🐚 ShellApps Blog
← Back to posts

Zero to Auth in 5 Minutes

· Sarah Chen

Authentication is one of those things every app needs but nobody wants to build from scratch. We've spent months getting it right so you don't have to.

What ShellApps Identity Gives You

ShellApps Identity is a drop-in authentication layer for web and mobile apps. Out of the box, you get:

  • Email + password with secure hashing and brute-force protection
  • Two-factor authentication via email, SMS, or authenticator app
  • Session management with JWT tokens and automatic refresh
  • User profiles with custom fields and avatar support
  • Email verification and password reset flows

All of this through a clean REST API — no heavy SDKs, no vendor lock-in.

Getting Started

1. Create Your App

Head to shellapps.com and create a free account. From the dashboard, create a new app and grab your API keys.

2. Register a User

curl -X POST https://auth.shellapps.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Doe",
    "email": "jane@example.com",
    "password": "securepassword123"
  }'

3. Log In

curl -X POST https://auth.shellapps.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "password": "securepassword123"
  }'

You'll get back a JWT token. Include it in the Authorization header for authenticated requests.

4. Protect Your Routes

On your backend, validate the token against our verification endpoint. If you're using Node.js, our lightweight @shellapps/auth-core package handles this in a single line.

Multi-Factor Authentication

We believe 2FA should be easy to offer, not just for enterprise customers. Every ShellApps Identity app gets three MFA methods at no extra cost:

  • Email codes — Zero setup, works immediately
  • SMS codes — For users who prefer text messages
  • Authenticator apps — TOTP-based, works with Google Authenticator, Authy, 1Password, and others

Users can manage their own 2FA preferences through a settings page that you can embed or link to.

What's Next

We're working on OAuth2 provider support (Google, GitHub, Apple Sign-In) and passkey authentication. Both are on our roadmap and expected in Q2 2026.

If you have questions, check out the Auth documentation or reach out on our community page.

auth getting-started identity