Staxly

Stytch vs PocketBase

Authentication platform for B2C and B2B
vs. Open-source backend in a single Go binary

Stytch websitePocketBase (OSS)

Pricing tiers

Stytch

Free
10,000 MAU. Unlimited orgs. 5 SSO/SCIM connections. 1,000 M2M tokens. 10,000 fraud fingerprints. Full auth suite.
Free
Pay as you go
Usage-based after free allowances. Volume discounts for high MAU.
$0 base (usage-based)
Enterprise
Custom. 99.99% SLA, private Slack, migration assistance, HIPAA/BAA.
Custom
Stytch website

PocketBase

Self-Hosted
MIT-licensed single binary. Run on any VPS / Docker / bare metal. No usage caps — only limited by your server.
$0 base (usage-based)
PocketBase (OSS)

Free-tier quotas head-to-head

Comparing free on Stytch vs self-hosted on PocketBase.

MetricStytchPocketBase
fraud fingerprints included10000 fingerprints/month
m2m tokens included1000 tokens
mau included10000 users/month
organizationsunlimited orgs
sso connections included5 conns

Features

Stytch · 15 features

  • B2B AuthMulti-tenant auth: organizations, roles, JIT provisioning, enterprise SSO, SCIM.
  • B2C AuthConsumer auth: passwordless (magic links, OTP), passwords, OAuth, passkeys, WebA
  • Device FingerprintingFingerprint devices at signup/login. Block bots, credential stuffing, and ATO at
  • Device-Fingerprint Risk APIReal-time risk scoring API usable even without full auth.
  • Enterprise SSO (OIDC)OIDC SSO per organization.
  • Enterprise SSO (SAML)SAML 2.0 SSO per organization. Self-serve admin portal.
  • JIT ProvisioningAuto-create users in an org on first SSO sign-in.
  • Machine-to-MachineClient-credentials OAuth for service-to-service.
  • OAuth / SocialGoogle, Apple, Microsoft, GitHub, Slack, Discord, Facebook, LinkedIn, Amazon, Bi
  • OrganizationsMulti-tenant primitive with policies per org.
  • Passkeys (WebAuthn)FIDO2 passkey enrollment and authentication.
  • PasswordlessMagic links (email) + OTP (email/SMS/WhatsApp) + embeddable magic links.
  • RBACRoles and permissions per organization (B2B).
  • SCIM ProvisioningDirectory user/group provisioning from Okta, Azure, Google Workspace.
  • SessionsJWT or opaque session tokens. Configurable lifetime.

PocketBase · 12 features

  • Access RulesRecord-level access rules (filter expressions) referencing @request and @collect
  • Admin DashboardBuilt-in web UI for schema + data management.
  • AuthEmail+password, OAuth2 (Google, GitHub, Facebook, Apple, Discord, Microsoft, etc
  • BackupsBuilt-in backup/restore with S3 upload option.
  • Built-in MailerSMTP integration for verification, password reset, magic link emails.
  • CollectionsSchema-defined record types with fields, validations, and record/admin/auth acce
  • Embedded JS EngineJavaScript VM (goja) lets you write hooks in JS without recompiling.
  • Extend as Go LibraryEmbed PocketBase in a larger Go app, add custom routes and events.
  • File StorageLocal filesystem or S3-compatible storage with access rules.
  • HooksServer-side Go or JavaScript hooks that run on CRUD events (OnRecordBeforeCreate
  • MigrationsJS/Go migration scripts applied on startup.
  • Realtime SubscriptionsSSE-based subscriptions to collection changes.

Developer interfaces

KindStytchPocketBase
SDKAndroid SDK, Go backend SDK, iOS SDK, Java backend SDK, JavaScript SDK, Next.js SDK, Node backend SDK, Python backend SDK, React SDK, Ruby backend SDKGo API (extend as library), pocketbase (Dart), pocketbase (JS SDK)
RESTB2B API, B2C APIREST API
OTHERAdmin Dashboard, Realtime SSE
Staxly is an independent catalog of developer platforms. Outbound links to Stytch and PocketBase are plain references to their official websites. Pricing is verified against vendor pages at publication time — reconfirm before buying.

Want this comparison in your AI agent's context? Install the free Staxly MCP server.