Auth
Provide a smooth user experience by enabling account-to-account transfers without the need to copy and paste wallet addresses or choose the right chain.

Introduction
Our Auth product is a seamless and secure solution for enabling direct account-to-account transfers between custodial accounts (ie, exchanges, fintechs, etc) and non-custodial accounts.
Backed by a deep network of supported venues, Auth eliminates manual and error-prone transfer steps leading to fragmented user experiences. Our platform handles secure authentication, initiates transfers, and ensures visibility and adherence to key compliance/AML standards. Offered through easy-to-integrate SDK's, Auth is built for scale, security, and seamless user journeys.

See full list of Auth Integrations →
Auth Lite vs. Auth Validate
Regardless of whether Auth is employed as standalone or bundled, you can choose between 2 versions:
Auth Lite
- Purely a tech connectivity product, there is no account-matching validation performed between the end user account and the external account being connected
- Enables faster and more flexible integrations with minimal friction for end users
- Best suited for low-risk or closed-loop environments where account ownership verification is not required
Auth Validate
- Performs account-matching between the KYC’d customer record and the external account being connected
- Adds a layer of identity verification to reduce the risk of misdirected transfers or fraud
- Supports compliance with internal policies or regulatory requirements requiring account ownership validation
Configuration Rules
You have the ability to tailor your Auth setup per your own preferences. See below list of configuration options:

Different applications of Auth
Auth can be offered as a standalone product, or bundled within one of our Move products (Account Funding, Payouts, or Payins).
Auth - Standalone
Auth - Standalone enables your users to seamlessly transfer crypto and stablecoin assets to and from their accounts on your platform - whether they're coming from custodial wallets or non-custodial sources. Think of it as a more user-friendly, integrated alternative to traditional deposit and withdrawal flows.
Auth - Bundled with Move
Zerohash offers 3 Move products:
- Payouts
- Payins
- Account Funding
You can choose to enabled Auth for any of these products. Example use cases:
- Payouts: Allow users to authenticate with their MetaMask wallet via our SDK and initiate payouts directly from their marketplace balance.
- Payins: Let users authenticate with their Coinbase exchange account via our SDK and pay for goods or services directly from their balance.
- Account Funding: Enable users to connect their Gemini account through our SDK and initiate transfers to fund their prediction market balance.
Auth - Standalone Product Flow
Platform presents zerohash Auth as a deposit option
You should begin by adding zerohash Auth as a deposit option on your "Crypto Deposit" screen (or equivalent screen).

Submit user
Regardless of whether you use Auth Lite or Auth Validate, you'll need to submit some information to us via a REST API, allowing us to generate a 6 digit alpha-numeric participant_code
that uniquely identifies the user.
For Auth Lite, you have 2 options:
- Supply your own UUID for the user
Example POST /participants/customers/new call (keep in mind - zerohash will need to quickly configure your setup to make this the only required field for this API call):
{
"participant_uuid": "d098e59b-8023-4477-8b63-68fda3c53a30"
}
- Supply either an email or phone number associated with user
{
"email": "[email protected]"
}
{
"phone_number": "1234567890"
}
Each of these calls will return a response, ie:
{
"email": "1234567890",
"participant_code": "ABC123"
}
For Auth Validate, there are 2 options:
- Option 1 - You use zerohash for another product (ie, Invest), so zerohash already has your user's KYC information in-house
- Option 2 - You don't already use zerohash for another product, so you'll need to supply KYC information up-front
Option 1
- You'll re-use the
participant_code
's you've previously submitted via the POST /participants/customers/new endpoint. You can obtain these through the GET /participants endpoint.
Option 2
- You'll need to submit the information from scratch about the user so that zerohash can perform PII account-matching. For each platform, we'll align on the level of account-matching that you'd like us to perform. Here is our standard level of PII:
Example POST /participants/customers/new:
{
"first_name": "John",
"last_name": "Smith",
"email": "[email protected]",
"phone_number": "1234567890",
"address_1": "1 main st",
"city": "New York",
"jurisdiction_code": "US-NY",
"zip": "10014",
"date_of_birth": "1992-09-02",
"tax_id": "123456789"
}
Example response:
{
"first_name": "John",
"last_name": "Smith",
"email": "[email protected]",
"phone_number": "1234567890",
"address_1": "1 main st",
"city": "New York",
"jurisdiction_code": "US-NY",
"zip": "10014",
"date_of_birth": "1992-09-02",
"tax_id": "123456789",
"participant_code": "ABC123" <-- participant_code generated
}
Auth SDK
Once the user selects Connect - Auth, invoke the Auth SDK:
Retrieve Auth JWT token
In order to successfully invoke the Access Token, you'll need to supply a participant_code
for the user (see full instructions here). Please note that this customer must be in an approved
status for this call to succeed. Please note: the correct permission to pass here is auth
.
Invoke the SDK using the JWT token
To invoke the SDK, you'll need to have generated an JWT token (as described in the previous section). See full instructions here to invoke the JTW, including our WebView instructions.
Landing page
The Landing Page is the first screen that the user will see. This screen displays the Auth Terms, Privacy Policy, Regulatory Disclosures, and captures explicit consent for the terms of this product:

Menu screen
The Menu screen allows the customer select the Auth integration centralized exchange or non-custodial wallet to link and ultimately pull funds from.

Auth - Enter credentials
- Depending on what is selected, the Auth integration-specific sign-in flow will be triggered. See here for each integration's specific workflow.
- Regardless of Auth Lite vs. Auth Validate, users will be forced to enter their credentials
- Only the Auth Validate will we perform the account-matching

Auth - 2FA
- Depending on the user's settings at the exchange or wallet, they will be asked to complete some form of 2FA (ie, SMS, Authenticator, Passkey, etc)

Auth - Select Asset
zerohash will display your current balances of whichever Auth integration you selected:

Auth - Enter amount
The customer will now specify the amount of crypto/stablecoins to deposit:

Auth - Review
The customer will be asked to review the details of the deposit:

Auth - Deposit processing
The deposit has now been broadcasted on-chain and is en-route to zerohash. The customer can choose to stay on this screen to monitor the progress, or navigate away (navigating away from this screen will not affect the completion of the deposit):

Auth - Deposit completed
The deposit has confirmed on-chain, zerohash has sent the Auth Completed webhook and you should be credit the customer's balance on your end:

Webhooks
Platforms can receive webhooks that allow you to become aware of certain milestones of the transaction. Get in touch with a zerohash rep to have your callback URL's configured.
Webhook - Successful deposit
In the event of a successful deposit to the user's Platform account, we will send a webhook
{
"participant_code": "ABC123",
"asset": "BTC",
"quantity": "1",
"account": "coinbase"
}
Webhook - Account Match success
If the account information associated with the user passes the account-match process, we will send a webhook to the platform. Example payload:
{
"participant_code": "ABC123",
"account_match_score": "98",
"account": "coinbase",
"reason": ""
}
Webhook - Account Match failure
If the account information associated with the user fails due to a account-match mis-match, we will send a webhook to the platform. Example payload:
{
"participant_code": "ABC123",
"account_match_score": "50",
"account": "coinbase",
"reason": "score_too_low"
}

Updated 5 days ago