Backend primitives for the next generation of builders.
One flat REST surface for auth, transactional mail, waitlists, and the rest of the boilerplate your team rewrites every quarter. Built for humans and the agents they ship alongside.
Flat JSON. No SDK to install. Curl-first from the first page.
Read a doc page, ship in an afternoon.
Flat JSON, predictable URLs, human-readable errors. The same surface your agents can reason about.
// Verify a Heimdall token on any requestconst claims = await verify(bearerToken, { jwksUri: 'https://api.heimdall.productcraft.co/v1/.well-known/jwks.json', expectedAid: APP_ID,}); // Send a DKIM-signed transactional email through Envoiawait fetch(`${envoi}/v1/apps/${APP_ID}/messages`, { method: 'POST', headers: { Authorization: `Bearer ${ENVOI_KEY}` }, body: JSON.stringify({ from: 'hello@acme.com', to: claims.email, template: 'welcome', data: { name: claims.name }, }),});Modular building blocks for the backend you keep rewriting.
Five services, one mental model. Flat REST, tenancy built in, curl-first docs, no vendor lock-in on the data. Scroll to see how each piece fits.
{
"aid": "app_f2a9",
"sub": "usr_alice",
"aud": "acme-prod",
"roles": ["admin"],
"iss": "https://...heimdall.../app_f2a9",
"exp": 1748391600
}Identity, scoped the way your customers need it
Per-tenant JWKS, RBAC that adapts per app, and an audit log that records reads — not just writes.
- Platform API + per-app Consumer API, cryptographically isolated
- Per-tenant JWKS so a leaked key never crosses customers
- PATs with granular scopes, revocable per workspace
- Immutable audit log including read operations
Your workspace {{ slug }} is ready. DKIM-signed from your domain.
Send from your domain, not ours
One RabbitMQ publish, one DKIM-signed email out the door. Handlebars templates, per-app namespaces, no HTTP footprint.
- Per-domain DKIM keypair, AES-encrypted at rest
- Event-only API: publish and move on, no HTTP to babysit
- Handlebars templates with layouts and partials per app
- Pluggable SMTP: SES, SendGrid, Mailgun, or an in-cluster relay
{
"url": "news.ycombinator.com",
"schema": {
"title": "string",
"points": "number",
"comments": "number"
},
"webhook": "https://acme.com/hn"
}Structured data from any URL, without selectors
POST a URL and a schema. An agent visits, extracts, and webhooks your endpoint. No scrapers, no CSS paths to patch.
- Schema-driven extraction — LLM conforms to your JSON Schema
- Webhook-first async pipeline, job ID returned immediately
- Multi-strategy fallback: full HTML → simplified → metadata-only
- Zero data retention by default; metadata only
Signups that don’t live in a spreadsheet
Public signup API, admin dashboard, webhooks on every entry. Heimdall-native from the first list.
- Public slug-based endpoints — no auth on the signup path
- Webhooks + CSV export + live analytics without a separate stack
- JSONB settings: custom fields and branding without migrations
- Heimdall-native permissions, registered per workspace
Finally shipped the feed ranking refactor. 40% fewer reads on p99 and the graph stays warm.
Feeds, follows, and ranking without the rewrite
Hybrid fan-out, pluggable ranking, and denormalized counters — the social layer your team keeps shipping late.
- Hybrid fan-out: on-write under 1k followers, on-read beyond
- Pluggable ranking with tunable weights per community
- Threaded comments with configurable depth + reactions
- Redis-accelerated, with a pure-Postgres fallback path
Stop rewriting the same backend every sprint.
Auth and transactional email are solved. Drop in Heimdall and Envoi, and get back to the parts of your product that only you can build.