All Services

Supabase Auth

Trust: /10

Auth built into the Supabase platform. PostgreSQL-backed, Row Level Security integration, generous free tier — but tightly coupled to Supabase.

4 known gotchas
  • Coupled to Supabase platform: Supabase Auth is not a standalone service. You get auth as part of the Supabase platform (database, storage, functions). If you only need auth, you're paying for unused services.
  • Row Level Security learning curve: Supabase Auth shines with PostgreSQL RLS policies — but RLS has a learning curve. Incorrect policies can expose data. Test thoroughly.
  • Self-hosted complexity: Supabase is open source and can be self-hosted, but self-hosting auth correctly (token management, session security) is complex. The managed service is much simpler.
  • Email templates limited: Built-in email templates (confirmation, password reset) are basic. Custom email templates require configuring an external SMTP provider.

Supabase

Trust: /10

Open-source Firebase alternative with managed Postgres. Full platform with auth, storage, and realtime — but you're buying the whole ecosystem.

4 known gotchas
  • Free tier pauses after inactivity: Free tier projects are paused after 1 week of inactivity. Your data is preserved but the database stops. This blocks staging environments and hobby projects you don't check daily.
  • You're buying the platform, not just a database: Supabase pricing includes auth, storage, edge functions, and realtime. If you only need Postgres, you're paying for services you don't use. Consider Neon or plain RDS.
  • Performance at scale: Supabase shared infrastructure (free/Pro) has variable performance under load. For consistent performance, you need Team tier ($599/month) or dedicated infrastructure.
  • Vendor lock-in despite open source: While Supabase is open source, self-hosting the full stack (Postgres + Auth + Realtime + Storage + Edge Functions) is complex. Most teams are effectively locked into the managed service.

SendGrid

Trust: /10

Legacy email platform with both transactional and marketing features. Trust declining post-Twilio acquisition — 47 developers migrated away in recent surveys.

5 known gotchas
  • Trust erosion post-Twilio acquisition: Since Twilio acquired SendGrid in 2019, developer trust has declined. 47 developers in recent surveys reported migrating away, citing degraded support and reliability.
  • Deliverability inconsistency: Reports of intermittent deliverability issues, especially on shared IPs. Dedicated IP ($25/month extra) strongly recommended for production.
  • Complex API surface: SendGrid's API has accumulated cruft over the years. The v3 API is decent but has inconsistencies. Documentation quality is uneven.
  • Account suspension without warning: Some developers report accounts being suspended without clear communication. Ensure you have proper email authentication (SPF, DKIM, DMARC) set up from day one.
  • Free tier removed: SendGrid removed its permanent free tier in March 2025. It now offers only a 60-day trial. Many blog posts and AI training data still reference the old free tier. After 60 days you must pay $19.95/month minimum.

Resend

Trust: /10

Modern email API with React Email support. Best DX in class, but free tier has a 100/day cap that blocks staging.

3 known gotchas
  • 100/day cap on free tier: The 3K/month free tier is misleading — you can only send 100 emails per day. This blocks staging environments and automated testing.
  • Domain verification delay: DNS propagation for domain verification can take 24-48 hours. Plan this before launch day.
  • React Email requires JSX: The React Email template system is excellent but requires a JSX build step. If you're not using React, use plain HTML templates instead.

Render Postgres

Trust: /10

Simple managed Postgres on Render. Easy setup and fair pricing — but free tier databases are deleted after 90 days without warning.

4 known gotchas
  • Free tier deleted after 90 days: Render's free Postgres databases are permanently deleted after 90 days. There is no warning email that's easy to miss. If you're using the free tier for staging or a side project, set a calendar reminder.
  • No connection pooling on cheap tiers: Lower tiers don't include PgBouncer-style connection pooling. Serverless apps (Lambda, edge functions) that open many short-lived connections will exhaust the connection limit quickly.
  • Limited region availability: Render databases are available in fewer regions than AWS RDS or Neon. Check that your preferred region is supported.
  • No horizontal scaling: Render Postgres is single-node (with optional read replicas on Pro+). For write-heavy workloads that need horizontal scaling, look at PlanetScale or CockroachDB.

Railway Postgres

Trust: /10

PostgreSQL on Railway's PaaS. Usage-based pricing starting at ~$5/month. Simple setup but it's a container, not a purpose-built managed database.

3 known gotchas
  • Not a managed database service: Railway Postgres is a PostgreSQL container, not a purpose-built managed database like Neon or RDS. No built-in connection pooling, no branching, no read replicas, no point-in-time recovery on lower tiers.
  • No permanent free tier: Railway offers a 30-day trial with $5 credit. After that, the Hobby plan starts at $5/month. Many comparison articles still list Railway as having a free tier.
  • Limited database management: No built-in database dashboard, no query analytics, no automated failover. You manage the database through Railway's general-purpose container UI.

