How Homebase Untangled Legacy Auth & Future-Proofed for AI Agents with Stytch

Homebase powers the everyday operations of small businesses, whether it’s your go-to coffee shop or a favorite neighborhood restaurant. Teams rely on Homebase for critical workflows like scheduling, time tracking, hiring, and payroll. With over 150,000 small businesses using the platform to manage their teams across multiple devices, seamless and secure identity infrastructure is essential.

To meet that need, Homebase replaced their brittle, legacy auth with Stytch’s flexible, developer-first platform. They streamlined login flows, added MFA where it mattered, and strengthened fraud defenses—all while keeping backend control and future-proofing for AI agents.

The Auth System That Overstayed Its Welcome

Homebase initially implemented authentication with Devise, a popular Rails framework, and expanded as new needs arose (multi-factor authentication via SMS, social logins, Magic Links, and support impersonation). As the platform and user base grew, so did the complexity of managing identity. Challenges such as scaling for security threats or debugging edge cases across platforms began to divert engineering resources away from product innovation. To keep pace with customer needs and maintain trust, Homebase recognized it was time for a purpose-built solution.

What They Needed

Homebase wasn’t trying to reinvent identity, they just wanted to uncomplicate it. Their must-haves included:

• A reliable, flexible auth platform built for developers
• A platform that was ready to support future AI agentic use cases
• Purpose built multi-factor auth
• Clean separation of auth from business logic
• Support for user impersonation in customer success workflows
• Tools to fight fraud, like credential stuffing
• Transparent, predictable pricing

Auth0, Firebase Auth, and Cognito each had trade-offs. Either too expensive, too inflexible, or missing key features. Homebase needed an auth partner as developer-centric as they were.

Why They Chose Stytch

Stytch’s API-first approach clicked immediately. No forced UIs. No “one-size-fits-all” assumptions. Just powerful endpoints, transparent docs, and a team that responded like engineers, not gatekeepers.

Stytch let Homebase call APIs directly from their backend, control session creation, and keep their existing UIs intact. And Stytch’s straightforward volume-based pricing meant no surprises down the road.

What They Adopted from Stytch

Flexible Auth, Built Their Way: Homebase used Stytch’s backend APIs to power core login methods, including email/password, SMS passcodes, and Magic Links, while keeping full control over session handling and support impersonation.

MFA Where It Matters: They implemented mandatory SMS OTP as part of multi-factor authentication for sensitive actions like viewing payroll, striking the right balance between security and usability.

Smarter Fraud Defense: To combat credential stuffing attacks, Homebase has experimented with device fingerprinting and now has the ability to enable it when needed. This gives their team a flexible tool to automatically block suspicious logins and reduce the burden of manual reviews.

Auth That’s Easy to Test: Stytch’s static credentials and dedicated test environments helped Homebase cleanly integrate auth into their CI/CD pipelines.

Connected Apps for Secure AI Integrations: To bring their new AI chatbot online, Homebase can simply enable Connected Apps in the Stytch platform. This will let them define exact permissions, manage tokens centrally, and easily revoke access when needed.

The Payoff

Homebase didn’t just modernize their identity stack, they unlocked engineering efficiency and set the foundation for what’s next:

• Faster development by decoupling auth from their Rails monolith
• Less time spent troubleshooting fraud and auth-related support issues
• Stronger security with fraud detection and rapid rollout of security updates and features
• Future readiness to extend identity to AI agents and support agentic use cases

Most importantly, they got engineering time back to focus on their core mission.

Final Thoughts

Homebase continues to improve and iterate on auth, but with Stytch, they’re no longer consumed with managing brittle infrastructure or chasing down fraud issues. They’ve shifted from maintaining legacy systems to building features that matter, and future-proofing their identity stack for AI.