DEVELOPER PORTAL · HEADLESS REVENUE ENGINE

Headless Revenue Engine & Developer Portal

Stop forcing enterprise buyers into rigid iframe portals. Aforo provides a fully API-driven, AST-validated storefront with native SAML/OIDC identity, deployable via AWS Amplify or headless SDK.

Book a Technical Demo SDK Reference

150+

API endpoints

AST

validated AI engine

SAML/OIDC

native identity

<60ms

headless config TTL

API-FIRST ARCHITECTURE

The Iframe Trap vs. API-First Headless

Legacy billing platforms force your customers into hosted, un-styleable iframes. Aforo is headless by default — consume our REST API directly or drop in the @aforoai/storefront-headless NPM package.

GET /api/v1/portal/catalogHeadless API

{
  "success": true,
  "data": {
    "content": [
      {
        "id": "prod-uuid-001",
        "name": "Premium API",
        "productType": "API",
        "typeMetadata": {
          "rateLimit": 10000,
          "endpoints": 50
        },
        "offerings": [
          {
            "id": "off-uuid-001",
            "name": "Growth Plan",
            "billingMode": "HYBRID",
            "pricing": {
              "baseFee": 499,
              "overageRate": 0.0012,
              "includedCalls": 500000
            }
          }
        ]
      }
    ]
  },
  "meta": {
    "eTag": "W/\"abc123\"",
    "cachedAt": "2026-04-14T09:00:00Z",
    "ttlSeconds": 60
  }
}

POST /api/v1/subscriptionsSubscription Primitive

{
  "offeringId": "off_xyz-uuid",
  "customerId": "cust_123",
  "billingAnchorDay": 15,
  "autoConvertPaid": true
}

ETag Cache Control

60-second Caffeine L1 cache with ETag. Stale-while-revalidate pattern — zero cold-start latency on page load.

Type-safe SDK

Full TypeScript types for every response shape. No stringly-typed JSON parsing in your frontend.

Kong Auth Layer

X-Storefront-Key maps to Kong consumer. Rate limits per key. CORS open for any origin — headless by design.

Step 4 — Layer 3 AI JSX Generation

AST-Validated AI.
Not a Chatbot. A Builder.

Layer 3 of the Aforo AI Copilot generates live React components from plain-English descriptions. Every generated component is parsed by@babel/parser before it reaches the sandbox — no eval(), no fetch(), no localStorage.

✓

Claude Sonnet 4.6 / Opus 4.6

Auto-escalates to Opus on validation failure or >3 useState hooks

✓

Sandboxed iframe preview

sandbox="allow-scripts" — no DOM escape possible

✓

Data binding declarations

Components declare dataSources; runtime resolves from Aforo APIs — no direct fetch

ai-component-validation.ts

[AI GENERATOR]Claude Sonnet 4.6 compiling custom JSX component...

[AST PARSER]Scanning Abstract Syntax Tree...

[AST PARSER]✓ No eval() detected.

[AST PARSER]✓ No localStorage access detected.

[DATA BIND]Mapping dataSources: { plans: 'offerings' }...

[RUNTIME]Injected into sandboxed iframe. Render successful.

Step 3 — Deployment & Identity

Enterprise Deployment & Zero-Trust Auth

Four non-negotiable specs enterprise security teams demand before signing. All four are table stakes in Aforo — not add-ons.

Self-Hosted or AWS Amplify
Deploy the storefront SPA to any static host.
·First-class AWS Amplify target: amplify.yml in repo,
·branch deploys per tenant subdomain.
·storefront-service (8089) runs in your VPC.

httpOnly JWT Sessions
Access tokens never touch localStorage.
·org-service mints short-lived JWTs (15min).
·Refresh tokens stored in httpOnly cookies.
·CSRF protection via SameSite=Strict + double-submit.

SAML 2.0 / OIDC / LDAP
Native impl in organization-service (8086).
·No Okta or Auth0 dependency on our infra.
·SP-initiated SAML, OIDC PKCE, LDAP bind — all GA.
·Attribute mapping → role assignment at assertion time.

Access Control Modes
PUBLIC — open catalog, gated checkout.
·INVITE_ONLY — token-gated portal access.
·SSO_REQUIRED — enforce IdP before any portal view.
·Configurable per-tenant via storefront admin panel.

Deployment Targets

Deploy Where Your Infra Lives.
Not Where Ours Does.

Four deployment surfaces. All consume the same Aforo REST API. All carry the same X-Storefront-Key auth.

AWS Amplify

One-command deploy from our Vite SPA. Amplify Gen 2 config committed to your repo. CloudFront CDN with S3 origin. Auto-deploys on push.

amplify deploy --app aforo-storefront
# → https://storefront.acme.com

NPM Headless SDK

Consume raw REST APIs from any React, Next.js, Nuxt, or SvelteKit app. Full TypeScript types. ETag caching built in.

npm install @aforoai/storefront-headless
# Typed. Cached. Production-ready.

Pre-built Vite SPA

White-label the pre-built Vite SPA. 100+ config settings, CSS theme tokens, custom domain routing, subdomain per tenant.

AFORO_KEY=sk_xxx pnpm dev
# → localhost:5175

Embedded Widget

Single <script> tag embeds a pricing widget into any existing website. Layout, theme, CTA text all configurable without React.

<script src="https://cdn.aforo.io/widget.js"
  data-key="sk_xxx"
  data-theme="dark" />

Kong Auth Layer

Three Auth Tiers. Zero Undifferentiated Endpoints.

Kong enforces auth at the gateway. Every tier has explicit rate limits. Storefront-service never sees unauthenticated requests for protected resources.

TierHeadersEndpointsRate Limit

PublicNone/api/v1/auth/*, /api/v1/storefront/resolve, /api/v1/storefront/public/*30 req/min (IP)

KeyX-Storefront-Key/api/v1/portal/catalog/*, /portal/headless/config, KB, docs, changelog, community, AI600 req/min (consumer)

Key + JWTX-Storefront-Key + Authorization: BearerSubscriptions, invoices, payments, usage, keys, profile, agents, support600 req/min (consumer)

Kong plugins on headless routes: key-auth with anonymous fallback, cors with origins: ["*"] (credentials: false), rate-limiting per-consumer, request-transformer injects X-Headless-Api: true so storefront-service distinguishes headless vs. first-party.

Portal Capabilities

Every Surface Your Customers Need.
None You Have to Build.

Product Catalog

4 product types (API, Agentic, AI Agent, MCP Server). Per-product landing pages. Live usage charts.

API Key Management

Self-serve provisioning, rotation, revocation. CLIENT_CREDENTIALS for MCP/Agent. Full lifecycle UI.

Agent Dashboard

Domain Routing

Custom domains per tenant. Subdomain routing with TLS. Next.js middleware rewrite-based.

Usage Dashboards

Per-metric sparklines, billing period summaries, quota alerts. Powered by ClickHouse materialized views.

Customer Portal

Invoices, credit notes, wallet balance, payment methods, ERP sync status — all self-serve.

GET STARTED

Your enterprise customers are waiting for a portal that doesn't feel like 2015.

Headless. AST-validated. SAML/OIDC-native. Deploying in minutes on AWS Amplify or consumed as an NPM package from your existing app.

Book a Technical Demo MCP Server Blueprint