
Cloud-based User Management for Web Apps - typerandom
https://userapp.io/
======
WA
Why? Honestly, how can you "outsource" such a vital part of your web app to a
third party? Not only is this a privacy disaster but also, if this user
service goes down or has a temporary downtime, your own business is
effectively unusable.

I understand that it makes sense to not write these types of user functions
and management things over and over again. The solution however, is not a
SaaS, but a library or a little framework. And from what I remember, major Web
development frameworks offer exactly these types of functionality.

I don't want to be a downer and you guys probably spend a lot of time on the
product, but from my perspective, any business owner using a third party to
handle user data acts irresponsibly. You OWE it to your users to keep their
data as tight and as centralized in one spot as possible – a spot only you and
employees have access to and servers only you rented and have access to and
not a third party.

I'd even rather use Wordpress as a basic user management platform than use a
third party service. This way, it is at least fully under my control and I'm
the only one responsible if things get broken or data gets stolen.

~~~
aytekin
One possible use case: Let's say you are building a new app and you don't know
if it will be successful. At this point you are supposed to be working on the
core. You are supposed to be talking with the users as soon as possible. You
are not supposed to spend your time on things that don't matter such as
registration, email delivery, forgot password.

If the app becomes successful you can always implement these things in house
later.

~~~
camus
Please , in every languages there are a tons of libraries dealing with these
stuffs, Starter projects with these functionalities ...

    
    
        At this point you are supposed to be working on the core

~~~
UK-AL
Invoicing, Price Plans and Payment. These are not normally built in. Basic
user management is, but not those things.

------
leftnode
I wish you the best of luck with this. It's really well designed.

I launched a very similar service named Accthub about 18 months ago and
unfortunately it didn't fare well. Now, there's Mozilla Persona, Stormpath,
Userapp, and probably several other in the same space.

Hope you can turn it into a legit business, but the general issue developers
had was:

1) This is not a legit issue I have, my framework can handle this in the
matter of a few minutes, maybe an hour or two if I want something really
complex. 2) Privacy concerns. 3) High availability issues.

Best of luck, I will be monitoring your service closely because I want it to
do well.

------
badclient
Looks intriguing and I can tell you guys have spent a lot of time on the
feature-set. But the biggest thing that will hold me back(and may be others)
is a lack of clarity about security and my data(what happens in the event that
you are down? in the event that you close shop?)

~~~
typerandom
OP here.

This is something that we are very aware of. We only have good intentions and
want our users to feel 100% secure with us. If you don't, please let us know
how we can change that! :) We don't have it now, but we will make it possible
to export all of the data in UserApp at any time.

Regarding security and privacy we have written a section about it here:
[https://help.userapp.io/customer/portal/topics/550128-securi...](https://help.userapp.io/customer/portal/topics/550128-security-
and-privacy/articles)

Additionally, everything is SSL and passwords are stored using bcrypt. And we
will make it possible to login using 3rd party providers later (OAuth). From a
personal perspective, we will run this ship to the end of the world if we have
to. Since we're developing quite a few other services (www.amail.io to mention
one) we are also basing all our services on UserApp.

~~~
effhaa
This sounds pretty good at a first look - so why do you bury it somewhere deep
in the help section?

~~~
UK-AL
Yeah its the number one concern with this type of product. So it might even be
good to have a security section on the front page, to ease nerves.

~~~
typerandom
OP here.

I totally agree. Don't know how we could miss putting it up there. I will see
to it that this gets the attention it needs on the front page. Thanks! :)

------
prostoalex
Would be interesting to see the comparison of this against
[https://www.dailycred.com/](https://www.dailycred.com/)

~~~
nostromo
DailyCred cofounder here.

We do not (currently) manage pricing and plans for you, so that's a plus for
UserApp.

We are more focused on user management, oauth simplification (FB, Twitter),
auth, and user analytics.

We're also VC backed (Google Ventures) and are storing millions of accounts.
Because we have a few larger clients bringing in real revenue, we're not going
anywhere anytime soon.

Some unsolicited advice for UserApp:

* You need to address lock-in. It's the first thing everyone asks us. We designed our platform for zero lock-in and account portability for this very reason.

* This space can be a hard sale. People are reticent to store their user data in the cloud. (As they should be!) Compare that to the next social/mobile app that people will try on a whim. That's the bad news, but the good news is once you've "wowed" a customer, they will likely be a customer for a very long time -- even if you make export easy.

