freee adopts Authlete
With the mission of "Making small businesses the world's leading players," freee develops and provides SaaS-based cloud services, including its integrated cloud accounting software "freee Accounting," which streamlines accounting, human resources, and labor management in an integrated manner. Furthermore, by providing its public API, "freee API," free of charge, freee has developed an open platform that enables integration of freee's functions with other companies' services, business partners, financial institutions, and other entities. Furthermore, freee has developed the "freee App Store" for third-party developers, building an ecosystem that strengthens integration with external service apps.
This time, freee has adopted Authlete to revamp the OAuth 2.0 infrastructure for the freee API.
freee, which has been working on open APIs since 2015, was an early adopter of OAuth 2.0, an open standard for API access authorization, and has been implementing and operating its own OAuth 2.0 infrastructure. However, nearly 10 years after the launch, the rapid growth of its platform and app store has led to increased maintenance costs for its current authorization infrastructure, and scalability has become an issue. Furthermore, it has become difficult to continually keep up with the latest OAuth 2.0 extension specifications and best practices.
Therefore, freee decided to revamp its authorization infrastructure and transform it into a platform that implements advanced API security that can support the sustainable growth of freee's business and ecosystem.
When building the new infrastructure, it was necessary to maintain the existing API authorization specifications as much as possible to minimize the impact on customers and partners who use freee's APIs. freee considered both building the system entirely in-house and introducing an external service.
"Freee's ID management, which is driven by domain logic, and authentication infrastructure were already fully in-house as independent systems, so an all-in-one IDaaS package that included ID management was unable to meet our requirements. For this reason, we initially considered rebuilding the system completely in-house, but we determined that it would not be easy to implement OAuth 2.0 functionality from scratch in a way that would withstand future feature expansion. We therefore began considering an operational method that would meet the unique domain requirements of B2B SaaS and not rely on highly skilled engineers with OAuth expertise," says Daiki Murayama, Deputy General Manager of the Integrated Flow Development Group at freee.
Ultimately, freee chose Authlete because it is highly customizable and meets their cost requirements. Murayama also said that Authlete's unique features and architecture contributed to the smooth construction of the new platform.
The new platform built using Authlete was released in July 2025 and has been running stably ever since. Murayama says the new platform "has led to increased agility for the team."
Norbert Gehrke
