Menu
Home
Main dashboard
Pricing
Plans & comparison
Documentation
API guides & setup
FAQ
Common questions
Terms & Conditions
Privacy Policy
Help Center
About Us
Careers
Contact Us
Become a Partner

Get Started Free

Join thousands of developers building secure apps

Now in Public Beta — Free tier available

Malaysia's authentication
API for web & apps

Ship secure email OTP verification in minutes, not weeks. Built for developers who value simplicity, speed, and zero vendor lock-in.

No credit card required
10,000 free OTPs/month
GDPR compliant
auth2u-example.js 
import { Auth2U } from '@auth2u/sdk';

// Initialize with your secret key
const auth = new Auth2U('af_live_...');

// Send OTP email — it's literally this simple
await auth.otp.sendEmail({
  email: 'user@example.com',
  type: 'login',
});

// Verify the code entered by user
const isValid = await auth.otp.verify({
  email: 'user@example.com',
  code: '482931',
});

console.log(isValid); // true ✅
Why Auth2U?

Everything you need.
Nothing you don't.

We stripped away the complexity. What's left is a blazing-fast, developer-friendly authentication API that just works.

Lightning Fast

Average delivery time under 200ms. Our global edge network ensures OTPs arrive instantly, worldwide.

Email OTP Made Simple

One-time passwords delivered to any inbox. Configurable expiry, rate limiting, and retry logic built-in.

Enterprise Security

SOC 2 Type II certified. End-to-end encryption. Brute force protection. Your users' data stays safe.

Easy Integration

SDKs for JavaScript, Python, Go, Ruby, and PHP. RESTful API with crystal-clear documentation.

<200ms
Avg Response Time
99.99%
Uptime SLA
50M+
OTPs Sent Monthly
180+
Countries Supported
Developer Experience

Built for devs,
by devs.

No more wrestling with complicated auth libraries or managing your own email infrastructure. Our REST API is intuitive, well-documented, and designed to get out of your way.

  • RESTful endpoints — predictable, resource-oriented design
  • Official SDKs — JS, Python, Go, Ruby, PHP
  • Webhook support — real-time event notifications
  • Interactive docs — try API calls right in browser
example.py 
from auth2u import Client

# Initialize client
client = Client("af_live_your_secret_key")

# Send OTP to user's email
response = client.otp.email.send(
    to="user@company.com",
    purpose="verification",
)

print(response.success)  # True
print(response.otp_id)   # "otp_abc123..."

# Verify when user submits code
verification = client.otp.email.verify(
    otp_id=response.otp_id,
    code="847291",  # User input
)

if verification.valid:
    # Grant access! 🎉
    grant_session(user)
Solutions

Perfect for any app
that needs auth.

From startups to enterprises, teams use Auth2U to handle user verification without the headache of building it themselves.

E-commerce Checkout

Verify customer identity at checkout to prevent fraud and reduce chargebacks. Seamless integration with existing payment flows.

Fraud Prevention Order Verification

FinTech & Banking

Meet regulatory requirements for multi-factor authentication. Bank-grade security with audit logs and compliance reporting.

KYC/AML Compliance

Gaming Platforms

Secure account creation, password resets, and trade confirmations. Keep players safe without interrupting their experience.

Account Security Trade Verification

SaaS Applications

Add passwordless login options and enhance existing auth systems. Reduce support tickets related to forgotten passwords by 90%.

Passwordless Login SSO Enhancement

Healthcare Portals

HIPAA-compliant patient identity verification. Secure access to medical records and telehealth appointments with full audit trails.

HIPAA Compliant Patient ID

Mobile Apps

Native SDKs for iOS and Android. Offline-capable verification flows. Deep linking support for seamless UX from email to app.

Native SDKs Deep Links
Pricing

Simple, transparent
Malaysian Ringgit pricing.

No hidden fees. No surprise charges. Pay only for what you use. All prices in MYR — because we're built here, for here.

Ready to ship
secure auth today?

Join thousands of developers who've ditched complex auth libraries for something that actually works. Get started in under 5 minutes.

Pricing Plans

Choose the perfect plan
for your needs.

All plans include our core features. Scale up as you grow — no contracts required.

