Documentation

Heimdall

Authentication and authorization for multi-tenant products. This documentation covers everything you need to integrate Heimdall into your application, from first API call to production deployment.

Quickstart

Go from zero to a working auth integration in under ten minutes. Create an App, issue tokens, and verify permissions.

Read more →

Core Concepts

Understand Apps, Users, Roles, Permissions, and Tokens. Learn how Heimdall models multi-tenancy and access control.

Read more →

API Reference

Complete endpoint documentation with request and response examples for every resource in the Heimdall API.

Read more →

Guides

Step-by-step walkthroughs for common patterns: SaaS onboarding, service-to-service auth, invite flows, and more.

Read more →

Base URL

https://api.productcraft.co/heimdall/v1

All endpoints are relative to this base URL. Requests must include an Authorization header with a valid bearer token unless otherwise noted.

Authentication

Heimdall uses two types of credentials:

  • Admin API keys for managing Apps, Roles, and Users. Include as a bearer token in the Authorization header.
  • App tokens (JWT) for authenticating end users and services. Issued by Heimdall, verified locally via JWKS or through the verify endpoint.
Start with the quickstart