Home  >  Companies  >  Stytch
Stytch
API and SDK suite for passwordless authentication and identity management in web apps

Valuation

$1.00B

2025

Funding

$126.30M

2025

View PDF
Details
Headquarters
San Francisco, CA
Website
Milestones
FOUNDING YEAR
2020
Listed In

Valuation

Stytch reached unicorn status in November 2021 with a $1 billion valuation following its $90 million Series B round led by Coatue Management. The round included participation from existing investors Benchmark, Thrive Capital, and Index Ventures.

The company previously raised a $30 million Series A in July 2021 led by Thrive Capital, with participation from Coatue, Benchmark, and Index Ventures. Earlier funding included seed rounds that brought the total raised to $126.3 million across all rounds.

Product

Stytch is a developer-first identity platform that handles authentication, authorization, and fraud prevention for both human users and AI agents. The platform operates as an API and SDK suite that developers can integrate into web and mobile applications within hours rather than spending months building authentication systems in-house.

The core authentication layer supports multiple login methods including email magic links, SMS one-time passcodes, WebAuthn passkeys, social OAuth logins, and traditional passwords. Developers can mix and match these methods, with many customers using hybrid approaches where 90% of users choose passwordless options while maintaining password fallbacks for certain demographics.

For B2B applications, Stytch provides enterprise features like SAML single sign-on, SCIM user provisioning, and role-based access control through an Admin Portal component. This allows enterprise customers to self-serve their SSO configuration directly within the application interface without requiring support tickets.

The platform includes fraud prevention capabilities through device fingerprinting technology that detects and manages both legitimate AI agents and malicious bot traffic. The Agent SDK allows good agents to self-identify for optimized experiences, while server-side detection catches evasive threats.

Stytch's Connected Apps product transforms any customer application into an OAuth 2.0 compliant identity provider, enabling delegation of user permissions to third-party services and AI agents. This addresses the growing need for applications to support Model Context Protocol servers and agentic workflows while maintaining security and auditability.

Business Model

Stytch operates a B2B SaaS model serving both consumer-facing applications and B2B software companies. The platform uses differentiated pricing structures optimized for each customer segment's economics and usage patterns.

Consumer applications pay based on monthly active users at rates designed to preserve their unit economics even at scale. B2B applications pay primarily for enterprise connections when their customers require SSO integration, typically around $100 per connection with volume discounts.

The company maintains gross margins in the mid-60s to high-70 percent range, reflecting its position as a data and infrastructure-heavy SaaS platform rather than pure software. Costs include cloud infrastructure, third-party data licensing for fraud prevention, and the operational complexity of maintaining security certifications and compliance standards.

Stytch's go-to-market strategy combines developer-led growth with enterprise sales. The platform attracts developers through superior documentation, SDK quality, and integration speed, then expands within organizations as authentication needs grow more sophisticated. Enterprise deals often involve migrations from legacy providers like Auth0, where Stytch provides zero-downtime migration tools and session transfer capabilities.

Revenue expansion occurs through usage growth as customer applications scale, plus feature upgrades like fraud prevention, B2B multi-tenancy, and Connected Apps capabilities. The platform's modular architecture allows customers to adopt additional features without ripping out existing integrations.

Competition

Enterprise incumbents

Auth0, acquired by Okta for $6.5 billion in 2021, remains the dominant enterprise player with deep compliance capabilities and global sales reach. Auth0 benefits from being the safe choice for large organizations and has added passkey support and improved UI builders to maintain competitiveness.

Okta's broader identity platform and Transmit Security's enterprise-focused Mosaic platform compete on orchestration and fraud prevention for large-ticket deals. These incumbents leverage existing customer relationships and procurement advantages but struggle with implementation complexity and pricing flexibility.

Microsoft Entra and other workforce identity providers increasingly extend into customer identity scenarios, bundling authentication with broader enterprise software suites.

Developer-focused platforms

Clerk targets the Next.js and Jamstack community with deep UI component abstractions that make initial implementation extremely fast but can limit customization as applications mature. Clerk appears frequently in startup competitive situations but rarely in enterprise deals.

WorkOS began with standalone SSO and SCIM add-ons for existing authentication systems before expanding into full customer identity management. Their enterprise-heavy origin provides advantages in specific use cases but creates challenges in competing for broader platform deals.

Descope and Magic represent other developer-first approaches with different technical architectures and go-to-market strategies, though none have achieved Stytch's scale in enterprise customer acquisition.

Cloud platform bundling

Amazon Cognito, Google Firebase Authentication, and Supabase Auth provide authentication as part of broader cloud development platforms. These bundled offerings compete on convenience and cost but typically lack the advanced features and customization capabilities that growing applications require.

