Skip to content
Open Source · Self-Hosted

Build your product.
We handle the rest.

Herald ships a complete multi-tenant platform — auth, billing, payments, user management — so small teams skip infrastructure entirely. AI-assisted customization means you tailor it to your needs without touching boilerplate.

Get Started View Features
terminal 
$ git clone https://github.com/timzaak/herald.git
$ cd herald
$ uv run scripts/dev-start.py

 Starting PostgreSQL + Redis ...
 Database migrated
 Multi-tenant auth  (RBAC, OAuth, TOTP)
 Subscription billing (Stripe, WeChat Pay)
 Admin console @ http://localhost:3000

→ Your auth & billing infrastructure is ready. Focus on your product.

Everything except your core product

Auth, billing, payments, user management — the stuff every SaaS needs but nobody wants to build. It's all here, AI-customizable, ready to deploy.

Multi-Tenant Auth

Organize users into isolated Realms with full data separation. Each Realm gets its own users, roles, OAuth providers, and Client Apps. AI-assisted setup means you configure once and customize as you grow.

  • Realm-based tenant isolation
  • OAuth 2.0 provider (Google, GitHub, WeChat)
  • TOTP two-factor authentication

RBAC & Client Apps

Fine-grained role-based access control per Realm. Register Client Apps with OAuth 2.0 credentials, manage redirect URIs and session settings, and control which apps access which resources.

  • Role-based permissions per Realm
  • Client App registration & secrets
  • Third-party API integration

Billing & Payments

Create subscription plans, map them to payment providers (Stripe, WeChat Pay), and assign plans to Client Apps. Includes a points/credits system for usage-based billing and invoice management.

  • Subscription plans & pricing tiers
  • Stripe & WeChat Pay integration
  • Points & credits system

From zero to production in three steps

Deploy the platform. Let AI customize it. Ship your product.

01

Deploy with Docker

Clone the repo, point your domain, and run dev-start.py. PostgreSQL, Redis, Caddy (with auto-TLS), and the Herald app start together on one machine.

02

Customize with AI

Create Realms, set up OAuth providers (Google, GitHub, WeChat), configure RBAC roles. Use AI-assisted tools to tailor the platform to your exact needs — no need to hand-write infrastructure code.

03

Connect Your Apps

Your applications authenticate users through Herald's OAuth 2.0 endpoints. Users sign in with email/password or social logins. Herald handles sessions, tokens, and user management.

Why small teams choose Herald

Auth, billing, and payments in one self-hosted system. AI helps you customize. No stitching services together.

Comparison of Herald with Auth0, Supabase, and Keycloak across key features
Feature Herald Auth0 Supabase Keycloak
Multi-tenant auth Included Enterprise only Manual setup Included
OAuth 2.0 provider Google, GitHub, WeChat Yes Limited Yes
TOTP two-factor auth Built-in Yes Yes Yes
Subscription billing Built-in
Points & credits Built-in
WeChat Pay Supported
Self-hosted Yes Cloud only Yes Yes
Open source Apache-2.0 No Partial Apache-2.0
Admin dashboard React UI Yes Yes Basic

Stop building infrastructure. Start shipping product.

Herald gives you auth, billing, payments, and user management out of the box. AI handles customization. You focus on what makes your software unique.

Star on GitHub Read the Docs

Frequently asked questions

Everything you need to know about Herald.

What is Herald?
Herald is an open-source, self-hosted multi-tenant auth, billing, and payments platform. It ships with everything small software teams need — Realm-based tenant isolation, OAuth 2.0 providers (Google, GitHub, WeChat), TOTP two-factor auth, RBAC, Client App management, subscription billing (Stripe, WeChat Pay), and a points/credits system. AI-assisted customization means you can tailor it without writing boilerplate infrastructure code.
How is Herald different from Auth0 or Keycloak?
Herald combines authentication and billing in one self-hosted system with AI-assisted customization. Auth0 is cloud-only and charges per user. Keycloak is self-hosted but has no billing. Herald gives you multi-tenant auth (like Keycloak) plus subscription management, points/credits, and payment integration (Stripe, WeChat Pay) — and AI helps you tailor it to your needs. All self-hosted, all open source under Apache-2.0.
What does multi-tenant mean in Herald?
Multi-tenant means Herald organizes your users and data into isolated Realms. Each Realm is a separate tenant with its own users, OAuth providers, Client Apps, and billing plans. Data between Realms is fully isolated — users in one Realm cannot access another Realm's resources. You manage all Realms from a single Herald deployment.
How do I deploy Herald?
Herald deploys with Docker. You need a Linux server (Ubuntu 22.04+, 2GB RAM), Docker Engine 24+, and a domain. Four containers run together: the Herald app, PostgreSQL, Redis, and Caddy (reverse proxy with automatic TLS). Configure your environment, run the setup script, and you're live.
What payment providers does Herald support?
Herald supports Stripe and WeChat Pay for subscription payments, with Shopify Pay integration planned. You can create subscription plans with different pricing tiers, map plans to specific payment providers, and assign plans to Client Apps. Herald also includes a points/credits system for usage-based billing.
What tech stack does Herald use?
Herald uses Rust (Axum framework) for the backend API and React with TypeScript for the frontend. Data is stored in PostgreSQL with SeaORM, and Redis handles sessions and caching. Production deployments use Caddy as a reverse proxy with automatic TLS termination.
Is Herald free and open source?
Yes. Herald is released under the Apache-2.0 license. You can use, modify, and distribute it freely, including for commercial projects. There are no usage limits, no per-user fees, and no vendor lock-in. The source code is available on GitHub.