* Lastly: good luck!

------
sebslomski
This looks great! For me as a developer, who considers using it for a side
project, I would even bother to spend the 9$ for the development version.
Would be great to have a (user limited?) forever free account.

------
bmillipede
Good luck. I have been using [http://dailycred.com/](http://dailycred.com/)
for an year now and very happy with it. They have free account available too
which is definitely needed to try a product such as yours.

------
mppc
You could consider "Bring Your Own Database."

Meaning give developers the nice UI and added features but connect to the
database of the developer's choice to actually store User data. That might
address security and what if you close shop issues.

A SaaS app that does something similar conceptually is CushyCMS -- you give
them your FTP information and they provide an interface without storing or
hosting your content.

[https://www.cushycms.com/en/static/faq#tech_host](https://www.cushycms.com/en/static/faq#tech_host)

------
jitix
Looks great! Will surely use it for my next project.

Few suggestions:

1\. Implement multiple ways to login (and charge accordingly) e.g Keyfile
based, Color combination based, Biometric based, etc.

2\. Do cross-platform API. I know you might think that BB is a sinking ship
but to be ubiquitous you service needs to have an API on EVERY platform.

3\. (This is more technical) Shard your db based on the location of your
customers and accordingly replicate your data. e.g. If I launch a webapp
hosted in India, I obviously don't want my customers to hit sweden or US every
time they login (with the undersea cable breaking every now and then). If the
India mirror of your service goes down then there will be graceful degradation
(users will login slowly by hitting the other replicas) but not a full
downtime. Basically for a customer X running webapp W, the primary replica
should reside in the vicinity of where W is hosted but backed up by replicas
in other locations.

4\. Introduce a free development tier for upto 4-10 users.

------
Asparagirl
Hey, this looks like a nice time-saver for those of us starting up side
projects. Not everybody wants to build out this stuff over and over, and
working with OAuth is a pain. So, thanks!

Now, I know it's on your roadmap, but I would really like to see sample code
integrating with one or more payment providers or recurring billing management
services. Stripe and Recurly would be top of my list. Would love it if you
could get that up soon.

Would also like more docs about the differences between permissions and
features. I mean, I think I get it, but more specific text would make me feel
more sure.

Minor bug: in my own account information, when I went to go edit it, you have
separate fields for given/first name and surname, but you refer to both in the
info/help text as a surname or last name.

Anyway, nice job!

------
arb99
Looks good. I think the 'hours saved' under 'save time with userapp' is
exaggerated a little :)

If i were to use it, I'd want some easy way to export the users though. I know
i could iterate through them all and get the data (maybe not password
hashes??), but at one point a web app would probably need something custom
enough that i'd just want to have all the data myself.

I think things like stopping invalid signups, good spam protection etc could
push people to use this. Also integrating login via facebook/google/twitter
and making it work seamlessly out of the box would be a big plus. For those
small website projects it would be much easier/quicker to plug this in, and
focus on the core of the app, rather than all the user backend crap.

------
jedireza
Since I've built user/admin systems for the majority of my career, this is
really interesting to me. The site looks great and the Family Guy stuff is
funny ("No,n0_p4ssword!") Hah.

I agree with the lion share of what WA said.

The MVP/prototype argument is a valid one, but remembering that nothing lasts
forever, it's probably wise to think of these services as temporary tools and
not permanent solutions.

I believe that user management is such an important (and basic) thing, that
you should own it. For the hackers out there, feel free to checkout my Drywall
project, which is a website user system build for node.
[https://news.ycombinator.com/item?id=4951605](https://news.ycombinator.com/item?id=4951605)

------
jjoe
My gut's telling me this tool is going to be successful. But you'll definitely
need to grow some thicker skin. Disregard skeptics (unless it's constructive
criticism), keep building your product, and keep pushing.

Good luck.

------
jokull
This would be cool as an extension of the Mixpanel API. So instead of just
tracking users you’d have all these features as well. I’ll agree with the
criticism of this being a point of failure too big for mission critical
systems, but if it gets proof of concepts off the ground sooner, who knows?
Could be a great way to save time. I would suggest thinking carefully how you
would eventually grow out of each component. That’d be my main concern. I want
to be able to switch out components one at a time.

------
brickcap
Nice work guys. I especially like the integrated pricing system. Adding a
means of payment is a tricky aspect of a product. If that is taken care of
well it saves a lot of time.

------
joshribakoff
Would not use this. If I want saas I'll use open id (facebook/google login),
its free and people are already using it.

