Authentication Methods
Akedly offers multiple authentication approaches. Choose the method that best fits your integration style and security requirements.
V1.0 API Sunset Extended to December 30, 2026
Based on community feedback, the V1.0 REST API sunset has been extended to December 30, 2026. Existing V1.0 integrations will continue to work until then.
V1.2 REST API is now Recommended
V1.2 is our recommended REST API. Built-in Proof-of-Work, Cloudflare Turnstile, pipeline-level rate limiting, and circuit breaking — no iframe required. Production-ready and the default choice for REST integrations. View V1.2 docs
V2.0 Widget SDK — State-of-the-Art Enterprise Security
V2.0 delivers the maximum security tier: every protection in V1.2 plus an iframe-based defense layer Akedly manages for you. V2.0 is also the only path to Pay-Per-Successful-Authentication (PPSA) pricing for qualifying startups. V1.0 and V1.2 use pay-per-message billing.
Comparison
| Feature | V1.2 REST API | V2.0 Widget SDK | V1.0 REST API |
|---|---|---|---|
| Status | Recommended REST API | Enterprise Security | Sunsetting Dec 2026 |
| Security Tier | Strong (~80% of V2.0) | Maximum (state-of-the-art) | DIY (your responsibility) |
| Integration Style | REST API (your UI) | Iframe widget (managed UI) | REST API (your UI) |
| UI Control | Full control, no iframe | Managed by Akedly | Full control, no iframe |
| Backend Code | 3 API calls | 1 API call | 3 API calls |
| Pricing Model | PPM (pay per message) | PPSA eligible (requirements apply) | PPM (pay per message) |
| Captcha Protection | Built-in via SDK/CDN | Built-in (widget-managed) | Implement your own |
| Device Fingerprinting | Built-in (pipeline-level) | Built-in (widget-level) | Implement your own |
| Rate Limiting | Built-in (pipeline-level) | Built-in (widget-level) | Implement your own |
| Circuit Breaker | Built-in | Built-in | Implement your own |
| Custom Branding | Fully customizable (you build it) | Logo, colors, company name | Fully customizable (you build it) |
How the Three Methods Differ on Security
RESTful APIs are inherently more exposed to certain attack vectors than managed widgets — this is a known industry characteristic, not specific to Akedly. V1.0 gives you the building blocks; security is in your hands. V1.2 adds Proof-of-Work, Turnstile, fingerprinting, rate limiting, and circuit breaking at the pipeline level — strong protection that covers the vast majority of real-world threats. V2.0 wraps everything V1.2 has inside a managed iframe widget that adds the maximum-security defense layer for teams that need it.
Choose Your Integration Method
V1.2 — Recommended REST API
V1.2 is our recommended REST API. Built-in Proof-of-Work, Cloudflare Turnstile, pipeline-level rate limiting, and circuit breaking — production-ready, no iframe required. For the maximum security tier and PPSA eligibility, see V2.0 Widget SDK.
V1.2 REST API -- Akedly Shield
V1.2 wraps the familiar V1 REST API with Akedly Shield -- a client-side security layer that requires Proof-of-Work and Turnstile verification before OTP delivery. Same REST simplicity, built-in protection.
Why Choose V1.2
- Name
Proof-of-Work- Description
Clients must solve a computational challenge before receiving an OTP. Deters bot abuse without user friction.
- Name
Turnstile Captcha- Description
Built-in Cloudflare Turnstile verification. No third-party captcha integration needed.
- Name
Pipeline-Level Security- Description
Rate limiting, circuit breaking, and fingerprinting applied automatically at the pipeline level.
- Name
Full UI Control- Description
No iframe required. Build your own UI and use Shield SDKs for the security layer.
Shield SDKs
Official SDKs handle PoW solving and Turnstile for you:
- Web:
@akedly/shield(npm + CDN) - Flutter:
akedly_shield(GitHub, pubspecgit:dependency) - iOS:
AkedlyShield(SPM via GitHub URL) - Android:
akedly-shield-kotlin(GitHub via JitPack) - React Native:
@akedly/shield(npm)
Getting Started
Decision Guide
Choose V1.2 REST API (Recommended) if:
- You want a REST API with built-in security baked in
- You need full UI control with no iframe
- You want Proof-of-Work, Turnstile captcha, fingerprinting, and rate limiting handled for you at the pipeline level
- You prefer SDKs or CDN scripts over managed widgets
- Strong protection (~80% of V2.0's security tier) is the right trade-off for your product
Choose V2.0 Widget SDK (Enterprise) if:
- You need the maximum security tier — every protection in V1.2 plus a managed iframe defense layer
- You operate in a regulated industry (finance, healthcare) and want Akedly to maintain the security boundary
- You want PPSA eligibility (requirements coming December 2025)
- You need Telegram support
- You prefer a managed UI and fast integration over building your own
Choose V1.0 REST API if:
- You have an existing V1.0 integration that works for your needs
- You handle your own security and are comfortable with that responsibility
- You understand it will sunset December 30, 2026
Recommendation
For most new projects, V1.2 REST API is the recommended starting point — REST simplicity with strong built-in security and full UI control. Step up to V2.0 Widget SDK when you need the highest security tier (regulated industries) or want PPSA pricing. View V1.2 docs