ZeroAuth is an auth API that replaces stored credentials with zero-knowledge proofs. Ship signup, login, and device attestation in minutes — with no passwords in your database and no secrets on the wire.
Spin up a tenant from the dashboard, grab an API key, and start issuing zero-knowledge proofs from any backend.
Sign up to create a tenant. You’ll get a za_test_… key for development and a separate za_live_… key for production.
POST a commitment from the client SDK. ZeroAuth stores the commitment — never the underlying secret.
On every login, send the Groth16 proof to /v1/verifications. Get back a verified principal in <100 ms.
# 1. Register a user with a commitment curl -X POST https://api.zeroauth.dev/v1/users/register \ -H "Authorization: Bearer $ZEROAUTH_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "external_id": "user_42", "commitment": "0x1f3c…" }' # 2. Verify a Groth16 proof at login curl -X POST https://api.zeroauth.dev/v1/verifications \ -H "Authorization: Bearer $ZEROAUTH_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "external_id": "user_42", "proof": { "a": [...], "b": [...], "c": [...] }, "public_signals": ["0x1f3c…"] }'
import { ZeroAuth } from '@zeroauth/sdk'; const za = new ZeroAuth({ apiKey: process.env.ZEROAUTH_API_KEY }); // 1. Register a user from your backend await za.users.register({ externalId: 'user_42', commitment, // from client SDK }); // 2. Verify a proof on login const { verified, principal } = await za.verifications.create({ externalId: 'user_42', proof, publicSignals, }); if (verified) issueSession(principal);
from zeroauth import ZeroAuth za = ZeroAuth(api_key=os.environ["ZEROAUTH_API_KEY"]) # 1. Register a user za.users.register( external_id="user_42", commitment=commitment, ) # 2. Verify a proof result = za.verifications.create( external_id="user_42", proof=proof, public_signals=public_signals, ) if result.verified: issue_session(result.principal)
A typed REST API, a developer console, granular audit logs, and a separation between live and test environments — so you can ship without flying blind.
A typed REST API with first-party SDKs for Node and Python. Predictable error codes and idempotent writes.
Two isolated environments per tenant. Mint, rotate, and revoke za_live_ / za_test_ keys from the dashboard.
Every signup, verification, key rotation, and device event — searchable, exportable, and tamper-evident.
Register hardware devices, attach battery + location telemetry, and tie verifications back to a specific endpoint.
Groth16 verification on a single core. Run it inside our API or self-host the verifier — the math is the same.
API, dashboard, circuits, and docs are all on GitHub. Audit it. Self-host it. Fork it.
ZeroAuth uses zero-knowledge proofs to let users prove their identity without ever revealing credentials — not to your servers, not to anyone.
The user creates a credential on their own device. A cryptographic commitment is generated and stored — never the credential itself. Your server never sees the secret.
At login, a zero-knowledge proof is generated client-side. It mathematically proves the user knows the credential — without transmitting any part of it.
Proofs are verified against the commitment using succinct verification. Works on-chain via smart contracts or off-chain with a lightweight verifier.
Watch a complete authentication flow: biometric scan, ZK proof generation, SSO access, and a simulated breach that exposes nothing.
In 2023, Okta's breach exposed every support customer's data. Here is the same scenario with ZeroAuth.
ZeroAuth's core cryptographic protocol is protected by granted and pending patents across multiple jurisdictions.
Self-serve gets you to production for most workloads. For regulated industries or on-prem requirements, our team works directly with your security org — no rip-and-replace required.
Your database becomes worthless to attackers. No password hashes, no tokens, no session secrets to exfiltrate.
Works alongside your existing IdP. Integrates via standard APIs and SDKs. Deploy in days, not quarters.
Designed for SOC 2, GDPR, and HIPAA. Less data stored means less data to govern.
Built on peer-reviewed cryptographic primitives: Groth16 proofs, Poseidon hashing, and elliptic curve pairings.
For SOC 2, SSO, on-prem, or pilot deployments. We’ll reach out within one business day.
For self-serve: create an account →
Our team will contact you within one business day to schedule your technical walkthrough.
The cryptographic foundations, architecture, and security proofs behind ZeroAuth.
Covers threat model analysis, protocol design, circuit architecture, on-chain and off-chain verification, and deployment strategies.
Thanks — your download is starting. Click here if it does not begin automatically.