Federation · SSO

One tap from your app into Busymate DevTools

Give your users an 'Open in Busymate DevTools' button and they land inside — as themselves, real account and email — with no pairing, no copied tokens, no second login screen.

A partner app with an "Open in Busymate" button arcs one single-tap arrow into the Busymate dashboard where the same user appears already signed in over live request rows; below, a broker node stamps the handoff with a 60-second timer and single-use ticket, while a faint path into an admin door is blocked. partner-app Open in Busymate one tap dash.busymate.dev 200 201 broker 60s single-use admin

For platforms & agencies

One tap for them, one action for you

Give the platforms, agencies and customers with their own user bases a proven, takeover-safe way in — with zero tokens exchanged and one admin action to integrate.

One tap for them

Your user clicks a button in your product and arrives in the dashboard already signed in. No onboarding flow, no credentials to manage, nothing to explain in your support docs.

One admin action for you

Registering a single federation client is the whole integration. There's no per-partner code to write, host, or maintain — your side stays exactly as it is.

Your backend, your way

Works with Directus sessions, HMAC-signed custom backends, or apps already running their own Supabase project. The broker adapts to your auth — not the other way around.

Takeover-safe by design

Identities key on provider plus subject — never a bare email. Merging into an existing account requires four strict guards to pass, and merging into an admin is simply impossible.

Contained by default

Every provisioned user lands in a capped role, each client carries its own rate limits, and there's an instant kill switch if anything looks wrong. Generous for users, stingy with privilege.

Related: the security & trust modelthe dashboardthe AI teammate

FAQ

Partner questions

Do my users need a separate Busymate login?

No — one tap lands them in Busymate DevTools already signed in as themselves, with no pairing, no copied token, and no second login screen.

How much code do I need to write to integrate?

None for the handoff itself. Registering one federation client is the whole setup — there is no per-partner code to write or maintain.

What identity providers are supported?

Directus sessions, HMAC-signed custom backends, or apps already running their own Supabase project.

What stops a malicious partner from taking over an existing account?

Identities key on (provider, subject) and never merge into an existing account by email unless four strict guards pass — and never into an admin account.

Become a partner

Register one federation client and give your users a one-tap door into Busymate DevTools — real account, capped role, and your app never touches a Busymate token.