Eliminate passwords and stop unnecessary MFA friction. X-Auth evaluates risk in real-time — seamless access for legitimate users, hard stops for threats.
import { XAuth } from '@xentranet/x-auth';
const xauth = XAuth.init({ tenant: 'your-app' });
// Evaluate risk on every request — device, location, behavior, network
const { riskLevel, session } = await xauth.evaluate(req);
// Only challenge when the signals demand it
if (riskLevel === 'high') {
await xauth.stepUp({ method: 'biometric' });
}
// Low risk? Let them through. Seamlessly.
return session.authorize(req);Static authentication treats every login the same. That's not security — it's friction theater.
"Why are you asking for an SMS one-time code when I just want to log in and check my debit balance from the same home computer I use every single time?"
That's your customer. Frustrated. Abandoning your app. Traditional authentication blasts every user with MFA hurdles regardless of how well you know them.
Dynamic, risk-based authentication changes that. X-Auth evaluates a live trust score on every request — device reputation, behavioral patterns, location, and network signals — continuously, not just at login. As part of a Zero Trust framework, every access attempt is verified in real-time.
Legitimate users glide through. Threats get stopped. Make accessing your system a low-friction experience for the good citizens of the internet, and a wall for everyone else.
X-Auth evaluates both the identity signals behind a request and the sensitivity of what's being accessed — then matches the friction to the actual risk.
e.g. login request for read-only access — trusted identity signals and low-sensitivity operation.
e.g. report generation for sensitive data — elevated sensitivity or mild identity signal deviation.
e.g. payment attempt — high-value operation, suspicious signals, or both.
X-Auth ingests four categories of signals continuously to build a live trust score for every session — not just at login.
Each device is fingerprinted and scored against historical fraud patterns and browser entropy. New or anomalous devices are flagged before a credential is ever entered.
AI/ML models build a behavioral baseline for each user — typing cadence, mouse dynamics, touch pressure, and navigation patterns. Deviations trigger escalation automatically.
IP reputation, geo-fencing, traffic velocity analysis, VPN detection, and Tor exit node identification guard against proxy abuse and distributed credential attacks.
Session duration, access times, resource access patterns, and privilege escalation attempts are monitored continuously throughout the session — not just at login.
Risk intelligence is the foundation. Authentication and authorization are the execution layers that act on it.
Passkeys, passwordless, WebAuthn, FIDO2, and Magic Links through a single SDK. Authentication that adapts in real-time based on the live risk score — across every major platform.
Fine-grained RBAC and ABAC enforced at the edge via Open Policy Agent (OPA). Define permissions as code, deploy globally, and enforce with near-zero latency.
Continuous AI/ML risk scoring built for Zero Trust architectures. Ingest signals, compute trust, and respond — all before the request is served. ATO protection and bot mitigation included.
From fintech startups to enterprise infrastructure — X-Auth is the foundation of digital trust.
instances of unauthorized access reported by X-Auth clients
No credit card required for the Developer tier. Full risk intelligence included on every plan.