Skip to main content

Hosted Login or AuthN APIs

Add authentication to your app with AuthN

This document outlines the differences between two alternative options you can use to add the login functionality to your application using Pangea as the identity provider.

  • Hosted Login

    This is the easiest and the most comprehensive option. You can quickly add authentication capabilities to your application by delegating the process of signing up and signing in to your Pangea project using its Hosted Login page. After authenticating with Pangea, the user is redirected back to your application with a code that can be exchanged for the user's profile and session tokens.

    Learn more about Pangea's Hosted Login

  • AuthN flow APIs

    Alternatively, your application can collect user credentials and other information directly, and complete the sign-up and sign-in process via calls to the AuthN APIs in the application backend. You can also use the APIs to implement passwordless authentication methods that don’t require direct user interaction in the user agent, such as Email Code, Magic Link, or SMS. The user never leaves the context of your application and there are no redirects.

    Learn more about AuthN login flow APIs

Choose which option fits your application needs and capabilities based on the advantages and limitations of both options described below. With either option, you can use the AuthN APIs directly or use a Pangea SDK in the supported environments.

Hosted Login



  • Customizing the Hosted Login appearance using Branding & Customization might not be 100 % sufficient to satisfy specific branding requirements.
  • Sending users to a hosted login page can cause noticeable interruptions in the browser, like quick flashes or flickering, which might disrupt the seamless experience of using the application.

AuthN flow APIs


  • The login experience could be seamlessly integrated with your application and satisfy tight, specific branding requirements.
  • You could use passwordless authentication methods for step-up authorization.


  • Your application becomes responsible for accidental or malicious disclosure of the user credentials to which it will have direct access.

    Inadvertent or intentional disclosure of these credentials can lead to unauthorized access, identity theft, and reputation damage. To mitigate this risk, you will need to develop robust security measures such as encryption, secure storage, access controls, audits, etc., and adhere to industry best practices and compliance with data protection regulations to maintain user trust. All of these measures have already been implemented in Pangea's Hosted Login solution.

  • Your application will need to capture and track changes in your AuthN configuration and user preferences. Then, you'll need to implement user-facing functionality for every authentication feature you enable, such as password requirements, multi-factor authentication (MFA) options, additional security controls, legal agreements, and more.

  • For threat intelligence purposes, you'll need to include the user authentication context in your requests to the AuthN APIs. This could require a significant development effort and allocation of resources that might otherwise be spent on application-specific functionalities.

  • Every change in AuthN functionality would require re-implementation at the application level in every application utilizing the AuthN APIs.

  • The direct use of AuthN APIs does not support browser-based interactions such as SAML, Social Authentication, CAPTCHAs, Passkeys, and similar features.


Some of these challenges can be addressed through a login widget.

However, using an application to collect and proxy sending user credentials to the Pangea APIs poses an additional security risk. A poorly configured application or malicious developer could capture the credentials. We recommend using the Hosted Flow over the Flow APIs to mitigate this risk.

Was this article helpful?

Contact us