Skip to main content

Launch HN: Xkit (YC S18) – OAuth infrastructure as a service https://ift.tt/30Kt8So

Launch HN: Xkit (YC S18) – OAuth infrastructure as a service Hey HN, I’m Trey, the founder of Xkit ( https://xkit.co ). Xkit helps developers build and maintain native integrations by turning OAuth for 25 of the most popular SaaS apps into a single API call that always returns fresh access tokens. I went through YC two years ago in S18 (and some of you may have seen our launch) with Sparkswap, a trust-minimized bitcoin exchange. After a year and half of building that product and building up a small but loyal following, I made the hard decision to shut it down. The audience for a trust-minimized service like Sparkswap was too niche and the regulatory costs were too high. It felt like the only way to stay in that business would be to compromise on some of our core principles (e.g. go after gambling behavior, play regulatory games), so I decided to stop working in crypto and move to FinTech more broadly. While doing customer discovery for a more traditional FinTech service, I encountered a pretty common request: integrations to the SaaS products my prospective customers were already using. As I was implementing OAuth with a slight variation for the 5th time, I realized I was re-writing code that thousands of other developers (probably including a bunch of people here) have already written (and debugged, and maintained). So I stopped working on that FinTech service (for those keeping score at home, yes that's two pivots) and started building a tool to let you outsource the pain of authorizing 3rd party apps with a particular focus on OAuth. From my perspective, for an integration to really be native, it will probably be faster and easier to just write some code instead of fighting against a GUI. But my goal was to make sure that nearly every line of code you write is actually for your integration , not authorization boilerplate. Two years and two pivots after I went through YC, I'm excited to share Xkit: the tool I wanted when I was building native integrations. Xkit is really two things: 1) An end-user experience for viewing and connecting 3rd party apps, and 2) An API for retrieving always-fresh access tokens. To make the first work, we establish a session with your user by piggy-backing on your existing authentication method (e.g. you send us their current JWT, and we validate it). From there, we can handle the OAuth dance: CSRF/state tokens, scope handling, callbacks, etc. For the end-user UI, we have a pre-built integration catalog to give your users an interface to browse your integrations, connect new ones, and repair broken ones. In fact, our integrations page ( https://ift.tt/2DT2Hky ) is just our pre-built catalog rendered directly on our Webflow site. If you want more control over the experience you can do that too: our xkit.js library has all the tools for you to quickly build your own catalog without having to dig into OAuth. For the API, just call it with the ID of the user and the name of the service, and we return a non-expired access token. You can call it from any backend process: a cloud function/lambda, a microservice, or a monolithic server. This makes your integration code a lot simpler: one API call using one API key rather than storing, encrypting, and refreshing tokens. You can even get access tokens on the front-end if you have a valid user session, so if you're building a front-end only app you no longer have to even think about whether a specific provider implements PKCE (looking at you, Atlassian). We already work with over 25 of the most popular SaaS apps (Intercom and Zendesk added just last week!) and setting each one up typically just involves plugging in your OAuth credentials. Imagine you had a team at your company that were experts in all the weird (sometimes undocumented) ways that various providers extend the OAuth spec, and they built an internal service that does all that stuff The Right Way™, lets you move it out of your core applications, and still gives PM and Design flexibility on the integration experience. That's Xkit. You can get a free dev account (up to 10 users) to try it out here: https://ift.tt/3iwLZqd , and if you send me an email (trey@) telling me that you came from this post, I'll give you 50% off your first year of the Startup or Pro plans. Thanks for making it through the wall of text. Would love to hear what you think! Trey August 11, 2020 at 08:25PM
Labels:

Comments

Post a Comment

Popular posts from this blog

Show HN: AI Generated Short Video https://ift.tt/3iS1sRE

Show HN: AI Generated Short Video Hey everyone, I have always wanted to content. I enjoy creating videos and watching other's creations! Being a programmer, I decided to create an AI pipeline which can create textual scripts and churn out thousands of videos / blogs on a daily basis given any topic. This is my first video and I would appreciate any comments and suggestions regarding it but I am particularly interested in hearing about tips and tricks / content format which can be followed to make the such video more fun and intuitive to watch. Also looking for advice if this can be monetised maybe saas or ads or something completely different. I would also want to know if anyone of you would be interested in such an AI tool. The Video: https://www.youtube.com/watch?v=1J_DOIPGKsw Specifically, what I wanted to ask: What are the specific things you liked and what you didn't. Would there have been a better format for me to have made this video to deliver the message more effective...
Post a Comment
Read more

Show HN: AWS-Powered Rube Goldberg Machine https://ift.tt/2UId1C2

Show HN: AWS-Powered Rube Goldberg Machine AWS has so many services—like more than most of us can name. What are some creative ways you can stitch them together to accomplish simple tasks in the most roundabout of ways? Get creative! This isn't about being practical! Here's a theoretical example of how to create a GIF! (Steps 4 through 998 are left as an exercise for creative readers!) 1. Add a new AWS IAM user, gif-creator, where each frame that will be part of the final GIF is base64 encoded and included as tag to the IAM user. 2. This triggers a CloudTrail event to be logged and published to Simple Notification Service. 3. Upon receiving this event, a lambda gets triggered that builds a Docker container that simply scans your domain for new DNS records. Additionally, the lambda spins up an entire Elastic Kubernetes Service (EKS) cluster with that Docker container. . . . 999. You now have a GIF in your inbox! April 6, 2020 at 02:10AM
Post a Comment
Read more

Launch HN: TagMango (YC W20) – Personalized video shoutouts in India https://ift.tt/3e1PZxC

Launch HN: TagMango (YC W20) – Personalized video shoutouts in India Hi HN! TagMango ( https://ift.tt/2x7YwhO ) is a marketplace where fans can book personalized video shoutouts from their favourite influencers and celebrities in India (essentially building Cameo for India). Why now: Celebrity culture in India has always been way different and more pompous as compared to other nations. People are fascinated by celebrities’ lives of glamour, infact celebrities are actually worshipped here. Like Rajnikanth, a south superstar, has over 30 temples to his name. Employees are literally given holiday on his movie release day. These celebrities are respectful of this culture and are always looking to give back to their fan base. India has been leading in content consumption and creation on social media, platforms like Tik Tok are doubling MAU every year. The craze for content, the fan culture and the ease of digital payments make it an exciting opportunity for the indian audience to actually i...
Post a Comment
Read more