for continued development and support.

    • Rebranded to Toc Consulting
    • Continued community support
    • Ongoing feature development

    2026

    Release 2.0.0

    A major modern-auth release - and a store-nothing redesign that returns the TOTP secret exactly once.

    • Passkeys / WebAuthn support (passwordless, MFA-grade)
    • Self-service MFA reset via a custom-auth recovery flow
    • Enclave: a real file-sharing reference app on CognitoApi (React 19 · Vite · Tailwind)
    • Store-nothing: no MFA secret ever persisted server-side

    Team & Contributors

    Tarek CHEIKH

    Tarek CHEIKH

    Project Lead

    GitHub Profile
    Toc Consulting

    Toc Consulting

    Organization

    GitHub Profile

    Join Our Team

    We welcome contributions from the community. Help us improve CognitoAPI!

    Get Involved

    Found a bug? Have a feature request? Want to contribute? Connect with us on GitHub or check out our Getting Started guide to join the community.