Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Key Concepts

This page introduces the core concepts in Aero2. Understanding these building blocks will help you integrate authentication into your application quickly.

Platform & Dashboard

Aero2 is a multi-tenant platform — a single deployment serves many applications. At the top of the hierarchy:

  • The Platform is the Aero2 deployment itself (e.g., aero2.dev).
  • The Dashboard is a built-in application (at dashboard.aero2.dev) where developers sign up, create applications, and manage their settings. The Dashboard uses Aero2's own auth system — developers are just users of the dashboard application.

Developers & Developer Teams

A Developer is a user of the Dashboard application. Developers sign up via OAuth (GitHub, Google, etc.) and can create and manage applications.

A Developer Team is an Organization within the Dashboard application. Teams own applications, and multiple developers in a team can manage the same applications. Under the hood, Developer Teams use the same Organizations model described below — the Dashboard is just another application that happens to use Organizations for team-based ownership.

Applications

Each application you create in Aero2 gets its own isolated user pool, authentication settings, and API keys. Users in one application cannot see or access users in another. Think of each application as a completely separate authentication environment.

Every application gets its own subdomain (e.g., myapp.aero2.dev) and can optionally use a custom domain (e.g., auth.myapp.com).

Learn more about applications

Users

Users are the people who sign in to your application. Each user has a profile (name, email, picture), can authenticate through multiple methods (social login, email/password), and can be assigned roles that control what they can do.

Application users are completely separate from Dashboard developers — even if the same email is used in both, they are different user accounts in different applications.

Learn more about user management

Organizations

Organizations are groups of users within an application. They are especially useful for B2B applications where your customers have teams. Members within an organization can have organization-specific roles (e.g., admin, member).

The Dashboard itself uses Organizations to implement Developer Teams — the same underlying model serves both purposes, scoped by application.

Learn more about organizations

API Keys

Aero2 uses two types of API keys:

  • Publishable keys (prefixed pk_live_) — Safe to include in frontend code. These identify your application but do not grant access to data.
  • Secret keys (prefixed sk_live_) — Server-side only. These authenticate API requests and must never be exposed in client-side code.

Learn more about API keys

Identity Providers (IdPs)

Identity providers are external services — such as GitHub, Google, or any OAuth2/OIDC-compliant provider — that can authenticate users on behalf of your application. Aero2 acts as a relying party, delegating authentication to these providers and creating local user accounts.

Learn more about social login

Roles & Permissions

Aero2 includes a role-based access control (RBAC) system. You define roles, assign permissions to those roles, and then assign roles to users. Your API endpoints can check for specific permissions to control access.

The Dashboard has its own role set (operator, developer, member) separate from the roles you define within your applications.

Learn more about RBAC

Sessions

When a user signs in, Aero2 creates a session. Sessions are managed via secure HttpOnly cookies and track information like user agent, IP address, and last activity time. Users can view and revoke their active sessions.

Learn more about sessions