Turned to Stytch for simple, streamlined authentication flows
Gather hosts online educational programs and interactive communities for cultural institutions like museums and universities. Their digital learning platform has grown exponentially in the wake of COVID-19, as remote and virtual experiences have become increasingly essential.
Users can register for an event through Gather or through a partnering organization’s website, app, or membership portal, necessitating a range of flexible and secure authentication options. With Stytch, Gather is able to provide a best-in-class sign up and login experience without having to spend time building or maintaining an authentication architecture.
Partnership highlights
- Streamlined authentication: Gather allows guests to register for and join events from a variety of apps and channels. With Stytch’s flexible solutions, Gather can connect to partnering organizations’ APIs while streamlining authentication flows for users.
- Safe and secure data: Relying on Stytch’s solid security and maintenance, Gather doesn’t have to worry (or even think) about protecting clients’ and users’ sensitive data or tending to technical errors.
- Speedy integration: With Stytch’s straightforward documentation and hands-on support, it took Gather’s small engineering team just two weeks to integrate, saving them valuable time and energy.
Products used
Challenge
To work with their partners’ existing platforms and membership databases, Gather searched for an adaptable authentication solution that would reduce friction while allowing users to navigate between different applications and accounts.
“We don’t have your typical blog-style website,” said Ryan Rosztoczy, Gather’s founding engineer. “We need to be able to partner with organizations, connect to their API calls, and link our authentication together. For instance, one of our partners doesn’t use our signup, because they already had a pre-existing flow. So, the issue for us is, how can we stitch together pieces of auth on our back end to be really flexible for our clients?”
At the same time, Gather handles high-volume events for several prominent institutions, meaning they don’t just need a seamless user experience—they need security they can count on.
“Our clients tend to be stringent, especially the big universities and museums,” said Rosztoczy. “You have to go through RFT proposals where you outline your entire technical process. For us to do that and make changes based on each organization’s needs would be impossible. We need to be able not to worry about it—to check it off and say, ‘No, we don’t have this vulnerability here.’”
Solution
Gather turned to Stytch right off the bat to put a versatile authentication flow in place.
“When we started thinking about building our auth, I looked at three solutions: Auth0, Magic Link, and Stytch,” said Rosztoczy. “It became clear playing with each that Stytch was going to be the most flexible. With Auth0, you had to open the email in the same browser you requested the login from, which didn’t work for us. And Magic didn’t have the same level of API exposure.”
Once they decided on Stytch, the integration process was smooth and painless, even for a very small engineering team. And the Stytch team was there to support them throughout.
“It was very straightforward,” said Rosztoczy. “Most of our questions could be answered over Slack, and the docs are clear enough that even Slack was only necessary for certain issues. Overall, it took us less than a quarter of the time, compared to building our own solution. We went from evaluating our options to having rolled passwordless auth in two weeks with just one engineer.”
Results
With Stytch’s simple, streamlined authentication flows, Gather can create a seamless experience from end to end, even when users are jumping between different platforms.
“The most valuable thing by far is the ability to create tokens and attach them to user sessions,” said Rosztoczy. “Before, we’d send event reminders to registered users via email. When they clicked, it would bring them to the Gather website, but then they’d have to log in. Now, we just attach tokens to each email, so a user can go from their inbox to our app fully authenticated. We already have their data, and they’re verified automatically.”
What’s more, Stytch’s solid, passwordless solutions save Gather from having to worry about bolstering their security profile and safeguarding their users’ information.
“As an early startup with a small team, we want to think about security as little as possible so our focus can be on feature development,” said Rosztoczy. “One of the nice things about Stytch is that there are no passwords. We have no sensitive personal data contained in our application, nothing that we’re liable for. If we get hacked, it doesn’t matter.”
For Rosztoczy, that means he can set and forget Gather’s authentication infrastructure while using it as a springboard for new ideas and innovations—and saving time, to boot.
“I remember rolling my own auth at a big company. It was a challenge any time we wanted to do something new, because you had to build it all yourself and redo what you’d done before. Now, we just access new endpoints from Stytch. For me, the real time saver is how rarely things go wrong. I don’t have alerts constantly popping up with errors, and it’s all very easy to monitor and control.”
Looking ahead
Moving forward, Gather is excited to try the full range of Stytch’s authentication solutions, allowing their clients and end users to register for and join virtual events whatever way works for them.
“We’re eager to implement other passwordless products like Google Auth and SMS passcodes to reduce friction even more,” said Rosztoczy. “With Stytch, we know we’ll have a nice array of authentication tools in place to make everybody happy. I see us using almost all of them within a year.”