API (Application Programming Interface): A set of protocols and tools for building software applications.Authentication: The process of verifying the identity of a user or system.Authorization: The process of determining what actions an authenticated user is allowed to perform.
Challenge: An additional verification step required when a user’s risk level is uncertain.Claims: Statements about a user contained within a token (typically JWT).
Device Fingerprinting: Technology that identifies devices based on their unique characteristics.DFP: Device Fingerprinting Platform - Stytch’s fraud detection system.Discovery: Centralized login flow that allows users to view all Organizations they have access to, including pending invites and Organizations they are allowed to automatically join based on their verified email domain.
IdP: Identity provider; a workforce application that allows companies to centrally manage their employees’ identity information as well as their access to company resources and applications.
Magic Link: A passwordless authentication method using time-limited URLs sent via email.MFA (Multi-Factor Authentication): Security process requiring multiple authentication factors.
OAuth: An authorization protocol allowing third-party applications to access user resources.Org-specific: Organization-specific login flow where end users go to a specialized login page for their tenant, often a subdomain or route that contains the Organization Slug (e.g. acme-corp.yourapp.com or yourapp.com/team/acme-corp).OTP (One-Time Password): A password valid for only one login session or transaction.
Passkey: A passwordless authentication standard using cryptographic key pairs.PKCE (Proof Key for Code Exchange): Security extension for OAuth authorization code flow.
SCIM (System for Cross-domain Identity Management): Standard for automating user provisioning.Session: A semi-permanent interactive information exchange between user and application.SSO (Single Sign-On): Authentication process allowing users to access multiple applications with one set of credentials.
TOTP (Time-based One-Time Password): Algorithm generating time-limited passwords.Token: A piece of data representing authentication or authorization credentials.
