Billing and pricing
In Logto, our Pro plan is fully self-serve, designed for transparency so you can easily understand and manage your billing.
Understand the structure
The basic structure looks like this:
In the console, you'll find a "Your next bill" section in the tenant setting section, where you can monitor and control your upcoming charges.

Item breakdown
Keep in mind that only a few features are part of the add-on structure.
At the same time, Logto also offers a pay-as-you-go and pro-rated pricing model to ensure you get the most out of our service conveniently.
Included quota | Addition cost | |
---|---|---|
Tokens | 50K | $0.08 per mo / 100 after |
Machine-to-machine apps | 1 | $8 each per month |
API resources | 3 | $4 each per month |
Enterprise SSO | 0 | $48 each per month |
Multi-factor authentication | All factors | $48 per month |
Organization | Unlimited organizations & All the organization features | $48 per month |
Role-based access control | Unlimited roles and permissions | $32 per month |
SAML app | 0 | $96 each per month |
Third party app | 0 | $8 each per month |
Advanced security bundle | All advanced security features | $48 per month |
Tenant members | 1 | $8 each per month |
If we take those factors into consideration, the algorithm is
- add on unit price: The unit price of this add-on
- quantity added: The amount of add-on user added in current billing cycle
- quantity removed: The amount of add-on user removed in current billing cycle
- pro-rated time remaining upon creation: pro-rated time remaining in the current cycle when you CREATE the resources
- pro-rated time remaining upon deletion: pro-rated time remaining in current cycle when you DELETE the resources
- quantity remaining: the amount needed for consistent billing in the next cycle
Let's take two examples to see how it works.
Example 1: Consistent billing with no changes
Your bill will stay consistent if you don't make any changes, like adding or removing items.
For example, if you're on the Pro plan and have 2 SSO services in use, your bill will remain consistent as long as you don't make any changes.
Example 2: Adding add-ons or making changes will affect your upcoming bills
This will make your upcoming bill a little different based on different cases. The algorithm still works.
Case 1: You subscribed to the Pro plan without any add-ons and only tested the Enterprise SSO for 10 days.
If your subscription renews on the 5th of each month and you add an Enterprise SSO on the 20th, you'll use it for 15 days that month. If you delete the Enterprise SSO on the 30th, it means you only used it for 10 days.
Case 2: You subscribed to the Pro plan without any add-ons. After adding and removing API resources, you ended up using 5 API resources
In this case, You updated add-on features during this billing cycle, so the changes will show up on your next bill. The first month after the change might be slightly higher. Your bill will include the $24 base price, add-on costs for unbilled usage, and the full charge for the next recurring cycle.
Your billing cycle starts on the 1st of each month, and you've used the first 3 free API resources. This month, you performed two actions:
- On the 5th, you added 4 more resources.
- On the 15th, you deleted 2 of those resources.
As a result, you'll consistently have 2 API resources available for the upcoming cycle.
How is the add-on usage time determined?
We use a pay-as-you-go model, and you might wonder what happens if you frequently add or remove resources. The add-on is considered in use for the exact duration it is active. Don't worry, our system, powered by Stripe, calculates your usage down to the second, ensuring accurate billing based on exactly how long each resource is in use.
If you unsubscribe from the Pro plan, we'll refund the unused add-on cost, and the amount will be deducted from your final bill.
Upgrade or downgrade
Free plan upgrade to Pro
Here are situations when you may need to consider upgrading from the Free plan:
- Your MAU or Token usage exceeds the quota.
- You want to access features available only in the Pro plan.
Dev tenant upgrade to Pro
If you're currently using a development tenant and want to convert it to a production Pro plan, you can do so easily:
- Preserve your work: All your configurations, applications, and settings will be carried over to the Pro plan.
- Immediate access: Gain access to all Pro plan features and higher quotas immediately after conversion.
To convert your dev tenant to Pro plan, go to Console > Tenant settings > Settings and click "Convert".
Pro plan upgrade to Enterprise
If the Pro plan doesn't meet your needs and you're looking for full enterprise-level support, please contact us to discuss a custom enterprise plan.
Pro plan downgrade to Free plan
If you choose to stop using the Pro plan, you can switch to the Free plan, but you'll need to adjust your usage to fit within the Free plan's quota.
Future pricing plan change
To ensure a stable and predictable billing experience, Logto will always notify you in advance of any pricing changes. Depending on your plan and usage, we may: 1. Grandfather your current plan, or 2. Provide a grace period for you to migrate to the new plan.
Logto will make these adjustments in a fair and considerate way, and reserves the final right of interpretation.
Enterprise customer pricing considerations
For enterprise customers, pricing is based on your contract. 1. Self-service additions outside the contract follow the Pro plan’s add-on and pay-as-you-go structure. 2. Usage beyond your contracted quota is charged at the add-on unit price specified in your contract. 3. Newly released features not covered in your contract will follow the latest Pro plan pricing.
For detailed enterprise pricing terms and conditions, please contact our enterprise sales team.
FAQs
What is the connection between token consumption and MAU?
Logto adopts token-based authentication following the OAuth 2.0 and OpenID Connect standards. Each authentication or authorization request results in Logto issuing tokens that represent the user’s authentication or authorization status, such as access tokens, ID tokens, and refresh tokens.
For billing purposes, only access tokens are counted (ID tokens and refresh tokens are excluded).
An access token is issued and counted in the following scenarios:
- User sign-in: After a user successfully signs in, an opaque access token is issued. This token can be used to call the UserInfo endpoint or Logto Account API for account management.
- Backend API authorization (RBAC): When Role-Based Access Control (RBAC) is enabled to protect your backend APIs, a JWT access token is issued for each resource-specific authorization request following the user’s initial authentication. Learn more about RBAC and API protection
- Organization authorization: If the organization feature is enabled, Logto provides organization-level access control by issuing organization access tokens. A separate organization access token is generated for each organization-specific authorization request. Learn more about organization level authorization and API protection.
- Machine-to-Machine (M2M) authorization: An access token is issued for each
client_credentials
authorization request (e.g., when accessing the Logto Management API). - Token exchanges: A new access token is issued during personal access token exchanges or user impersonation token exchanges. Learn more about personal access token and user impersonation.
- Refresh token usage: If
offline_access
is enabled, a new access token is issued each time a valid refresh token is exchanged after the previous token expires.
Token vs. MAU and why token-based billing is better
MAU-based billing charges per unique user per month, regardless of activity. Token-based billing instead charges by actual usage: every time an access token is issued.
Token-based billing represents true pay-as-you-go pricing. Unlike MAU-based models that charge for the entire month regardless of usage, you only pay for actual authentication and authorization activities. This approach is budget-friendly for low-frequency users who only access your product occasionally, as they generate fewer tokens, resulting in lower costs compared to flat MAU pricing. This makes Logto more cost-effective than competitors, especially for applications with varied engagement patterns.
For example, one sign-in may consume 1 access token. Using features like M2M or Organizations can generate additional tokens. To keep track, Logto provides real-time token usage monitoring in Console > Settings > Plan and Billing, which helps you better understand the relationship between MAU and tokens for your specific project