Monthly Annual (Save 20%)

Starter

Perfect for side projects and MVPs

RM0 /mo

Free forever

  • 10,000 OTPs/month
  • Email OTP only
  • Basic analytics dashboard
  • Community support
  • 1 project
Most Popular

Pro

For growing startups and teams

RM199 /mo

Billed monthly or RM1,908/year

  • 100,000 OTPs/month
  • Email + SMS OTP
  • Advanced analytics & reports
  • Priority email support
  • Custom branding
  • Webhook integrations
  • 10 projects

Enterprise

For large-scale deployments

Custom

Tailored to your needs

  • Unlimited OTPs
  • All channels (Email, SMS, WhatsApp)
  • Dedicated account manager
  • 24/7 phone & chat support
  • SLA guarantee (99.99%)
  • On-premise deployment option
  • SOC 2 & ISO 27001 compliance

Detailed Feature Comparison

Features Starter Pro Enterprise
Monthly Price Free RM199/mo Custom
OTP Messages / Month 10,000 100,000 Unlimited
Email OTP
SMS OTP
WhatsApp OTP
Projects 1 10 Unlimited
Team Members 1 5 Unlimited
Custom Branding
Analytics Dashboard Basic Advanced Full Suite
Webhooks
Support Level Community Priority Email 24/7 Phone & Chat
SLA Guarantee 99.99%
Compliance Certifications SOC 2, ISO 27001
On-Premise Deployment

Have questions about pricing?

Documentation

Get started in
under 5 minutes.

Follow our step-by-step guide to integrate Auth2U into your application.

1

Create Account

Sign up for a free account and get your API keys instantly. No credit card required.

Terminal 
# Sign up at auth2u.com
# Get your API key from dashboard
API_KEY="af_live_your_key_here"
2

Install SDK

Install our SDK for your preferred language. We support all major frameworks.

npm / yarn / pip 
# Node.js / JavaScript
npm install @auth2u/sdk

# Python
pip install auth2u

# Go
go get github.com/auth2u/go-sdk
3

Send First OTP

Initialize the client and send your first OTP email. It's really that simple!

index.js 
import { Auth2U } from '@auth2u/sdk';

const auth = new Auth2U(process.env.API_KEY);

await auth.otp.sendEmail({
  email: 'user@example.com',
  type: 'login'
});

Core API Endpoints

POST /v1/otp/email/send

Send Email OTP

Sends a one-time password to the specified email address for verification purposes.

Request Body

{
  "email": "user@example.com",
  "type": "login" | "signup" | "reset" | "verify",
  "expiry": 300,  // seconds (optional, default: 300)
  "length": 6     // digits (optional, default: 6)
}

Response

{
  "success": true,
  "otp_id": "otp_abc123xyz",
  "message": "OTP sent successfully",
  "expires_at": "2024-01-15T10:35:00Z"
}
POST /v1/otp/verify

Verify OTP Code

Verifies the OTP code submitted by the user against the original request.

Request Body

{
  "otp_id": "otp_abc123xyz",
  "code": "482931",
  "email": "user@example.com"
}

Response

{
  "valid": true,
  "verified_at": "2024-01-15T10:30:15Z",
  "attempts_remaining": 2
}

SDK Examples

JavaScript / TypeScript

auth.js 
import { Auth2U } from '@auth2u/sdk';

const auth = new Auth2U(process.env.AUTH2U_KEY);

// Express.js route example
app.post('/api/send-otp', async (req, res) => {
  const { email } = req.body;
  
  const result = await auth.otp.sendEmail({
    email,
    type: 'login'
  });
  
  res.json({ success: result.success });
});

app.post('/api/verify-otp', async (req, res) => {
  const { email, code, otpId } = req.body;
  
  const result = await auth.otp.verify({
    email,
    code,
    otp_id: otpId
  });
  
  if (result.valid) {
    // Create session / JWT
    res.json({ authenticated: true });
  } else {
    res.status(400).json({ error: 'Invalid code' });
  }
});

Python / Django

views.py 
from auth2u import Client
from django.http import JsonResponse
from django.views.decorators.http import require_POST

client = Client("af_live_your_key")

@require_POST
def send_otp(request):
    email = request.POST.get('email')
    
    response = client.otp.email.send(
        to=email,
        purpose='verification'
    )
    
    return JsonResponse({
        'success': response.success,
        'otp_id': response.otp_id
    })

@require_POST
def verify_otp(request):
    otp_id = request.POST.get('otp_id')
    code = request.POST.get('code')
    
    verification = client.otp.email.verify(
        otp_id=otp_id,
        code=code
    )
    
    if verification.valid:
        # Login user, create session
        return JsonResponse({'status': 'ok'})
    
    return JsonResponse(
        {'error': 'Invalid code'}, 
        status=400
    )

Webhook Integration

Receive real-time notifications about OTP events directly to your server. Configure your webhook endpoint in the dashboard under Settings → Webhooks.

