ML-DSA-65 · NIST FIPS 204 · Quantum-resistant

Auth that survives
quantum computers

Drop-in replacement for JWT. One API call to sign and verify tokens using ML-DSA-65 — the post-quantum standard that NIST finalized in 2024.

Start for free → npm install pqauth-sdk
$ npm install pqauth-sdk
ML-DSA-65 (NIST FIPS 204)
Cloudflare Edge — 300+ locations
Works with any identity provider
TypeScript native
The problem

Your tokens won't survive
quantum computers

Every JWT signed with RS256 or ES256 today can be forged by a sufficiently powerful quantum computer using Shor's algorithm.

⚠️
ECDSA & RSA are broken
JWT with RS256/ES256, OAuth tokens, and SSL certificates all rely on algorithms that Shor's algorithm can break efficiently on a quantum computer.
VULNERABLE
🎯
Harvest now, decrypt later
Nation-state actors are already recording encrypted traffic today to decrypt it once quantum computers are available. Your tokens are at risk right now.
ACTIVE THREAT
📅
10–20 years to act
Cryptographically relevant quantum computers are 10–20 years away. But migration takes years. The NIST already published post-quantum standards in 2024.
ACT NOW
The solution

Two lines of code.
Quantum-resistant.

Replace your JWT signing with PQAuth. Same interface, same developer experience — but tokens signed with ML-DSA-65.

BEFORE — Vulnerable to quantum
auth.js ECDSA / RS256 
// Traditional JWT — broken by Shor's algorithm
import jwt from 'jsonwebtoken'

const token = jwt.sign(
  { sub: user.id, email: user.email },
  SECRET_KEY,
  { algorithm: 'RS256' } // ← vulnerable
)

// Verify
const payload = jwt.verify(token, PUBLIC_KEY)
AFTER — Quantum-resistant
auth.js ML-DSA-65 
// PQAuth — ML-DSA-65, NIST FIPS 204
import { PQAuth } from 'pqauth-sdk'

const pqauth = new PQAuth('pqa_your_api_key')

const { token } = await pqauth.sign({
  sub: user.id, email: user.email
})

// Verify
const { valid, payload } = await pqauth.verify(token)
EXPRESS MIDDLEWARE — One line to protect all routes
server.js 
import { PQAuth } from 'pqauth-sdk'

const pqauth = new PQAuth('pqa_your_api_key')

// Protect all /api routes — reads Authorization: Bearer header automatically
app.use('/api', pqauth.middleware())

app.get('/api/profile', (req, res) => {
  res.json({ user: req.user }) // payload attached automatically
})
Get started

Up and running in minutes

01
Create your account
Sign up at the dashboard. No credit card required. Get 2 API keys and up to 10,000 tokens/month for free.
pqauth-dashboard.pages.dev
02
Install the SDK
One command. Works in Node.js, Deno, Cloudflare Workers, and the browser. TypeScript included.
npm install pqauth-sdk
03
Replace your JWT
Swap jwt.sign() for pqauth.sign(). Same interface, same experience. Your users won't notice anything.
pqauth.sign({ sub: userId })
Pricing

Simple, usage-based pricing

Start free. Scale when you need to. No hidden fees.

Free
$0 / month
Perfect for side projects and testing.
  • Up to 10,000 tokens/month
  • 2 API keys
  • ML-DSA-65 signing
  • Token verification
  • Community support
Get started free
Starter
$49 / month
For growing apps that need reliability.
  • Up to 1,000,000 tokens/month
  • 5 API keys
  • ML-DSA-65 signing
  • Token verification
  • Usage analytics
  • Email support
Start free trial
Enterprise
Custom
For regulated industries that need compliance docs.
  • Unlimited tokens
  • Unlimited API keys
  • Compliance reports (FIPS 204)
  • On-premise option
  • SLA guarantee
  • Dedicated support
Contact us
Ready?

Start building
quantum-resistant apps today

Free forever for small projects. No credit card required.

Create free account → View on npm