English
  • Deutsch
  • English
  • Français
  • 日本語

How Permission.io Setup Authentication 3 Months Before Launch

The crypto startup needed secure, scalable authentication for a growing user base of over 475 users per second


Secure access for everyone. But not just anyone.

About Permission.io

Permission.io is the leading provider of permission advertising for eCommerce. The company has created the ASK Coin to enable individuals to securely grant permission and monetize their data on Permission.io and third-party e-commerce platforms. Advertisers reward shoppers with ASK for interacting with brands and content, building consumer loyalty and trust.

Software/Technology
Industry
AMER
Region

In 2020, the value of the cryptocurrency market exceeded $270 billion, and it’s continuing to grow at a rapid clip. Enter Permission.io, a new player in the crypto space offering a business model where users profit off of their own time and data. Instead of Bitcoin (BTC) or Ether (ETH), the company pays users in ASK tokens, their own cryptocurrency, for looking at and interacting with ads. 

“We wanted to flip the old model on its head by allowing our users to earn from sharing their data explicitly and spending their time online engaging with content they choose,” says Hunter Jensen, CTO at Permission.io.

The company is off to a fast start already raising over $50 million in financing, and has over 450,000 users. But before its launch in September 2020, Permission had to prepare its authentication system to securely handle the large volumes of users they were expecting.

“We have to have systems and processes similar to a bank, which is heavily regulated and requires a lot of extra security.”
Hunter Jensen
CTO

Homegrown Authentication Wouldn’t Scale

As a platform that digitally stores user earnings, fraud poses a serious threat to Permission’s user base, so user verification is critical. “We have to have systems and processes similar to a bank, which is heavily regulated and requires a lot of extra security,” says Jensen.

When Permission first entered beta testing, it relied on a homebuilt authentication system featuring its own multi-factor authentication (MFA). The solution protected the blockchain from attacks but drained engineering resources due to continuous maintenance. It also had to fend off bad actors intent on stealing user tokens.

So when Jensen joined Permission six months before launch, he asked, “What do we need in place before we feel comfortable launching?” At the top of his list was identity management that was secure and scalable.

“We needed pros and we needed them fast, because we didn’t have a year and a half to build our own identity management system,” says Jensen. “Time to market was huge.”

“We needed pros and we needed them fast, because we didn’t have a year and a half to build our own identity management system. Time to market was huge.”
Hunter Jensen
CTO

Consumer-facing Crypto Demands Consumer-focused Identity

Permission sits at the unique intersection of consumer banking and technology, and balancing the need for secure identity with a low-friction experience proved challenging. When Jensen discovered Auth0 via Google search, he quickly realized that Auth0 fit their need for a consumer-focused solution. 

“We have a high-volume consumer-focused platform,” says Jensen. “Most enterprise identity vendors offered a platform with consumer features bolted on. But Auth0 was consumer-ready out of the box.”

Within two months, Permission had their Auth0 use case setup for their soft launch, and one month later, the solution went live alongside Permission’s platform.

Today, Permission users can securely sign up and log in to their accounts to manage their data permissions, view their activity, and redeem tokens. Permission has also enabled Auth0 MFA to add a layer of security demanded by today’s threat landscape. According to Jensen, the setup was like “flipping a switch” and is critical to protecting their users.

“The CEO and I discussed how MFA is important but a pain,” says Jensen. “But when he saw how easily it was implemented and how seamless the user experience was, that made all the difference.”

“Most enterprise identity vendors offered a platform with consumer features bolted on. But Auth0 was consumer-ready out of the box.”
Hunter Jensen
CTO

Lifetime Solution for Identity Enables Product Development

Partnering with Auth0 for identity saved Permission an estimated six months of development time for implementation, plus additional savings on ongoing maintenance.

The time back has allowed Permission to innovate for their 475 users per second. The development team recently introduced a browser extension for Permission’s platform, increasing convenience for and engagement from web users. They also created a Shopify app where users can shop using ASK. According to Jensen, “If we had to build our own identity system, we wouldn't have either of these as quickly as we did.”

Among crypto regulation, cookie deprecation, and increasing consumer interest in crypto, there are unknowns ahead in the crypto space. But Jensen is confident that whatever comes, they are equipped to respond and not worry about authentication. 

“Auth0 will scale and keep your users safe, and we don’t have to think about it.”

Interested in the future of crypto? Read what Hunter Jensen has to say here.

“Auth0 will scale and keep your users safe, and we don’t have to think about it.”
Hunter Jensen
CTO

About Auth0

Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.For more information, visit https://auth0.com or follow @auth0 on Twitter.

9K+
Enterprise customers
70+
Countries with Auth0
24/7
Support coverage

Secure access for everyone. But not just anyone.