The platform

Everything identity needs, in one place.

Authentication, AI-agent identity, payments and environments. Each is a full product on its own. Together they are a single platform your apps delegate to.

Authentication

A complete sign-in system for every app you run.

Password, magic link and TOTP MFA
OAuth 2.0 / OIDC provider with JWKS
Sessions you can list and revoke

AI agent identity

Identity for the machines, not just the people.

Scoped sk_agent tokens
Personas with their own permissions
Full audit trail per agent

Payments

Money and identity, handled in one platform.

Mollie, Stripe and PayPal
Subscriptions and payouts
VAT-correct invoices with VIES

Environments

One app across many surfaces, one identity.

Production, staging, marketing, clone
Per-environment policy and keys
SSO across every live surface
RS256
Signed tokens with JWKS rotation
85+
Tables of audited, sovereign data
4
Environments per app, one identity
GDPR
European compliance by design
The console

Run it all from one back office.

Identity, payments, groups and agents, across every app and tenant. These are real screens from the SIMEZU and KIMEZU consoles.

Authentication

Sign-in your users can trust

Password, passwordless magic links and TOTP MFA, behind a full OAuth 2.0 / OIDC provider. Run SSO across every surface of an app.

OAuth 2.0 / OIDC. Discovery, JWKS rotation, RFC 7662 introspection.
MFA. TOTP authenticator apps, enforced per role.
Sessions. List, inspect and revoke any session live.
oauth-token.sh
# Authorization-code flow with PKCE
curl -X POST https://simezu.com/oauth/token \
  -d grant_type=authorization_code \
  -d code=$CODE -d code_verifier=$PKCE

{ "access_token": "...", "id_token": "...",
  "token_type": "Bearer", "expires_in": 3600 }
AI agent identity

Identity for the machines you ship

Agents are first-class entities. Mint scoped sk_agent tokens, give them personas, and audit every call they make.

Scoped tokens. Each agent gets only the permissions it needs.
Personas. Named identities with their own scope set.
Audit. Every agent action in the HMAC-chained log.
agent-token.sh
# Mint a scoped agent token
curl -X POST https://simezu.com/agents/tokens \
  -d persona="catalog-sync" \
  -d scope="read:tracks"

{ "token": "sk_agent_4f9a…", "actor_type": "agent" }
Payments and split

Money and identity, one platform

Route checkout through Mollie, Stripe or PayPal. Run subscriptions, configure the receiver / app / SIMEZU split, and issue VAT-correct invoices.

Providers. iDEAL, SEPA and cards via Mollie, Stripe, PayPal.
Configurable split. Set fees and payout per app.
Invoicing. VAT/OSS-correct PDFs with VIES validation.
split.json
// A €10.00 sale, split per app config
{
  "gross":    "€10.00",
  "receiver": "€8.90",   // payee
  "app_fee":  "€1.00",   // 10%
  "simezu":   "€0.10"    // 1%
}
Environments

One app, every surface, one identity

Production, staging, marketing and white-label clone surfaces share one identity and one set of keys, each with its own policy.

Four surfaces. Production, staging, marketing, clone.
Per-env policy. Forced login, allowlists, SSO scope.
Scoped keys. Live and test tokens per environment.
guard.php
// Enforce policy in your bootstrap
define('SIMEZU_APP_SLUG', 'simuze');
simezu_guard_environment();
// → forced login + access rules per environment
Control and integration

Tokens, forms and full user control

Generate API tokens with an audit trail, drop in themable auth forms per app, and manage every user, role and restriction from one console.

API tokens. Create and revoke sk_live_ keys, fully audited.
Form integrations. Hosted login/register/reset, themed per app.
User control. Roles, allow/blocklist, ban-cascades across apps.
forms-embed.html
<div id="simezu-form"></div>
<script src="…/simezu-forms.js"></script>
<script>
  SimezuForms.init({ app: "simuze" });
  SimezuForms.loadForm("login");
</script>
How it fits

Your apps stay thin. SIMEZU holds the truth.

Each app stores a single simezu_user_id and calls the API for the rest. Identity, permissions, sessions and payment profiles live in one place, audited end to end.

See how we secure it
Request flow
1User signs in once on any SIMEZU surface
2Your app receives an RS256 token and the user id
3Any service introspects the token to authorise
4Every action lands in the HMAC-chained audit log
Connected apps and devices working together
One identity layer behind every product you ship.

One platform to build on.

Fully hosted, European, and ready in minutes.