Documentation

Auth

Provide a smooth user experience by enabling account-to-account transfers without the need to copy and paste wallet addresses or choose the right chain.

Suggest Edits

Introduction

Our Auth product is a seamless and secure solution for enabling direct account-to-account transfers between custodial accounts (ie, exchanges, fintechs, etc) and non-custodial accounts.

Backed by a deep network of supported venues, Auth eliminates manual and error-prone transfer steps leading to fragmented user experiences. Our platform handles secure authentication, initiates transfers, and ensures visibility and adherence to key compliance/AML standards. Offered through easy-to-integrate SDK's, Auth is built for scale, security, and seamless user journeys.

https://docs.zerohash.com/docs/auth-network

See full list of Auth Integrations →


Auth Lite vs. Auth Validate

Regardless of whether Auth is employed as standalone or bundled, you can choose between 2 versions:

🔐

Auth Lite

  1. Purely a tech connectivity product, there is no account-matching validation performed between the end user account and the external account being connected
  2. Enables faster and more flexible integrations with minimal friction for end users
  3. Best suited for low-risk or closed-loop environments where account ownership verification is not required

✔️

Auth Validate

  1. Performs account-matching between the KYC’d customer record and the external account being connected
  2. Adds a layer of identity verification to reduce the risk of misdirected transfers or fraud
  3. Supports compliance with internal policies or regulatory requirements requiring account ownership validation

Configuration Rules

You have the ability to tailor your Auth setup per your own preferences. See below list of configuration options:


Different applications of Auth

Auth can be offered as a standalone product, or bundled within one of our Move products (Account Funding, Payouts, or Payins).

Auth - Standalone

Auth - Standalone enables your users to seamlessly transfer crypto and stablecoin assets to and from their accounts on your platform - whether they're coming from custodial wallets or non-custodial sources. Think of it as a more user-friendly, integrated alternative to traditional deposit and withdrawal flows.

Auth - Bundled with Move

Zerohash offers 3 Move products:

  • Payouts
  • Payins
  • Account Funding

You can choose to enabled Auth for any of these products. Example use cases:

  • Payouts: Allow users to authenticate with their MetaMask wallet via our SDK and initiate payouts directly from their marketplace balance.
  • Payins: Let users authenticate with their Coinbase exchange account via our SDK and pay for goods or services directly from their balance.
  • Account Funding: Enable users to connect their Gemini account through our SDK and initiate transfers to fund their prediction market balance.

Auth - Standalone Product Flow

Platform presents zerohash Auth as a deposit option

You should begin by adding zerohash Auth as a deposit option on your "Crypto Deposit" screen (or equivalent screen).

Submit user

Regardless of whether you use Auth Lite or Auth Validate, you'll need to submit some information to us via a REST API, allowing us to generate a 6 digit alpha-numeric participant_code that uniquely identifies the user.

For Auth Lite, you have 2 options:

  1. Supply your own UUID for the user

Example POST /participants/customers/new call (keep in mind - zerohash will need to quickly configure your setup to make this the only required field for this API call):

{
  "participant_uuid": "d098e59b-8023-4477-8b63-68fda3c53a30"
}
  1. Supply either an email or phone number associated with user
{
  "email": "[email protected]"
}

{
  "phone_number": "1234567890"
}

Each of these calls will return a response, ie:

{
  "email": "1234567890",
  "participant_code": "ABC123"
}

For Auth Validate, there are 2 options:

  • Option 1 - You use zerohash for another product (ie, Invest), so zerohash already has your user's KYC information in-house
  • Option 2 - You don't already use zerohash for another product, so you'll need to supply KYC information up-front

Option 1

Option 2

  • You'll need to submit the information from scratch about the user so that zerohash can perform PII account-matching. For each platform, we'll align on the level of account-matching that you'd like us to perform. Here is our standard level of PII:

Example POST /participants/customers/new:

{
  "first_name": "John",
  "last_name": "Smith",
  "email": "[email protected]",
  "phone_number": "1234567890",
  "address_1": "1 main st",
  "city": "New York",
  "jurisdiction_code": "US-NY",
  "zip": "10014",
  "date_of_birth": "1992-09-02",
  "tax_id": "123456789"
}

Example response:

{
  "first_name": "John",
  "last_name": "Smith",
  "email": "[email protected]",
  "phone_number": "1234567890",
  "address_1": "1 main st",
  "city": "New York",
  "jurisdiction_code": "US-NY",
  "zip": "10014",
  "date_of_birth": "1992-09-02",
  "tax_id": "123456789",
  "participant_code": "ABC123" <-- participant_code generated
}

Auth SDK

Once the user selects Connect - Auth, invoke the Auth SDK:

Retrieve Auth JWT token

In order to successfully invoke the Access Token, you'll need to supply a participant_code for the user (see full instructions here). Please note that this customer must be in an approved status for this call to succeed. Please note: the correct permission to pass here is auth.

Invoke the SDK using the JWT token

To invoke the SDK, you'll need to have generated an JWT token (as described in the previous section). See full instructions here to invoke the JTW, including our WebView instructions.

Landing page

The Landing Page is the first screen that the user will see. This screen displays the Auth Terms, Privacy Policy, Regulatory Disclosures, and captures explicit consent for the terms of this product:

Menu screen

The Menu screen allows the customer select the Auth integration centralized exchange or non-custodial wallet to link and ultimately pull funds from.

Auth - Enter credentials

  • Depending on what is selected, the Auth integration-specific sign-in flow will be triggered. See here for each integration's specific workflow.
  • Regardless of Auth Lite vs. Auth Validate, users will be forced to enter their credentials
  • Only the Auth Validate will we perform the account-matching

Auth - 2FA

  • Depending on the user's settings at the exchange or wallet, they will be asked to complete some form of 2FA (ie, SMS, Authenticator, Passkey, etc)

Auth - Select Asset

zerohash will display your current balances of whichever Auth integration you selected:

Auth - Enter amount

The customer will now specify the amount of crypto/stablecoins to deposit:

Auth - Review

The customer will be asked to review the details of the deposit:

Auth - Deposit processing

The deposit has now been broadcasted on-chain and is en-route to zerohash. The customer can choose to stay on this screen to monitor the progress, or navigate away (navigating away from this screen will not affect the completion of the deposit):

Auth - Deposit completed

The deposit has confirmed on-chain, zerohash has sent the Auth Completed webhook and you should be credit the customer's balance on your end:


Webhooks

Platforms can receive webhooks that allow you to become aware of certain milestones of the transaction. Get in touch with a zerohash rep to have your callback URL's configured.

Webhook - Successful deposit

In the event of a successful deposit to the user's Platform account, we will send a webhook

{
  "participant_code": "ABC123",
  "asset": "BTC",
  "quantity": "1",
  "account": "coinbase"
}

Webhook - Account Match success

If the account information associated with the user passes the account-match process, we will send a webhook to the platform. Example payload:

{
  "participant_code": "ABC123",
  "account_match_score": "98",
  "account": "coinbase",
  "reason": ""
}

Webhook - Account Match failure

If the account information associated with the user fails due to a account-match mis-match, we will send a webhook to the platform. Example payload:

{
  "participant_code": "ABC123",
  "account_match_score": "50",
  "account": "coinbase",
  "reason": "score_too_low"
}
https://docs.zerohash.com/docs/auth-network

See full list of Auth Integrations →

Updated 5 days ago