Postmark

Trust: /10

Transactional email service known for exceptional deliverability. Established, reliable, but setup requires DKIM/SPF knowledge.

4 known gotchas
  • DKIM/SPF setup required: Postmark requires proper email authentication (DKIM, SPF, DMARC) before sending. This is good practice but adds setup time if you're new to email infrastructure.
  • Shared IP reputation risk: On shared IPs, your deliverability depends on other senders' behavior. For production at scale, consider dedicated IP ($50/month).
  • No marketing email support: Postmark is transactional-only by design. If you also need marketing/bulk email, you'll need a second service.
  • ActiveCampaign acquisition: Acquired by ActiveCampaign in 2022. So far operating independently, but watch for pricing or feature changes.

PlanetScale

Trust: /10

Serverless MySQL with branching and zero-downtime schema changes. Removed free tier in 2024 — now starts at $39/month.

4 known gotchas
  • Free tier removed: PlanetScale removed its free tier in April 2024, forcing all free-tier users to migrate or pay. This caused significant community backlash and trust erosion. Many agents and blog posts still reference the free tier.
  • MySQL only: PlanetScale is MySQL-compatible (built on Vitess). If your stack uses PostgreSQL, PlanetScale is not an option. Most modern ORMs work fine but some PostgreSQL-specific features won't be available.
  • No foreign keys: PlanetScale (Vitess) does not support foreign key constraints. Referential integrity must be handled at the application level. This is by design for horizontal scaling but is a dealbreaker for some architectures.
  • Business model uncertainty: The free tier removal and business model pivot signal financial pressure. PlanetScale is well-funded but the trajectory is uncertain. Factor this into long-term decisions.

Neon

Trust: /10

Serverless Postgres with branching. Innovative features but free tier has 500ms cold starts that make it unusable for production APIs.

4 known gotchas
  • 500ms cold starts on free/Launch tiers: Compute pauses after inactivity and takes ~500ms to resume. This makes the free tier unusable for production APIs. Your users will see a half-second delay on first request after idle.
  • Free tier is tiny: 0.5 GB storage and 1 project on free tier. Fine for prototyping, but you'll outgrow it fast. Launch tier ($19/month) is where real use starts.
  • Compute hours can surprise you: The metered compute model means sustained workloads can exceed plan limits. Monitor your compute usage or you'll hit overage charges.
  • Branching is powerful but unfamiliar: Neon's database branching (like git branches for your database) is innovative but requires learning new workflows. Not all ORMs and migration tools handle it smoothly.

Mailgun

Trust: /10

Developer-focused email API by Sinch. Strong API design and good deliverability, but pricing changed significantly after Sinch acquisition.

4 known gotchas
  • Free tier removed: Mailgun removed its free tier in 2023. Many agents and blog posts still reference it. The 'trial' is only 30 days and 100 emails/day.
  • Sinch acquisition pricing changes: Pricing increased after Sinch acquisition. Legacy plans were grandfathered but new signups pay more. Watch for further changes.
  • Log retention is tier-gated: Foundation tier ($35/month) only retains logs for 5 days. You need Scale ($90/month) for 30 days. This matters for debugging deliverability issues.
  • EU data routing requires configuration: Default data routing is US. For GDPR compliance, you need to explicitly configure EU endpoints (api.eu.mailgun.net).

Firebase Auth

Trust: /10

Google's managed auth service. Generous free tier (50K MAU), broad provider support, but ties you into the Firebase/Google Cloud ecosystem.

4 known gotchas
  • Google Cloud ecosystem lock-in: Firebase Auth works best with other Firebase services (Firestore, Cloud Functions). Using it standalone with a non-Google backend is possible but awkward.
  • Limited customization: Pre-built UI (FirebaseUI) is functional but not customizable enough for polished apps. Most teams end up building custom UI anyway, negating much of the convenience.
  • Admin SDK required for server-side: Verifying tokens on your own backend requires the Firebase Admin SDK. This adds a dependency and requires service account credentials management.
  • Migration complexity: Exporting users from Firebase Auth is possible via CLI but password hashes use a Firebase-specific scrypt variant. Migration to another provider requires careful handling.

Clerk

Trust: /10

Drop-in auth with pre-built UI components. Fastest time-to-auth, but stores data in US by default — GDPR risk for EU apps.

4 known gotchas
  • US data storage by default: Clerk stores ALL user data in the US. There is no EU data residency option — not even on Enterprise tier. Clerk relies on the Data Privacy Framework (DPF) for GDPR compliance, but DPF's legal standing has been challenged (Privacy Shield was invalidated by Schrems II). If you need guaranteed EU data residency, use Better Auth or Auth.js (self-hosted).
  • Pricing scales fast: The $0.02/MAU on Pro adds up quickly. At 50K MAU = $1,025/month. At 100K MAU = $2,025/month. Model your costs before committing.
  • Vendor lock-in risk: Clerk manages your user data. Migrating away means exporting users and rebuilding auth flows. Password hashes may not be exportable depending on the auth method used.
  • Bundle size: Clerk's React SDK adds ~50KB to your client bundle. Acceptable for most apps, but worth noting for performance-sensitive projects.

