Universal Identity Verification · EU-native

Identity, verified.
/ Not guessed.

One API for age, login, bot-check and identity. Deterministic. Zero-knowledge. EU-hosted. The user taps once — your backend gets pass or fail.

Architecture

3-Column Security (3CS)

Standards

OID4VP · eIDAS 2.0 · ISO 18013-5

Infrastructure

EU-only · No US servers

Patents

10+ filed at OEPM

● Live

The original. One API call.

Your backend sends a verification request. The user's phone pops a sheet. One tap — FaceID / Touch-ID — your callback fires pass or fail. No redirects, no iframes, no JS SDK. Just HTTP.

EndpointPOST /v1/cap/verify

Typesage_18, age_21, login, bot, identity

Latency~1.5s user tap → your callback

PrivacyNo PII in transit. Only pass/fail.

hidcap-demo · mock

Target hashID

Request type

B2B API key

// response appears here

● Live · France Identité Playground

EU Wallet, verified.

The same flow — but through the EU Digital Identity Wallet. Scan the QR with any OID4VP-compatible wallet (Paradym, Animo, Hovi, France Identité). We auto-detect the draft version and respond. v1.0, Draft 24, 20, 18 — all supported.

Deploymenttools.playground.france-identite.gouv.fr

Path/hashid/hidcap-verifier

Versionv0.7.0 · Hovi-compatible

Credentialseu.europa.ec.av.1 · PID · EHIC

Authx509_san_dns · ES256 · direct_post

eudiw-playground · fr

Credential type

// wallet URI appears here

● Beta · same verifier, different DCQL

European Health Card.

Same infrastructure, different credential query. The verifier that proves your age can also prove your EHIC — insurance institution, country, expiry — without exposing your full medical record. Issuer: A-SIT Plus ehic library (SD-JWT-VC).

StandardSD-JWT-VC · ES256

VCTurn:credential:ehic

Claimsinstitution, country, expiry_date

IssuerDC4EU Playground · A-SIT Plus

Beta · test credentials only

Ask us for the demo link

Scannable QR for EHIC is available on request.
Email api@hidcap.eu — we'll send you the sandbox URL.

● Soon · June 2026

Proximity age-check.

Two phones, one QR code. No internet needed between them. The doorman phone generates a verify request — the user's phone scans, approves with biometrics, and sends back a signed boolean: 18+ yes/no. Doorman sees a green badge. Festival queue keeps moving.

ModesA) Proprietary QR · B) OID4VP / EUDIW interop

TransportQR (Device Engagement) + BLE (ISO 18013-5)

DebutJune 2026

HardwareiPhone + Apple Watch demo planned

Coming · Summer 2026

Age-gates at the door

No servers. No BLE. No IDs handed over. No photos taken.
Just a green light — and the queue keeps moving.

● Soon · Q3 2026

Qualified signatures.

Use hIDcap to verify a signer's identity before issuing a PAdES-LTV signature on their document. Same tap. Same callback. Plus a cryptographic signature attached to a PDF, legally equivalent to a handwritten one under eIDAS — if paired with a QES provider.

FormatPAdES-LTV (Long-Term Validation)

LoAQES via FNMT / Cl@ve / Docaposte

StackpyHanko · server-side signing

TimelineAfter SGAD QTSP registration

Coming · Q3 2026

Registering as QTSP

Parallel track: FNMT / Cl@ve integration
+ SGAD Service Provider registration.

Tab-by-tab

One glance.
No clicking needed.

Everything each demo does — in plain English. No need to open every tab to understand the offering.

What is hIDcap Classic?

The flagship flow. Your backend calls POST /v1/cap/verify with a user's hashID and a request type (age_18, login, bot, identity). Our server pushes a sheet to that user's phone. They tap FaceID. Your callback URL receives pass or fail within ~1.5 seconds. No SDK, no iframe, no JS in the browser. HTTP in, HTTP out.

What's different about the EUDIW · France tab?

Same verifier, different protocol. Here we speak OID4VP — the upcoming standard for the EU Digital Identity Wallet. You generate a QR code; the user scans it with any EUDIW-compatible wallet (France Identité, Paradym, Animo, Hovi). The wallet presents a credential directly to our verifier. Live on the French government's playground at tools.playground.france-identite.gouv.fr/hashid/hidcap-verifier. Auto-detects protocol drafts (v1.0, 24, 20, 18) so older wallets still work.

Why is EHIC on this page? Health isn't identity.

It's the same infrastructure. Our OID4VP verifier accepts any SD-JWT-VC credential — not just age or PID. Swap the DCQL query and you can verify a European Health Insurance Card: institution, country, expiry. Without ever seeing the holder's medical records or social security number. Think of it as proof that hIDcap isn't a one-trick pony — it's a framework.

What's hIDage Proximity?

Two phones. One QR code. No internet between them (optional offline mode). A venue door-person holds phone A showing a QR. The customer scans it with phone B, approves with biometrics, and phone A instantly shows green 18+ badge. Debuts Summer 2026. Built on ISO 18013-5 Device Engagement, plus a proprietary QR-only mode for simple boolean age gates.

And hIDsign?

Qualified electronic signatures. Use hIDcap to verify the signer's identity with high LoA (via FNMT, Cl@ve, or Docaposte), then PAdES-LTV-sign their PDF server-side. Legally equivalent to a handwritten signature under eIDAS. Rolling out after Desteba's SGAD Service Provider registration completes (Q3 2026).

Do I need to integrate all of these?

No. Each tab is a standalone flow you can adopt independently. Most platforms start with Classic age-gating, add EUDIW when they need EU compliance across countries, and pull in hIDage / hIDsign as adjacent products mature. One API key covers everything you're approved for.

What data do you see?

As little as possible. For a yes/no age check, we see a boolean. For login, we see the user's hashID and a timestamp. For identity, we see only the exact claims you requested (e.g. family_name, given_name). Our servers are in the EU. We do not store PII from verified credentials — ephemeral session data only. Whatever is not needed is discarded before the response returns.

How much does it cost?

Pricing is volume-tiered and depends on your use case. Reach out via the form below — we'll send exact pricing plus a two-week sandbox key. No credit card upfront. Switchers from AI-estimation vendors get preferred terms.

Identity, verified./ Not guessed.