Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  • Monthly Active Accounts (MAA)
  • Monthly API Calls (MAC)
  • Monthly Active Tenants (MAT)
  1. Account Administration
  2. Account & Billing

Metrics

Quasr keeps track of 3 metrics across your tenants, which are relevant for billing:

  • Monthly Active Accounts (MAA) which is the number of unique active accounts in a month per tenant summed across all your tenants. You can also see the MAA individually per tenant. This metric serves as the key metric and will have most impact to your monthly bill. Usually it will align closely with your own business model.

  • Monthly API Calls (MAC) which is the number of successful MAA-related API calls in a month per tenant summed across all your tenants. You can also see the MAC individually per tenant. This metric really serves as a protection against excessive use as we provide a number of free MAC per MAA that we consider sufficient for normal usage. Hence if you see charges for MAC on your bill you're probably doing something out of the ordinary.

  • Monthly Active Tenants (MAT) which is the number of unique active tenants in a month across all of your tenants. A tenant is considered active if it has MAA / MAC metrics in that month. This metric will serve as a secondary key metric with larger multi-tenant deployments, as for regular use we provide a number of free MAT for hosting various environments (dev, test & prod).

Monthly Active Accounts (MAA)

First notice we say accounts and not users. This is because we consider all accounts regardless if they represent a user or a client (machine) as in the Quasr platform both are created equally. Now let's look at which API calls result in a MAA.

API
Account
Condition

POST factors/login

user / client

upon successful login (i.e. issuance of a session token)

GET controls/consent

user / client

upon successful consent (i.e. issuance of a consent token)

GET oauth2/authorize

client

upon token issuance

POST oauth2/token

client

upon token issuance

POST graphql

user / client

upon successful response

Note that we don't charge for users signing up though we do charge when those users obtain consent to access your applications, which goes hand in hand with their account getting enabled. Meaning if users don't successfully signup they won't count as an MAA.

Monthly API Calls (MAC)

First note is that we don't count all API calls just those that relate to MAA - hence the above list for APIs generating MAA is identical for MAC. Also we provide a number of free MAC per MAA that we consider sufficient for normal usage. Hence it really serves as a metric for overuse and in case you have a valid business case you can exceed the free calls, but you will of course incur MAC charges.

Your choice and configuration of factors, controls and clients, can have a large impact on the number of MACs. Some useful tips to avoid undesired MAC charges:

  • Use secure high-score factors whenever possible to limit the number of calls needed.

  • Set login session lifetime accordingly to balance your security with usability and cost.

  • Set at least one required scope with a sufficiently high score (more than username).

  • Set access token lifetime accordingly and make use of refresh tokens if possible.

  • Limit or avoid unnecessary calls to the GraphQL API.

Monthly Active Tenants (MAT)

First note is that we don't count all your tenants per month rather only those with activity, meaning only those that have non-zero MAA/MAC metrics. As we only count active tenants this should align with your own business model for larger multi-tenant deployments like operating a SAAS service or multi-brand/unit setup.

When you try to create more than 3 tenants in your account and haven't provided your billing details yet the API will complain. We kindly ask you to provide us with your billing details in this case just as a safeguard as your chance of incurring a MAT charge will be more likely (as we only count monthly active tenants).

PreviousAccount & BillingNextTenants

Last updated 2 years ago