While browsing the r/SaaS subreddit yesterday - I saw that Amazon recently tripled the cost of Cognito for large userbases (60K+ MAU) and reduced the free limits (now charging from 15K+ MAU). Cognito has traditionally been the most affordable service for identity and access management.
What Is Amazon Cognito?
If you're not familiar, Amazon Cognito provides an authentication server and an authorization service for OAuth 2.0 access tokens. In the context of API authentication, Cognito is often used as an alternative to IAM roles/policies and Lambda authorizers, with the former only applying to AWS users/services (ie. internal APIs) and the latter having unpredictable costs and requiring custom code.
Why Did Cognito Raise Prices?
The increase in prices likely has to do with additional features being added to Cognito to make it more competitive with SaaS offerings out there today. These features include passwordless login (passkeys), email OTP, and SMS OTP. If you are using Amazong Cognito for authenticating your API calls, and have >15,000 Monthly Active Users - then you might want to consider looking for alternatives before you need to start paying. I found a auth price comparison tool which you can user to compare plans and prices. For more context - here's a breakdown of some Cognito competitors and their monthly pricing.
Service | 15K MAU | 50K MAU | 100K MAU |
---|---|---|---|
Cognito (old) | $0 | $0 | $275 |
Cognito (new) | $28 | $220 | $495 |
Supabase | $0 | $0 | $25 |
Firebase | $0 | $0 | $275 |
Auth0 | $0 | $2000 | $2000 |
Clerk | $125 | $825 | $1825 |
Now if you're a B2B SaaS startup - these prices are likely negligible compared to the average revenue per user. If you're a scaling social media or B2C company however, these costs can add up fast. There's a huge variety in platforms, features and pricing so let's dive into some popular Cognito alternatives.
Auth0
Auth0 (now part of Okta) is a flexible identity management platform offering authentication and authorization as a service. Its often used to offer Universal Login (authentication across platforms) and Multi-Factor Authentication. I've used Auth0 in the past and have found it to be quite powerful - with extensibility around signup/login flows, detailed monitoring, OIDC-support (unlike most options on this list), and documentation for almost every use-case. Despite being one of the pioneers in the developer tooling space - I feel like Auth0 has not kept up with the ease of use that other platforms have, and is definitely more focused on enterprises (thus the higher cost). If you're using Auth0 for your enterprise API authentication, check out this guide.
Auth0 Pricing
Auth0 isn't cheap - but the mature suite of features and tools it offers make it the most suitable option for mature businesses. Not having these features would likely cost you more in productivity. If you're an enterprise organization, this is the platform you should use.
Supabase Auth
Supabase is an open-source BaaS platform that includes an authentication service which can be easily integrated using the Supabase SDK. What makes Supabase great is that it can support almost every type of authentication method (ex. Email/Password, magic link, etc.) and provider (ex. Github, Google, etc.) with relatively little work. Documentation and support is fantastic, which is why I use Supabase for building most CRUD APIs and prototypes these days. If you're interested in using Supabase for API authentication, we have a guide for that too.
Supabase Auth Pricing
The Supabase auth free tier is very generous, with 100K MAU on Supabase costing the same as 15K MAU on Cognito. The downside with Supabase (and most BaaS platforms) is that they are a jack-of-all-trades, but master of none. The level of customization and reporting provided by Supabase may be insufficient for your company.
Firebase Authentication
Firebase is another BaaS platform, featuring slightly more mature versions of all of Supabase's auth features. You could argue Firebase is more well-suited for mobile applications that need authentication. Additionally, their infrastructure and feature-set is pretty advanced thanks to their acquisition by Google. If you're building an API on Firebase, we have articles on creating an API, and adding API key authentication or JWT validation.
Firebase Authentication Pricing
Overall, Firebase authentication pricing is pretty fair - with a generous free tier and a price matching Cognito's old pricing past 100K MAU. Just like Supabase, I wouldn't recommend choosing Firebase for a mid-size to enterprise company - its far too restrictive, and you're locked into Google's ecosystem.
Clerk
Clerk is like if Supabase and Auth0 had a baby. It combines the great developer experience and easy setup of Supabase with the dedication to user and access management of Auth0. It includes a quite of embeddable UIs to quickly get started, and APIs for more advanced use-cases. If you're a startup, Clerk is a very attractive option for getting to market. Many Zuplo customers have integrated Clerk for their API authentication.
Clerk Pricing
Although Clerk is a great option for getting to market I don't necessarily thing its a great option once you start scaling. To start - the free tier ends at 10K MAU, and pricing from there onwards is getting close to Auth0 territory. To be fair, Clerk doesn't count MAU exactly the same as other platforms - users are only counted as active when they return 24+ hours after signup. If you run a PLG/PLS SaaS (like us) or a B2C product and run Google ads to your home page - you know how much of an issue fraudulent and churn-y signups are. It still isn't fair to say Clerk is as enteprise-ready as enterprise-ready as Auth0 is, but they might be one day soon.
What's The Best Amazon Cognito Alternative?
Based on the features and pricing, I would roughly recommend you use the following services based on your MAU.
Or here's a version with more nuance:
Company-type | <50K MAU | 50-100K MAU | 100K+ MAU |
---|---|---|---|
B2B SaaS | Clerk | Clerk | Auth0 |
B2C (ex social media) | Supabase | Supabase | Self-hosted |
Note that I don't care too much about your current MAU - more-so your projected MAU X years in the future, with X being how long it would take for your company to reach "maturity".
For B2B SaaS, Clerk is seems pretty affordable relative to the average value of a MAU might be. Unless your average contract value is really low, or ratio of free users to paid users is extremely high - a few cents a seat is worth the great developer experience. Clerk is a really good option if you're charging per-seat. You should consider Auth0 if your company is already an enterprise with a hundreds of thousands of users.
For B2C, Supabase will get you most of the way for small to medium MAU applications. You might need additional services for analytics and monitoring. If you are building a boom-or-bust B2C company (ex. social media platform, video game, media publication) you should consider using an open-source self-hosted solution like SuperTokens.
Adding Authorization and Authentication to Your APIs
At Zuplo, we've always advocated using API keys for API authentication, but we have support for Auth0, Clerk, Amazon Cognito, Firebase, Supabase, and more!
Top comments (0)