Event Types

  • otp.sent Triggered when an OTP is sent successfully
  • otp.verified Triggered when user verifies OTP correctly
  • otp.failed Triggered when verification fails or expires
  • otp.bounced Triggered when email delivery fails
Webhook Payload 
{
  "event": "otp.verified",
  "data": {
    "otp_id": "otp_abc123",
    "email": "user@example.com",
    "type": "login",
    "verified_at": "2024-01-15T...",
    "ip_address": "203.106.x.x"
  },
  "timestamp": 1705315815,
  "signature": "sha256=abc123..."
}
FAQ

Frequently Asked
Questions.

Everything you need to know about Auth2U. Can't find what you're looking for? Contact our team.

What is Auth2U?

Auth2U is Malaysia's premier authentication API service that provides secure email OTP (One-Time Password) verification for web and mobile applications. We handle the complex infrastructure of sending and verifying authentication codes so you can focus on building your product.

How does the free tier work?

Our free Starter plan includes 10,000 OTP messages per month at no cost — forever. No credit card required to sign up. This is perfect for side projects, MVPs, and small applications that are just getting started. You get access to all core features including our REST API, basic analytics, and community support.

Is my data secure with Auth2U?

Absolutely. Security is our top priority. We are SOC 2 Type II certified and comply with GDPR regulations. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We never store plaintext OTP codes — they're hashed immediately upon generation. Our infrastructure undergoes regular third-party security audits and penetration testing.

What happens if I exceed my monthly limit?

If you approach your monthly limit, we'll send you a notification at 80% usage. Once you hit your limit, additional OTP requests will return a 429 (Too Many Requests) status code until your cycle resets on the 1st of the next month. You can upgrade your plan at any time to increase your limits immediately, or purchase add-on packs for temporary spikes.

Can I use Auth2U for SMS verification too?

Yes! While our specialty is email OTP, Pro and Enterprise plans include SMS OTP capabilities. Enterprise plans also support WhatsApp Business API for OTP delivery. All channels use the same simple API interface — just change the `channel` parameter in your request.

Do you offer custom integrations or white-label solutions?

Yes! Our Enterprise plan includes full white-label capabilities including custom branding on emails, dedicated subdomains, custom email templates, and even on-premise deployment options for organizations with strict data residency requirements. Contact our sales team to discuss your specific needs.

What programming languages do you support?

We provide official SDKs for the most popular languages and frameworks:

  • JavaScript/TypeScript — Node.js, React, Vue, Angular, Next.js
  • Python — Django, Flask, FastAPI
  • Go — Standard library, Gin, Echo
  • Ruby — Rails, Sinatra
  • PHP — Laravel, Symfony
  • Java/Kotlin — Spring Boot

For any other language, you can use our REST API directly — it's language-agnostic!

How fast are OTP deliveries?

Our average email OTP delivery time is under 200ms to the recipient's mail server. Actual inbox appearance depends on the recipient's email provider (Gmail, Outlook, etc.), but most users receive their codes within 30 seconds. We maintain global edge servers in Singapore, Tokyo, Frankfurt, and Virginia to ensure low latency worldwide.

Still have questions?

Our support team is here to help you 24/7. Get in touch and we'll respond within minutes.

Legal

Terms &
Conditions

Last updated: January 15, 2024

1. Acceptance of Terms

By accessing or using Auth2U's services ("Services"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not use the Services. These Terms apply to all visitors, users, and others who access or use the Services.

2. Service Description

Auth2U provides application programming interfaces (APIs) and related services for sending one-time passwords (OTPs) via email, SMS, and other channels ("Services"). The Services enable developers to integrate authentication functionality into their applications.