If I want ownership of code, I'll use existing frameworks.

------
romansanchez
I would honestly just use this to start off and save time, but once things
start picking up, data export and in house user mgmt would be the move.

------
olssonm
Really neat idea, and seems well built this far.

However, I feel like it needs a bit more until I try it out. Right now it
would be a compromise between saving some hours in a few areas, and use those
hours to learn Userapp and integrate it.

Anyhow, hope it moves along well – will check back on the progress in a few
months and see if it have improved with more features, demos and examples.

------
alecsmart1
This is a great idea. I've been thinking of developing something similar. But
you cannot sell it as SaaS. It needs to be a one-time self hosted project so
that startups and download, install and be ready in minutes. At the same time
there are no security/privacy issues that most users here are worried about.

~~~
throwaway420
I agree strongly. Ideally this would be a self-hosted project.

This would eliminate most of the potential privacy issues that might inhibit
usage of this.

I'd love to see something like this take off because its time wasted that
prevents you from working on a core product idea.

------
joshuahornby
Can anyone recommend a service similar to this (a backend framework) but which
allows you to keep your own data?

------
typerandom
We just launched UserApp after 9 months of hard work. Please try it out and
let us know what you think :)

~~~
3825
Have you done any A/B testing on including text like "That's about 4 cups of
coffee" in pricing pages?

I found this:
[https://news.ycombinator.com/item?id=4394114](https://news.ycombinator.com/item?id=4394114)

~~~
timothy89
Hi, I'm the "front-end dev" of UserApp. No, I just went on my feeling on this
one :) I actually got the idea from wrapbootstrap (e.g.
[https://wrapbootstrap.com/theme/ace-responsive-admin-
templat...](https://wrapbootstrap.com/theme/ace-responsive-admin-template-
WB0B30DGR)). Thanks for the link btw, I will check it out later!

------
dchest
I'm working on something like this, but installable on your own server.
Subscribe here if you want to know when I release it:
[https://lists.codingrobots.net/?p=subscribe&id=3](https://lists.codingrobots.net/?p=subscribe&id=3)

~~~
typerandom
Nice. I have subscribed to your mailing list. Will be interesting to see how
you approach it :)

~~~
dchest
Thanks, and good luck with UserApp!

------
UK-AL
This is actually a pretty good idea, solves a legitimate annoyance. Obviously
there is privacy concerns.

------
Xorlev
You claim it's a low-latency, HA platform. What does that mean? Details are
the only way to make your users feel secure that you won't be going down when
they need you the most.

------
mariusblaesing
good idea, but coming from a privacy startup this is obviously a no-go..

and distributing a web-app would equal to just open source it.. I know, it's a
dilemna

~~~
bjelkeman-again
I need to integrate something like this in an open source platform. Is there
anything even close as an open source project? Or do we need to develop the
same thing as FOSS ourselves?

~~~
philjackson
OpenAM

edit: I seem to have been voted down. It was a serious suggestion though - did
I misunderstand the question?

~~~
bjelkeman-again
It wasn't me. Someone down voted me too. Sometimes the HN crowd is a bit
negative against open source as they are focused on making money and there is
some who think there is a conflict in that.

------
seivan
It does feel like they are running their user credentials and other "critical"
stuff in MongoDB. I wouldn't advice that.

Am I wrong? Curious.

~~~
typerandom
We are actually using Redis and have configured it for high
consistency/durability.

------
joshuahornby
This looks interesting, maybe a video of how it works? It's clear that a lot
of work has been put into this so kudos for that.

------
abcd_f
$89 is not "about 18 bottles of beer."

~~~
typerandom
Then you don't live in Sweden. Beer here is expensive :) :(

~~~
read
How are privacy laws in Sweden?

~~~
read
Why was I downvoted? I am genuinely interested to know where to host data.

[https://news.ycombinator.com/item?id=6182989](https://news.ycombinator.com/item?id=6182989)

------
kolev
Way too expensive for just a small piece of your business. Keep in mind a
decent server at Digital Ocean is just $5/month.

------
fiatjaf
Are you going to add other currencies? What are the limitations of doing it?

------
jbarrec
This seems best suited for building a prototype quickly (i.e. Hackathons).

------
throwaway420
This site looks beautiful and very well thought out at first glance.

I think there might be a use case for this for simple projects, but the
privacy implications of this in light of NSA and other government spying makes
this unusable for most potential applications.

