Skip to content

For Developers

Use this section if you are adding SigID to an application, backend API, webhook receiver, or agent/MCP integration.

What SigID Is

SigID is the identity and account-security service your app uses instead of building login, sessions, consent, recovery, SSO, and token issuing yourself.

Your app sends users to SigID for sign-in. SigID checks the user, then sends the user back to your app with a result your code can handle. Your backend then trusts only validated SigID tokens, not frontend guesses about who the user is.

How Your App Uses SigID

  1. 1Get app settingsAsk the workspace owner for issuer URL, client ID, redirect URL, scopes, audience, and tenant or workspace ID.
  2. 2Add hosted loginUse the SDK to send users to SigID and handle the callback when SigID sends them back.
  3. 3Create an app sessionStore only the session data your app needs and support logout.
  4. 4Validate access tokens on the backendCheck issuer, audience, tenant, expiry, scopes, signature, and subject type before serving protected data.
  5. 5Protect each API boundaryDo not rely on hidden buttons or frontend state. Enforce access in backend code.
  6. 6Add webhooks or agent auth only when neededUse signed webhooks for async events and scoped principals for agents or MCP servers.

Choose The Right Page

What you want to build Read this
Add sign-in to your app Add Login To Your App
Check that SigID tokens are valid Verify Access Tokens
Protect backend routes and resources Protect Backend APIs
Pick the right package or example SDKs And Examples
Receive events from SigID Receive Webhooks
Protect agents, tools, or MCP servers Agent And MCP Auth

Start With A Quickstart

What you have Start here You finish with
Next.js App Router app Next.js Quickstart Hosted login, callback, protected page, and protected API route
React browser app React SPA Quickstart Hosted login, callback, session UI, logout, and backend token handoff
Existing backend API Backend API Quickstart Bearer-token validation with tenant, audience, scope, and subject checks
You want to see it running first Run The Example App Local SDK Lab app and quality gate

If you are not sure which one to choose, use Next.js Quickstart.

Use Reference when you need exact OAuth parameters, claims, scopes, API shapes, event names, error formats, or security model details.