  • Email OTP delivery and verification services
  • SMS OTP delivery (Pro plan and above)
  • API access and developer tools
  • Analytics and reporting dashboards
  • Technical support and documentation

3. User Responsibilities

As a user of our Services, you agree to:

  • Provide accurate and complete registration information
  • Maintain the security of your API keys and account credentials
  • Use the Services only for lawful purposes and in compliance with applicable laws
  • Not attempt to disrupt, overload, or impair the proper functioning of the Services
  • Not use the Services to send spam, unsolicited messages, or content that violates any laws
  • Implement appropriate rate limiting in your applications

4. Pricing and Payment

Our pricing is available at auth2u.com/pricing. Key terms regarding payment:

  • All fees are quoted in Malaysian Ringgit (MYR)
  • Billing cycles begin on the date of subscription
  • Annual plans are billed upfront and non-refundable except as required by law
  • We reserve the right to change pricing with 30 days' notice
  • Overage charges may apply if usage exceeds plan limits

5. Data Protection and Privacy

Your privacy is important to us. Please review our Privacy Policy which governs the use and protection of your information. We process personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable international regulations including GDPR.

6. Limitation of Liability

To the maximum extent permitted by law, Auth2U shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses, resulting from your access to or use of (or inability to access or use) the Services.

7. Termination

We may terminate or suspend your account and bar access to the Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of these Terms. Upon termination, your right to use the Service will immediately cease.

8. Changes to Terms

We may update these Terms from time to time. We will notify you of any changes by posting the new Terms on this page and updating the "Last updated" date. You are advised to review these Terms periodically for any changes. Changes to these Terms are effective when they are posted on this page.

9. Contact Information

If you have any questions about these Terms, please contact us at:

Auth2U Sdn Bhd

Legal Department

Email: legal@auth2u.com

Address: Kuala Lumpur, Malaysia

Legal

Privacy
Policy

Last updated: January 15, 2024

Introduction

Auth2U Sdn Bhd ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our authentication API services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or our services.

Information We Collect

Personal Information

  • Name, email address, and company name during registration
  • Billing information (processed by secure payment providers)
  • Communication preferences

Technical Data

  • IP addresses and browser types
  • Device information and operating system
  • API request logs and usage patterns
  • Cookies and similar technologies

Authentication Data

  • Email addresses used for OTP delivery (encrypted)
  • OTP verification statuses (no actual OTP codes stored)
  • Timestamps of authentication attempts

How We Use Your Information

We use collected information for:

  • Providing, maintaining, and improving our Services
  • Processing transactions and sending related information
  • Sending technical notices, updates, security alerts, and support messages
  • Responding to your comments, questions, and requests
  • Monitoring and analyzing trends, usage, and activities
  • Detecting, investigating, and preventing fraudulent transactions and abuse
  • Complying with legal obligations

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized alteration, disclosure, destruction, or loss. This includes:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Secure data centers with SOC 2 Type II certification

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. OTP-related data is automatically purged after 90 days. Account data is retained for the duration of your active account plus 1 year for legal compliance purposes.

Your Rights

Under PDPA 2010 and GDPR (where applicable), you have the right to:

  • Access and obtain a copy of your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal requirements)
  • Object to processing of your data
  • Data portability
  • Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@auth2u.com.

International Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. Where required by law, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Contact Us

For any privacy-related inquiries, please contact our Data Protection Officer:

Data Protection Officer

Auth2U Sdn Bhd

Email: privacy@auth2u.com

Address: Kuala Lumpur, Malaysia

Help Center

How can we
help you?

Find answers, guides, and resources to make the most of Auth2U.

Getting Started

Quick start guides, installation tutorials, and first integration steps.

View Guides →

API Reference

Complete endpoint documentation, parameters, response formats, and error codes.

View Docs →

Security Best Practices

How to implement secure authentication flows and protect your users.

Learn More →

Billing & Plans

Understanding invoices, upgrading plans, and managing subscriptions.

View Guide →

Troubleshooting

Common issues, error explanations, and step-by-step fixes.

Find Solutions →

Contact Support

Can't find what you need? Our team is here to help 24/7.

Get Help →

Popular Articles

#1

How to set up your first OTP verification

Step-by-step guide to sending and verifying your first OTP in under 5 minutes.

#2

Understanding rate limits and throttling

Learn about our rate limiting policies and how to handle them gracefully.

#3

Customizing OTP email templates

Add your branding and customize the look and feel of OTP emails.

#4

Webhook setup and event handling

Configure webhooks to receive real-time notifications about OTP events.

