If you've ever built a SaaS product, you know the drill: set up authentication, wire billing logic, manage subscription states, and somehow keep everything in sync. It's 5–9 weeks of plumbing that has nothing to do with your actual product. Astapa exists to eliminate that.
What Is Astapa?
Astapa is a unified backend platform that handles authentication, subscription management, and billing — all in a single JWT token. Instead of stitching together separate services for auth and payments, Astapa gives you one token that already knows your user's plan, role, and feature flags.
The integration is dead simple:
import { jwtVerify, createRemoteJWKSet } from 'jose';
// Exchange auth code for JWT
const { access_token } = await fetch(
'https://astapa.com/api/platform/token',
{
method: 'POST',
body: JSON.stringify({ code, client_id, client_secret })
}
).then(r => r.json());
// Verify with standard JWKS — no proprietary SDK
const { payload: user } = await jwtVerify(
access_token,
createRemoteJWKSet(new URL('https://astapa.com/.well-known/jwks.json'))
);
// Gate features with if-statements. That's it.
if (user.plan === 'pro') { /* premium features */ }
if (user.role === 'admin') { /* admin access */ }
if (user.teamSize > 10) { /* enterprise tier */ }The Three Modules
Astapa is organized into three modules that work independently via standard REST APIs — no proprietary SDK required.
1. Authentication
Email + password, Google, and GitHub OAuth out of the box. You get a hosted login page with zero UI to build, sessions and JWT tokens handled for you, all following standard OAuth 2.0.
2. Subscriptions
Define plans, manage upgrades and trials. The JWT carries plan, role, and trial status automatically. It's webhook-driven and works with Stripe, LemonSqueezy, or any payment gateway you prefer.
3. Custom Claims
This is Astapa's secret weapon. Attach any metadata to a user via a single REST API call — roles, feature flags, team info — and it shows up instantly in the next JWT. Unlike Firebase's custom claims (which can take up to an hour to propagate), Astapa claims are instant with no size limits.
Why It Matters for Indie Developers
The typical auth-to-billing integration takes 5–9 weeks. Every time. Astapa eliminates that with one key insight: put your business logic inside the token.
No servers to manage. No cron jobs. Your payment webhook calls the Claims API, and the next JWT carries the updated plan. One token decode, zero database lookups at runtime.
"Saved me 6 weeks of auth + billing glue. Shipping v1 next week."
"user.plan === 'pro' in middleware. That's it. That's the whole integration."
Pricing
Astapa charges only for monthly active users with indie-friendly pricing:
- Free — 100 MAU, 1 project, hosted login, OAuth, JWT with plan + role, custom claims API
- Starter — Everything in Free + subscription entitlements, webhooks, 3 projects, email support
- Scale — Everything in Starter + priority support, custom domain, unlimited projects, SLA guarantee
They don't charge for trials or free-tier users — you only pay when your users are actively paying you.
The Bottom Line
If you're an indie developer or small team building a SaaS, Astapa removes the most tedious part of the stack. Standard OAuth 2.0, zero vendor lock-in, and a JWT that already knows your pricing tiers. With 240+ indie builders already on board, it's worth checking out at astapa.com.