All APIs
Amazon Cognito Identity Provider logo

Amazon Cognito Identity Provider

Amazon Cognito Identity Provider

UpFreeOpen Sourcecloudby Amazon Web Services62· JavaScript· MIT

Amazon Cognito User Pools deliver managed user signup, login, password reset, and MFA for applications.

Visit site ↗Source ↗Health checked 14h ago
Use it when

50,000 free MAU per month — generous for small projects

Watch for

Hosted UI offers limited customization

First check

Create a User Pool and App Client in the AWS Console; choose sign-in methods (username / email / phone) and password policy. Front-ends typically use Amplify Auth or the cognito-identity-js SDK for signup/login.

Auth
api_key
CORS
No
HTTPS
Yes
Signup
Required
Latency
43 ms
Protocol
REST
Pricing
freemium
Stars
62

Uptime · 30-day window

Probes: 30Uptime: 100%Avg latency: 50ms

GitHub activity

62JavaScriptMIT17 open issuesLast commit 155d ago
01

About this API

Cognito takes the perennial "user authentication" problem and turns it into a managed service: signup, login, email verification, forgotten password, MFA, token issuance and refresh — all maintained by AWS. For indie developers it is especially attractive — 50K MAU free is enough to run most projects for a long time without paying.

It has two parts: User Pool is the identity provider (manages users and passwords); Identity Pool exchanges user identities for temporary AWS credentials (so frontends can talk directly to S3, etc.). The two can be used independently or together. Social login (Google, Facebook, Apple, SAML, enterprise IdPs) plugs in via federation — "Sign in with Google" becomes a few lines of config. Lambda triggers are the advanced customization surface — pre-signup, post-confirm, custom challenge, and other hooks let you inject custom logic at key moments (allowlist email domains, sync users to your own DB, fire webhooks).

02

What you can build

  • 1Add user signup/login without building auth from scratch
  • 2Integrate social login (Google, Facebook, Apple)
  • 3Extend user profiles with custom attributes
  • 4Protect REST APIs via API Gateway integration
03

Strengths & limitations

Strengths

  • 50,000 free MAU per month — generous for small projects
  • Native OAuth 2.0 / OIDC / SAML support
  • Lambda triggers allow deep customization of auth flows

Limitations

  • Hosted UI offers limited customization
  • Migrating existing users requires password hash import or migration Lambdas
  • Error messages can be opaque — debugging is mediocre
04

Getting started

Create a User Pool and App Client in the AWS Console; choose sign-in methods (username / email / phone) and password policy. Front-ends typically use Amplify Auth or the cognito-identity-js SDK for signup/login.

05

FAQ

How does the free tier work?+

First 50,000 MAU free (excluding federated identities); pricing tiers begin at ~$0.0055/MAU beyond.

Can I customize the hosted UI look?+

Only logo and basic colors. For full customization, build your own UI and call InitiateAuth / RespondToAuthChallenge directly.

Auth0 vs Cognito?+

Auth0 offers a better developer experience at higher cost; Cognito integrates well with AWS at lower cost. AWS-centric stacks typically pick Cognito.

06

Technical details

CORS: NoHTTPS: YesSignup: YesOpen source: Yes
Auth type
api_key
Pricing
freemium
Protocols
REST
SDKs
python, javascript, java, go, ruby, csharp
Response time
43 ms
Last health check
6/26/2026, 6:22:15 AM
07

Endpoints

Parsed from the OpenAPI spec. Showing 12 of 101 non-deprecated endpoints.

POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AddCustomAttributes
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminAddUserToGroup
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminConfirmSignUp
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminCreateUser
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminDeleteUser
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminDeleteUserAttributes
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminDisableProviderForUser
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminDisableUser
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminEnableUser
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminForgetDevice
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminGetDevice
X-Amz-Target:header*
POST
/#X-Amz-Target=AWSCognitoIdentityProviderService.AdminGetUser
X-Amz-Target:header*

89 more endpoints not shown. See the OpenAPI spec for the full list.

08

Tags

authidentityawscognitorest
09

More from Amazon Web Services

View all from Amazon Web Services →
Access Analyzer
62

AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.

Alexa For Business
62

Alexa for Business helps you use Alexa in your organization.

Amazon API Gateway
62

Amazon API Gateway helps developers deliver robust, secure, and scalable mobile and web application back ends.

Amazon AppConfig
62

Use AppConfig, a capability of Amazon Web Services Systems Manager, to create, manage, and quickly deploy application configurations.

Amazon Appflow
62

Welcome to the Amazon AppFlow API reference.

Amazon AppIntegrations Service
62

The Amazon AppIntegrations service enables you to configure and reuse connections to external applications.

Amazon AppStream
62

Amazon AppStream 2.0 API Reference.

Amazon Athena
62

Amazon Athena is an interactive query service that lets you use standard SQL to analyze data directly in Amazon S3.