Permit.io's new pricing model makes for
affordable, predictable, fine-grained authorization tailored to developers and
companies of all sizes.
Authorization is Changing,
and We're Changing With It
Working at Permit.io, I am
constantly reminded of just how necessary Fine-Grained Authorization (FGA) is for every
modern application in organizations of all sizes. Data security and compliance
requirements are intensifying across industries, and companies are realizing
that implementing proper authorization is something they just can't afford to
postpone or overlook.
This problem gets even more complicated
with the increased user expectations to provide them with greater agency over
their data than ever before. Self-service components that allow for
collaboration and data sharing are considered a must for any modern application,
and support for them is expected from day one.
To make this implementation process
easier, many companies are opting for externalized authorization solutions like Permit.io, reducing the risk of unauthorized
access and allowing development teams to focus on developing their core product
- instead of spending months on building security features from scratch.
Considering this, we aim to make
fine-grained authorization accessible to everyone, from startups to established
enterprises. As we see more software developers taking on decision-making roles
and seeking budget-friendly solutions that don't compromise on quality, we
decided our pricing model needs to reflect this
reality.
The recent changes to our pricing model
introduce several strategic updates and new tiers. In this post, I'll introduce
you to these changes, what led us to make them, and how I believe our new
pricing model allows for far more
accessible pricing for all users.
Let's dive in!
What's New?
Introduction of a New
Startup Tier
Our updated model introduces the Startup tier, a new pricing level that
offers high-quality, fine-grained authorization at an affordable rate,
specifically tailored for smaller teams and startups.
This tier is priced significantly lower
than our previous Pro tier and provides essential features that support the
needs of smaller, growth-focused companies, especially those focused on B2C
applications, that need to support large user bases.
Unlike mature enterprises, these
companies might not need extensive quotas on roles, resources, or tenants.
However, they still require fine-grained authorization capabilities that can
scale as their user base grows.
The Startup tier allows these developers
to implement comprehensive authorization measures with all necessary tools at a
significantly lower starting price.
For instance, applications with up to 10,000 users now cost as low as $150 per month.
This makes fine-grained authorization feasible and affordable for smaller
development teams, ensuring they don't have to compromise on security due to
budget constraints.
Expansion of the Free
Tier Features
As per our philosophy of having zero
"blackout features," we expanded access
to core capabilities that were previously limited to the Pro tier. Modern
SaaS applications, particularly those focused on a developer audience, cannot
include feature limitations that lock them out of key functionalities.
This is why key features-like GitOps flow, writing custom policies as code, GitHub
integration, and infrastructure-as-code tooling with Terraform-are now available within the free tier.
This move ensures that developers on any
plan can configure permissions, manage policies, and integrate Permit
seamlessly into their preferred workflow. With these expanded free-tier
offerings, users can extend Permit policies or even manage independent authorization
frameworks using the configurations they create within Permit.
This gives users flexibility and control
without any upfront costs, reinforcing our commitment to accessible
authorization for developers at all stages.
Features
that were part of the Early Access Pro program, such as strong consistency in
critical data updates to the
PDPs, are now also available for free.
Reorganization of Pro and
Enterprise Tiers
Recognizing that many companies with
moderate user bases also need strong security features, we moved certain Enterprise-exclusive features, such as single sign-on
(SSO) and compliance tools, down to the Pro tier. The Enterprise tier
now centers on custom agreements and specific quota needs rather than reserving
these features for enterprise customers.
Adding Quotas to our
MAU-Based Pricing Model
As an authorization provider, it would be
easiest for us to charge our clients based on the number of authorization API
calls we have to process, as each call directly represents a quantifiable cost
in server and infrastructure resources. That's the way some authorization
providers do it.
The thing is, authorization calls can add
up quickly and unpredictably, as even a single API call from a user may require
multiple authorization checks - potentially resulting in large, unexpected
expenses for our clients.
For this reason, we initially designed
our pricing model around Monthly Active Users (MAU). This way we can offer a
predictable cost structure, allowing you to easily forecast expenses, as users
are a very basic growth metric for every application.
Basing pricing solely on MAU, however,
introduced challenges for us as a service provider. While MAU is stable for
clients, it doesn't account for the variability in authorization usage that
occurs within different applications. Some clients may have a small number of
users, but those users may trigger a very high volume of authorization calls,
resulting in significant operational costs on our end.
To address usage unpredictability while
still offering a friendly pricing model, we're
introducing a quota on the number of
resources and rules each client can define within our system. This quota is
designed to be very high-so high, in fact, that after discussions with our
users, we doubt any of them will surpass it.
By setting these quotas, we can manage
our operational costs more effectively, especially when it comes to caching
rules and handling the volume of API calls. These newly implemented limits
apply to our Startup and Pro pricing tiers, giving us a way to forecast our
operational demands without compromising service quality.
This approach allows us to offer a
Monthly Active User (MAU) pricing structure at a rate significantly lower than
any other authorization-as-a-service provider.
Balancing Pricing for
Existing and New Users
Introducing a new pricing tier is more
than just setting new numbers. It also means we need to strike a balance for
our current users, who naturally shouldn't pay more than newer users,
especially when prices are reduced.
To address this, we conducted in-depth
discussions with our community, from existing clients to potential customers,
with the goal of adjusting their current pricing to the new set standard.
It's very important to note that no Permit.io paying customer will have to pay more for
the newly established quota.
Secure, Fine-Grained, and
Affordable
Through these updates, our goal is to
support developers and organizations in implementing fine-grained authorization
affordably, securely, and with predictable costs. We believe this new pricing
structure aligns with the current demands of the software market, allowing
developers of all sizes to make confident, budget-friendly decisions for their
authorization needs.
For complete transparency, we've published
a full breakdown on Permit's pricing page, where you can view a
side-by-side comparison of all tiers. I encourage everyone to explore this page
to see how each plan aligns with your needs.
If you have any questions about the newly
set pricing or anything else, the Permit.io team
and I are always available in our Slack
Community.
Can't wait to see what you're going to
build!
##
ABOUT THE AUTHOR
Gabriel L. Manor, VP of Developer Relations at Permit.io
Gabriel is an engineering leader with extensive experience in authorization, security, and developer platforms. Over the years, I have worked as a technical leader and principal engineer at large corporations such as Cisco and Palo Alto Networks and a few startups. Now, he is leading the DevRel in Permit.io - a developer platform for fine-grained authorization.