Still need help?

Our support team typically responds within 2 hours during business hours, and within 24 hours for all inquiries.

Our Story

Building the future of
authentication in Southeast Asia.

Founded in 2023 in Kuala Lumpur, Auth2U was born from a simple frustration: why should authentication be so complicated? We set out to build the simplest, fastest, and most developer-friendly auth API in the region.

Our Mission

We believe every developer deserves access to enterprise-grade authentication without the enterprise-grade complexity. Our mission is to democratize security — making it easy for startups, indie hackers, and enterprises alike to protect their users.

Based in Malaysia, we understand the unique challenges of the Southeast Asian market — diverse languages, varying connectivity, and specific regulatory requirements. That's why we built Auth2U from the ground up to serve this region first.

50M+
OTPs Sent Monthly
180+
Countries Reached
99.99%
Uptime SLA
<200ms
Avg Response Time

What we stand for.

Speed First

Every millisecond counts. We obsess over performance so your users never wait.

Security Always

Bank-grade encryption, SOC 2 certified, and audited regularly. No compromises.

Developer Love

Built by devs, for devs. Clean APIs, great docs, and zero vendor lock-in.

Meet the team.

AK

Ahmad Khalid

CEO & Co-founder

Ex-Google, Ex-Grab

SL

Sarah Lim

CTO & Co-founder

Ex-Shopee, Ex-Airbnb

RT

Raj Tanaka

Head of Engineering

Ex-Meta, Ex-TikTok

MN

Maya Nur

Head of Product

Ex-Slack, Ex-Stripe

Want to join our team?

We're always looking for talented people who share our passion for building great developer tools.

Join Us

Build the future
with us.

We're a remote-first team distributed across Southeast Asia. We value impact over hours, outcomes over output, and people over processes.

Remote-First

Work from anywhere in SEA. Flexible hours. Async-friendly culture.

Competitive Pay

Above-market salaries. Equity for everyone. Annual bonuses.

Health & Wellness

Full medical coverage. Mental health support. Unlimited leave policy.

Open Positions

Senior Backend Engineer

Full-time

Kuala Lumpur / Remote • Engineering

Go PostgreSQL Redis Kubernetes

Full Stack Developer (SDK Team)

Full-time

Remote • Engineering

TypeScript Python React

DevOps / Site Reliability Engineer

Full-time

Remote • Infrastructure

AWS Terraform Docker Prometheus

Technical Writer

Part-time / Contract

Remote • Developer Experience

Documentation API Design Developer Tools

Customer Success Manager

Full-time

Kuala Lumpur • Customer Success

SaaS B2B APAC

Don't see your role?

We're always interested in meeting talented people. Send us your resume and tell us why you'd be a great fit.

Get in Touch

Let's talk about
your project.

Whether you have a question about features, pricing, or anything else, our team is ready to answer all your questions.

Email Us

hello@auth2u.com

We'll respond within 24 hours

Call Us

+60 3-2181 8888

Mon-Fri, 9am-6pm MYT

Visit Us

Menara UOA Bangsar,

Kuala Lumpur, Malaysia

Follow Us

Send us a message

Partner Program

Partner with
Auth2U.

Join our partner program and earn recurring revenue while helping your clients implement world-class authentication. It's a win-win-win.

Earn Up to 25%

Recurring commission on every customer you refer. Paid monthly, no caps.

Co-Marketing Support

Joint webinars, case studies, and promotional materials to help you sell.

Partner Community

Exclusive Slack channel, early access to features, and quarterly partner summits.

Partnership Tiers

Referral Partner

For individuals and freelancers

15%

Commission for 12 months

  • Unique referral link
  • Basic analytics dashboard
  • Monthly payouts via PayPal/Payoneer
  • Marketing kit (banners, copy)
Most Popular

Solution Partner

For agencies and consultancies

20%

Commission for 24 months

  • Everything in Referral +
  • White-label implementation support
  • Dedicated partner manager
  • Co-marketing opportunities
  • Quarterly business reviews

Strategic Partner

For platforms and ecosystems

25%

Lifetime revenue share

  • Everything in Solution +
  • API integration partnership
  • Joint product roadmap input
  • Executive sponsorship program
  • Custom integration development

Ready to become a partner?

Fill out our partnership application form and our partnerships team will reach out within 48 hours.