European-first, GDPR-native, fully hosted

The verified identity layer for digital ecosystems.

One sign-in for authentication, payments and AI-agent identity. Your apps store a single simezu_user_id and delegate the rest to SIMEZU.

OAuth 2.0 / OIDC provider MFA and magic links Mollie, Stripe, PayPal
A full team meeting around a table
Verified by SIMEZU
verify · authorize · settleRS256
Powers the Atypisch ecosystem
Simuze Soriku Rozuro Wemazu Modular CMS WordPress
One platform

Authentication, payments and agents under one roof.

Everything Microsoft Entra, Auth0 and Stripe do separately, in a single hosted platform you subscribe to.

Authentication

Email and password, passwordless magic links, TOTP MFA, and a full OAuth 2.0 / OIDC provider.

AI agent identity

Native sk_agent tokens with scoped permissions and personas. Identity for the machines you ship.

Payments

Multi-provider checkout, subscriptions, payouts and VAT-correct invoicing, built in.

Environments

Live, staging, marketing and clone surfaces, each with its own policy and scoped keys.

Security

Deception-first defense: honeypots, canary tokens, a tarpit and HMAC-chained audit logs.

Roles and groups

Role-based access control, an admin hierarchy, and group-scoped permissions and payments.

One app, many surfaces

One identity across every environment.

Production isn't the only place your app lives. Your marketing site, a staging build and a white-label clone all share one identity and one set of keys. A user signs in once and is recognised on every surface.

SSO that spans every environment of a single app, not just prod and staging.
Per-environment policy for forced login, access allowlists and SSO exclusion.
Live and test API tokens scoped to the environment that issued them.
First-class agent identity

Agents are entities, not API keys.

An AI agent is a real identity in SIMEZU, ranked alongside users and groups. It carries its own sk_agent token, a scoped persona and a seat in the audit log, so the software you ship can act, be billed and be revoked on its own terms.

A unique token per agent with explicit scopes, never a shared API key.
Personas that bound what an agent may read, write or spend.
Billed and audited like any user, with per-agent revoke, rotate and velocity limits.
Explore the platform
Entities User Group Agent
Soriku Booking Agent
Persona: read-only concierge
sk_agent
Scopes
bookings:read calendar:read payments:none
sk_agent_3f9a…b21e
Last action · 2m ago Introspected & logged
Deception-first defense

Security that fights back.

Honeypots, canary tokens and a progressive tarpit waste an attacker's time. Every action lands in an HMAC-chained audit log you can verify end to end.

Honeypots and canaries

Trap endpoints and canary tokens that only an intruder would ever touch.

Progressive tarpit

Suspicious clients slow down tier by tier: jitter, then delay, then a block.

Anomaly detection

Probe patterns, swarms and permission velocity, flagged in real time.

HMAC audit chain

Every action is chained and verifiable. Tampering breaks the chain.

RS256
Signed tokens with JWKS rotation
85+
Tables of audited, sovereign data
GDPR
European compliance by design
audit-verify.sh
# Verify the HMAC-chained audit log end to end
curl https://simezu.com/audit/verify -d from=evt_8a21 -d to=evt_9f0c
{ "chain": "intact", "events": 1284, "broken_at": null }

# A canary token is touched, the tarpit engages and it is logged
{ "event": "canary.triggered", "actor_type": "agent", "action": "blocked" }
Built-in payments

Identity and payments in one place.

Route checkout through Mollie, Stripe or PayPal. Run subscriptions, split payouts and make VAT-correct invoices with VIES validation, without adding a second vendor.

iDEAL and SEPA Subscriptions EU VAT and OSS Payouts
Invoice
SIM-2026-0481
Paid
Simezu Pro, monthly€9.00
VAT (21%, NL)€1.89
Total€10.89
For developers

Built on open standards.

SIMEZU is a full OAuth 2.0 and OpenID Connect provider. You get a discovery document, JWKS key rotation and RFC 7662 token introspection out of the box, plus drop-in SSO plug-ins for WordPress and modular CMSes.

OAuth 2.0 OpenID Connect PKCE JWKS
Browse the API reference
oauth-token.sh
# Exchange an OAuth 2.0 code for tokens
curl -X POST https://simezu.com/oauth/token \
  -d grant_type=authorization_code \
  -d code=$AUTH_CODE \
  -d client_id=$CLIENT_ID

# access_token (RS256) + id_token come back
# introspect it from any service
curl https://simezu.com/oauth/token/introspect \
  -d token=$ACCESS_TOKEN
{ "active": true, "actor_type": "user" }
A team building together in one room
Built in Europe, for the apps that run here.

Own your identity layer.

Fully hosted and European. Subscribe and run your own KIMEZU ecosystem in minutes.