Hasura vs Stytch
Instant GraphQL + REST on your data sources — with permissions
vs. Authentication platform for B2C and B2B
Pricing tiers
Hasura
OSS (Community)
Free forever (Apache-2.0). Self-host GraphQL Engine v2.
$0 base (usage-based)
Cloud Free
$0. 1 project. 60 req/min. Community support.
Free
Professional
$99/mo (starts). Usage-based compute + data pass-through. Production SLAs.
$99/mo
Advanced
Custom. Multi-region, dedicated, observability, SSO.
Custom
Enterprise
Custom. On-prem / air-gap / advanced security.
Custom
Stytch
Free
10,000 MAU. Unlimited orgs. 5 SSO/SCIM connections. 1,000 M2M tokens. 10,000 fraud fingerprints. Full auth suite.
Free
Pay as you go
Usage-based after free allowances. Volume discounts for high MAU.
$0 base (usage-based)
Enterprise
Custom. 99.99% SLA, private Slack, migration assistance, HIPAA/BAA.
Custom
Free-tier quotas head-to-head
Comparing free on Hasura vs free on Stytch.
| Metric | Hasura | Stytch |
|---|---|---|
| fraud fingerprints included | — | 10000 fingerprints/month |
| m2m tokens included | — | 1000 tokens |
| mau included | — | 10000 users/month |
| organizations | — | unlimited orgs |
| sso connections included | — | 5 conns |
Features
Hasura · 14 features
- Actions — Custom resolvers via HTTP.
- Data Connector Hub — Build connectors to any source.
- Event Triggers — DB changes → webhook.
- GraphQL API — Auto GraphQL over relational + NoSQL.
- Hasura DDN (v3) — Multi-source supergraph with OpenDD.
- JWT Auth — Pluggable JWT verification.
- Metadata Migrations — Git-versioned Hasura config.
- Permissions — Row + column + session-based.
- Query Caching — Edge caching with cache-control directive.
- Remote Schemas — Merge external GraphQL into supergraph.
- REST Endpoints — Turn any GraphQL op into REST.
- Scheduled Triggers — Cron + one-off webhook triggers.
- Subscriptions — Live queries via WS.
- Webhook Auth — Custom auth via webhook.
Stytch · 15 features
- B2B Auth — Multi-tenant auth: organizations, roles, JIT provisioning, enterprise SSO, SCIM.
- B2C Auth — Consumer auth: passwordless (magic links, OTP), passwords, OAuth, passkeys, WebA…
- Device Fingerprinting — Fingerprint devices at signup/login. Block bots, credential stuffing, and ATO at…
- Device-Fingerprint Risk API — Real-time risk scoring API usable even without full auth.
- Enterprise SSO (OIDC) — OIDC SSO per organization.
- Enterprise SSO (SAML) — SAML 2.0 SSO per organization. Self-serve admin portal.
- JIT Provisioning — Auto-create users in an org on first SSO sign-in.
- Machine-to-Machine — Client-credentials OAuth for service-to-service.
- OAuth / Social — Google, Apple, Microsoft, GitHub, Slack, Discord, Facebook, LinkedIn, Amazon, Bi…
- Organizations — Multi-tenant primitive with policies per org.
- Passkeys (WebAuthn) — FIDO2 passkey enrollment and authentication.
- Passwordless — Magic links (email) + OTP (email/SMS/WhatsApp) + embeddable magic links.
- RBAC — Roles and permissions per organization (B2B).
- SCIM Provisioning — Directory user/group provisioning from Okta, Azure, Google Workspace.
- Sessions — JWT or opaque session tokens. Configurable lifetime.
Developer interfaces
| Kind | Hasura | Stytch |
|---|---|---|
| CLI | ddn CLI (v3), hasura CLI | — |
| SDK | — | Android SDK, Go backend SDK, iOS SDK, Java backend SDK, JavaScript SDK, Next.js SDK, Node backend SDK, Python backend SDK, React SDK, Ruby backend SDK |
| REST | Hasura REST Endpoints, Metadata API | B2B API, B2C API |
| GRAPHQL | Hasura GraphQL Engine | — |
| OTHER | Data Connectors, Hasura Console | — |
Staxly is an independent catalog of developer platforms. Outbound links to Hasura and Stytch are plain references to their official websites. Pricing is verified against vendor pages at publication time — reconfirm before buying.
Want this comparison in your AI agent's context? Install the free Staxly MCP server.