Authentication
Email/password, magic link, phone OTP, OAuth (Google, GitHub), MFA (TOTP), SAML SSO. JWT + refresh, session revocation.
Pluto ships a complete Backend-as-a-Service — authentication, auto-generated APIs, realtime, storage, vector search and edge functions — behind a typed SDK and an admin dashboard. Run it on your laptop with docker compose up, or one-click deploy to Fly, Railway or Render.
git clone pluto-baas && cd pluto-baas && docker compose up -dpluto status --url /api/pluto→ probing modules...showing 8 / 8
Eight canonical services, all namespaced, all versioned, all covered by integration tests.
Email/password, magic link, phone OTP, OAuth (Google, GitHub), MFA (TOTP), SAML SSO. JWT + refresh, session revocation.
Instant CRUD endpoints from Postgres tables. Filters, ordering, pagination, RLS enforced per JWT claim.
WebSocket subscriptions, presence, ordered broadcast, sharded rooms, backpressure policies.
Public/private buckets, signed URLs, resumable uploads. Local disk or S3-compatible (MinIO, R2, S3).
Deploy TypeScript handlers to isolates. KV, queues, secrets, cron triggers.
pgvector-backed HNSW indexes, hybrid rerank (linear/RRF), streaming embeddings.
Durable multi-step workflows with step ledger, retries, side-effect idempotency.
Structured logs, request-id tracing, Prometheus metrics, per-tenant usage & quotas.
One @pluto/client works from React, Vue, React Native and Node — plus first-party Python and Go SDKs.
import { createClient } from "@pluto/client";
const pluto = createClient({
url: "https://api.yourapp.com",
anonKey: import.meta.env.VITE_PLUTO_ANON_KEY,
});
// Email + password
await pluto.auth.signIn("ada@example.com", "hunter2");
// Magic link — passwordless
await pluto.auth.signInWithMagicLink("ada@example.com");
// OAuth
pluto.auth.signInWithOAuth("google");Every module has a real UI. Manage keys, whitelist origins, edit schemas, revoke sessions — without touching SQL.
Anon + service-role keys per workspace with copy-safe minting.
Per-project allow-list — no wildcards in production.
Visual table editor, SQL runner, migrations timeline.
Native Postgres RLS policies + role registry, tested end-to-end.
List users, revoke sessions, assign roles, manage MFA.
/readyz + one-click smoke run of every canonical endpoint.
Pluto is MIT-licensed and free forever on your own hardware. Managed cloud plans are per-project — no per-seat surprises.
Run Pluto on your own hardware or VPS.
Managed Pluto with predictable pricing for prototypes and side-projects.
Production workloads with team seats, higher quotas and priority support.
All cloud plans include TLS, daily backups, and access to the admin dashboard. Need on-premise or enterprise SLA? Talk to us.
Config files ship with the repo — pick a target and go live in minutes.
Common questions from teams evaluating Pluto against Firebase and Supabase.
Every project has a strict allow-list managed in Dashboard → CORS. No wildcards in production. Preflight is served by the API, and disallowed origins are rejected before they hit any module. Add your published frontend origin (e.g. https://backend-joy.lovable.app) before going live.
Pluto uses native Postgres RLS. Every request sets a Postgres session with the JWT claims (sub, role, workspace_id), so policies like posts.owner = auth.uid() run server-side. The Dashboard ships a policy editor and end-to-end regression tests so bad policies are caught before deploy.
Realtime v5 is a WebSocket gateway with sharded rooms, presence, ordered broadcast and backpressure. It piggybacks on Postgres logical replication for row-change events (subscribeTable) and adds application-level channels for chat, cursors and presence.
Cloud plans are billed per project. A workspace can hold many projects, each on its own plan. Self-hosted is free forever regardless of workspace or project count.
Four common paths: (1) docker compose up -d locally; (2) flyctl deploy using the shipped deploy/fly.toml; (3) Railway 1-click via railway.json; (4) Render blueprint via render.yaml. All four boot the same image and pass /readyz before serving traffic.
Yes. The Data API mirrors PostgREST semantics, so Supabase-JS query patterns port directly. For Firebase, use the Pluto CLI import command to move Auth users and Firestore collections into Postgres tables.
Spin up Pluto, point your React app at it, and get back to building features your users care about.