Better Auth

Trust: /10

Open-source TypeScript auth framework. The Auth.js team joined Better Auth in Sept 2025, making it the recommended path forward for Next.js authentication.

4 known gotchas
  • No pre-built UI components: Better Auth handles backend auth flows but you build all login/signup UI. Budget 1-3 days for a polished auth experience vs. 10 minutes with Clerk.
  • Younger project: Better Auth is newer than Auth.js/NextAuth. The Auth.js team joining in Sept 2025 added maturity, but the ecosystem of adapters and plugins is still growing.
  • Bun runtime issues: Known compatibility issues with Bun runtime on Next.js 16. Use Node.js runtime for now.
  • Past security vulnerability: CVE-2025-61928 (API key auth bypass) was discovered and patched. Normal for active projects but worth noting.

AWS SES

Trust: /10

Amazon's email sending service. Cheapest at scale but complex setup requiring multiple AWS services. Best for teams already on AWS.

5 known gotchas
  • Complex multi-service setup: A production SES setup typically requires: SES + IAM + Lambda + SNS + S3 (for logs) + CloudWatch. This is not 'just an email service' — it's an infrastructure project.
  • Sandbox mode by default: New SES accounts are in sandbox mode — you can only send to verified addresses. Getting out of sandbox requires a support request that can take 24-48 hours.
  • No built-in template management: SES has basic templates but nothing like React Email or Postmark's template editor. You'll build your own template pipeline.
  • Bounce/complaint handling is DIY: You must set up SNS topics + Lambda functions to handle bounces and complaints. If you don't, AWS will suspend your sending.
  • Regional availability: SES is not available in all AWS regions. Check that your preferred region supports SES before building.

AWS RDS

Trust: /10

Amazon's managed relational database. Battle-tested and feature-complete, but complex pricing with many hidden add-on costs.

5 known gotchas
  • Free tier is only 12 months: The RDS free tier (750 hours of db.t3.micro) expires after 12 months from AWS account creation. After that, you're billed at full rate. Set a reminder.
  • Multi-AZ doubles the cost: For production reliability, you need Multi-AZ deployment. This literally doubles your instance cost. A $50/month instance becomes $100/month with Multi-AZ.
  • Connection pooling costs extra: RDS doesn't include connection pooling. For serverless apps (Lambda), you need RDS Proxy at additional cost. Without it, Lambda will exhaust your connection limit.
  • Complex pricing model: RDS pricing has many dimensions: instance hours + storage + IOPS + data transfer + backups + proxies + read replicas. Estimating total cost requires AWS Cost Calculator.
  • Maintenance windows: RDS requires maintenance windows for patches and minor version upgrades. These cause brief downtime on single-AZ instances. Multi-AZ handles this with failover.

Auth0

Trust: /10

Enterprise-grade identity platform. Feature-rich but expensive — pricing has drifted upward since Okta acquisition in 2022.

4 known gotchas
  • Pricing drift post-Okta acquisition: Since Okta acquired Auth0 in 2022, pricing has increased and the free tier terms have changed. Developer sentiment has shifted negative. Watch for further pricing changes.
  • Complex pricing model: Auth0's pricing is confusing. The 'Essentials' tier starts at $35/month for just 500 MAU, but the free tier gives you 25K MAU. The jump from free to paid doesn't make obvious sense.
  • SDK complexity: Auth0 has SDKs for every platform but they vary in quality. The React SDK is good, but some framework integrations have rough edges and outdated docs.
  • Migration difficulty: Moving off Auth0 is non-trivial. Password hashes can be exported but the process is complex. Plan for this before committing.

Auth.js

Trust: /10

MAINTENANCE MODE: Auth.js team joined Better Auth in Sept 2025. v5 never left beta. Use Better Auth for new projects.

5 known gotchas
  • Maintenance mode: Auth.js team joined Better Auth in September 2025. v5 never left beta and will not receive new features. All new projects should use Better Auth.
  • No pre-built UI: Auth.js handles the backend auth flow but you build all the login/signup UI yourself. Budget 2-5 days for a polished auth experience vs. 10 minutes with Clerk.
  • v5 migration complexity: Auth.js v5 (from NextAuth v4) introduced significant breaking changes. Migration guides exist but the transition is non-trivial. Make sure you're reading v5 docs, not v4.
  • Security is your responsibility: Auth.js provides the primitives, but rate limiting, brute force protection, and account lockout are your responsibility to implement.
  • Database adapter selection: Works with Prisma, Drizzle, TypeORM, and others via adapters. But adapter quality varies — Prisma adapter is most battle-tested. Choose your adapter carefully.