Supabase's open-source approach and aggressive free tier pricing create particular pressure on standalone authentication providers, though their Postgres-native architecture limits flexibility for applications not built on their stack.

TAM Expansion

AI agent authentication

The emergence of AI agents as first-class users of software applications creates entirely new authentication and authorization requirements. Every application now needs to manage not just human users but their delegated agents with granular permissions and audit trails.

Stytch's Connected Apps product addresses this by enabling any application to become an OAuth 2.0 identity provider for agent delegation. As Model Context Protocol adoption accelerates, applications require sophisticated identity infrastructure to safely expose read and write capabilities to AI systems.

This represents a fundamental expansion of the identity market as consumer applications that never needed role-based access control now require enterprise-grade authorization systems to manage human-agent relationships.

Enterprise migration acceleration

Auth0's integration into Okta has created pricing pressure and feature conflicts that drive migration opportunities. Stytch's zero-downtime migration tools and session transfer capabilities lower switching costs for applications with millions of active users.

The company's hybrid password-passwordless approach addresses enterprise concerns about user experience changes while providing a migration path toward fully modern authentication. Enterprise customers increasingly view identity infrastructure as strategic rather than commodity, creating opportunities for platforms with superior developer experience.

B2B SaaS applications face growing pressure to support enterprise SSO and compliance requirements as they move upmarket, expanding Stytch's addressable customer base beyond pure consumer applications.

Fraud prevention integration

Bot traffic and account takeover attacks have made fraud prevention a necessary component of identity platforms rather than a separate purchase. Stytch's integrated approach to authentication and risk assessment creates opportunities to capture security budgets traditionally allocated to point solutions.

The platform's device fingerprinting and behavioral analysis capabilities, developed from experience at Plaid, provide differentiated fraud detection that scales with authentication volume. This creates higher-value customer relationships and improved unit economics compared to authentication-only offerings.

Risks

Passwordless adoption: While passkey technology has matured significantly, enterprise adoption remains slower than anticipated due to user education requirements and legacy system constraints. Many customers still require hybrid approaches that maintain password fallbacks, limiting the differentiation potential of passwordless-first platforms and potentially commoditizing authentication features.

Cloud platform competition: Amazon, Google, and Microsoft continue expanding their bundled authentication offerings with aggressive pricing and deep integration advantages. As these platforms improve their developer experience and feature completeness, they could capture significant market share from standalone providers, particularly among price-sensitive customers who prioritize convenience over customization.

AI authentication complexity: The rapid evolution of AI agent standards like Model Context Protocol creates implementation challenges as specifications change frequently. If the industry consolidates around authentication approaches that favor large cloud providers or if agent authentication becomes commoditized, Stytch's current advantages in this emerging market could diminish before reaching full monetization potential.

Funding Rounds

Share Name Issue Price Issued At
Series B $50.49 Nov 2021
Share Name Issue Price Issued At
Series A $12.83 Jul 2021
Share Name Issue Price Issued At
Series Seed $1.63 Jan 2021
View the source Certificate of Incorporation copy.

News

DISCLAIMERS

This report is for information purposes only and is not to be used or considered as an offer or the solicitation of an offer to sell or to buy or subscribe for securities or other financial instruments. Nothing in this report constitutes investment, legal, accounting or tax advice or a representation that any investment or strategy is suitable or appropriate to your individual circumstances or otherwise constitutes a personal trade recommendation to you.

This research report has been prepared solely by Sacra and should not be considered a product of any person or entity that makes such report available, if any.

Information and opinions presented in the sections of the report were obtained or derived from sources Sacra believes are reliable, but Sacra makes no representation as to their accuracy or completeness. Past performance should not be taken as an indication or guarantee of future performance, and no representation or warranty, express or implied, is made regarding future performance. Information, opinions and estimates contained in this report reflect a determination at its original date of publication by Sacra and are subject to change without notice.

Sacra accepts no liability for loss arising from the use of the material presented in this report, except that this exclusion of liability does not apply to the extent that liability arises under specific statutes or regulations applicable to Sacra. Sacra may have issued, and may in the future issue, other reports that are inconsistent with, and reach different conclusions from, the information presented in this report. Those reports reflect different assumptions, views and analytical methods of the analysts who prepared them and Sacra is under no obligation to ensure that such other reports are brought to the attention of any recipient of this report.

All rights reserved. All material presented in this report, unless specifically indicated otherwise is under copyright to Sacra. Sacra reserves any and all intellectual property rights in the report. All trademarks, service marks and logos used in this report are trademarks or service marks or registered trademarks or service marks of Sacra. Any modification, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, or selling any report is strictly prohibited. None of the material, nor its content, nor any copy of it, may be altered in any way, transmitted to, copied or distributed to any other party, without the prior express written permission of Sacra. Any unauthorized duplication, redistribution or disclosure of this report will result in prosecution.