Universal Identity Verification · EU-native

Identity, verified.
/ Not guessed.

One API for age, login, bot-check and identity. Deterministic. Zero-knowledge. EU-hosted. The user taps once — your backend gets pass or fail.

Architecture
3-Column Security (3CS)
Standards
OID4VP · eIDAS 2.0 · ISO 18013-5
Infrastructure
EU-only · No US servers
Patents
10+ filed at OEPM
Live · anonymous QR flow

Zero data. One scan.

The gaming site never sees a name, an email, or a hashID. It shows a QR. The user scans it with the hID app, approves with FaceID, and the callback fires pass or fail. That's the only bit the site ever learns. This is the anonymous flow — the privacy gold standard.

EndpointPOST /v1/cap/session
Universal Linkhidcap.eu/s/<session>
FallbackWeb landing + App Store link
PrivacyNo hashID exchanged with site. Ever.
qr-demo · anonymous
// session appears here
Live · demo below is simulated

Push-flow. One API call.

When your backend already knows the user's hashID (e.g. they're logged in), skip the QR. Just send a verification request. The user's phone pops a sheet. One tap — FaceID / Touch-ID — your callback fires pass or fail. No redirects, no iframes, no JS SDK. Just HTTP.

EndpointPOST /v1/cap/verify
Typesage_18, age_21, login, bot, identity
Latency~1.5s user tap → your callback
PrivacyNo PII in transit. Only pass/fail.
push-demo · simulated
Why this tab is simulated: the push flow requires a target hashID that's already registered with the platform. The QR flow to the left uses your hashID (the one you just scanned) — that works end-to-end live. This tab shows the shape of the API response your backend receives after a successful push verification.
// response appears here
Live on France Identité · demo below is simulated

EU Wallet, verified.

The same flow — but through the EU Digital Identity Wallet. Scan the QR with any OID4VP-compatible wallet (Paradym, Animo, Hovi, France Identité). We auto-detect the draft version and respond. v1.0, Draft 24, 20, 18 — all supported.

Deploymenttools.playground.france-identite.gouv.fr
Path/hashid/hidcap-verifier
Versionv0.7.0 · Hovi-compatible
Credentialseu.europa.ec.av.1 · PID · EHIC
Authx509_san_dns · ES256 · direct_post
eudiw-playground · simulated
Why this tab is simulated: our OID4VP verifier is live at tools.playground.france-identite.gouv.fr/hashid/hidcap-verifier and works with real EUDIW wallets (France Identité, Paradym, Hovi, Animo). This demo shows the shape of the wallet URI and response — end-to-end testing requires a wallet app installed with matching test credentials.
// wallet URI appears here
Beta · same verifier, different DCQL

European Health Card.

Same infrastructure, different credential query. The verifier that proves your age can also prove your EHIC — insurance institution, country, expiry — without exposing your full medical record. Issuer: A-SIT Plus ehic library (SD-JWT-VC).

StandardSD-JWT-VC · ES256
VCTurn:credential:ehic
Claimsinstitution, country, expiry_date
IssuerDC4EU Playground · A-SIT Plus
Beta · test credentials only

Ask us for the demo link

Scannable QR for EHIC is available on request.
Email api@hidcap.eu — we'll send you the sandbox URL.

Soon · June 2026

Proximity age-check.

Two phones, one QR code. No internet needed between them. The doorman phone generates a verify request — the user's phone scans, approves with biometrics, and sends back a signed boolean: 18+ yes/no. Doorman sees a green badge. Festival queue keeps moving.

ModesA) Proprietary QR · B) OID4VP / EUDIW interop
TransportQR (Device Engagement) + BLE (ISO 18013-5)
DebutJune 2026
HardwareiPhone + Apple Watch demo planned
Coming · Summer 2026

Age-gates at the door

No servers. No BLE. No IDs handed over. No photos taken.
Just a green light — and the queue keeps moving.

Soon · Q3 2026

Qualified signatures.

