One sign-in for authentication, payments and AI-agent identity. Your apps store a single simezu_user_id and delegate the rest to SIMEZU.

Everything Microsoft Entra, Auth0 and Stripe do separately, in a single hosted platform you subscribe to.
Email and password, passwordless magic links, TOTP MFA, and a full OAuth 2.0 / OIDC provider.
Native sk_agent tokens with scoped permissions and personas. Identity for the machines you ship.
Multi-provider checkout, subscriptions, payouts and VAT-correct invoicing, built in.
Live, staging, marketing and clone surfaces, each with its own policy and scoped keys.
Deception-first defense: honeypots, canary tokens, a tarpit and HMAC-chained audit logs.
Role-based access control, an admin hierarchy, and group-scoped permissions and payments.
Production isn't the only place your app lives. Your marketing site, a staging build and a white-label clone all share one identity and one set of keys. A user signs in once and is recognised on every surface.
An AI agent is a real identity in SIMEZU, ranked alongside users and groups. It carries its own sk_agent token, a scoped persona and a seat in the audit log, so the software you ship can act, be billed and be revoked on its own terms.
Honeypots, canary tokens and a progressive tarpit waste an attacker's time. Every action lands in an HMAC-chained audit log you can verify end to end.
Trap endpoints and canary tokens that only an intruder would ever touch.
Suspicious clients slow down tier by tier: jitter, then delay, then a block.
Probe patterns, swarms and permission velocity, flagged in real time.
Every action is chained and verifiable. Tampering breaks the chain.
# Verify the HMAC-chained audit log end to end curl https://simezu.com/audit/verify -d from=evt_8a21 -d to=evt_9f0c { "chain": "intact", "events": 1284, "broken_at": null } # A canary token is touched, the tarpit engages and it is logged { "event": "canary.triggered", "actor_type": "agent", "action": "blocked" }
Route checkout through Mollie, Stripe or PayPal. Run subscriptions, split payouts and make VAT-correct invoices with VIES validation, without adding a second vendor.
SIMEZU is a full OAuth 2.0 and OpenID Connect provider. You get a discovery document, JWKS key rotation and RFC 7662 token introspection out of the box, plus drop-in SSO plug-ins for WordPress and modular CMSes.
# Exchange an OAuth 2.0 code for tokens curl -X POST https://simezu.com/oauth/token \ -d grant_type=authorization_code \ -d code=$AUTH_CODE \ -d client_id=$CLIENT_ID # access_token (RS256) + id_token come back # introspect it from any service curl https://simezu.com/oauth/token/introspect \ -d token=$ACCESS_TOKEN { "active": true, "actor_type": "user" }

Fully hosted and European. Subscribe and run your own KIMEZU ecosystem in minutes.