Use hIDcap to verify a signer's identity before issuing a PAdES-LTV signature on their document. Same tap. Same callback. Plus a cryptographic signature attached to a PDF, legally equivalent to a handwritten one under eIDAS — if paired with a QES provider.

FormatPAdES-LTV (Long-Term Validation)
LoAQES via FNMT / Cl@ve / Docaposte
StackpyHanko · server-side signing
TimelineAfter SGAD QTSP registration
Coming · Q3 2026

Registering as QTSP

Parallel track: FNMT / Cl@ve integration
+ SGAD Service Provider registration.

Tab-by-tab

One glance.
No clicking needed.

Everything each demo does — in plain English. No need to open every tab to understand the offering.

What's the difference between QR and Push?
QR flow = your site never sees who the user is. You show a QR code, the user scans it with the hID app, approves with FaceID, and your callback fires pass or fail. The hashID never crosses the wire between app and site. Zero-knowledge, perfect for gambling portals, age-gates, first-time visitors.

Push flow = your backend already knows the user's hashID (e.g. they're logged in). You call POST /v1/cap/verify with their hashID and a type. Their phone pops a sheet. Same result, but optimized for re-auth / high-risk action confirmations.
How do I onboard a new user to my platform?
Use request_type: 'login_identity' for the very first login. The user approves once with FaceID, and you receive in one shot:

{ service_hid, first_name, family_name, date_of_birth }

You save in your DB: your_user_id ↔ service_hid. From the second login onwards, use plain request_type: 'login' — you get only the service_hid back, look it up in your DB, you know it's "Andi user_id 4711", session opens.

Why this matters for social platforms, marketplaces, and banks: first-time signup captures the minimum PII you need (name + DOB) with the user's explicit FaceID consent, while every subsequent login is pure pseudonymous identification. It's the cleanest signup flow available — no email verification, no password reset, no fake accounts.
What is a service_hid (sHID) — and why not just use the hashID?
The service_hid is a per-service pseudonymous identifier, derived client-side on the user's device via HMAC-SHA256(master_secret, "svc:" + your_slug). Same user + same service = always the same sHID. Same user + different service = completely different, unlinkable sHID.

What this means practically:
  • You identify the user deterministically across logins — just like Sign-in with Apple.
  • You never see the user's real hashID. Neither do we.
  • Other services also using hIDcap receive different sHIDs for the same user — you cannot correlate with them, and they cannot correlate with you. Mathematically unlinkable.
  • If the user revokes via their hashID app, your sHID stops working — you'll receive a deletion_requested webhook, then a deletion_confirmed after you confirm.

hashID's servers never store the mapping between a real hashID and an sHID. Even a full server compromise reveals nothing about who your users actually are. Best part is no part.
How does the encrypted identity work at login_identity?
When the user approves a login_identity request, their name and date of birth are encrypted on their device using AES-256-GCM, with a key derived via HKDF from your api_key + a per-service service_salt.

You receive three ciphertext+iv+tag tuples inside the identity field. Decrypt them using the same HKDF derivation on your backend (your api_secret never leaves your servers). We never see the plaintext — we just relay the bytes.

This is how a verification provider can hand you real, government-verified PII without ever being able to read it themselves. That's architectural privacy, not promises.
What's different about the EUDIW · France tab?
Same verifier, different protocol. Here we speak OID4VP — the upcoming standard for the EU Digital Identity Wallet. You generate a QR code; the user scans it with any EUDIW-compatible wallet (France Identité, Paradym, Animo, Hovi). The wallet presents a credential directly to our verifier. Live on the French government's playground at tools.playground.france-identite.gouv.fr/hashid/hidcap-verifier. Auto-detects protocol drafts (v1.0, 24, 20, 18) so older wallets still work.
Why is EHIC on this page? Health isn't identity.
It's the same infrastructure. Our OID4VP verifier accepts any SD-JWT-VC credential — not just age or PID. Swap the DCQL query and you can verify a European Health Insurance Card: institution, country, expiry. Without ever seeing the holder's medical records or social security number. Think of it as proof that hIDcap isn't a one-trick pony — it's a framework.
What's hIDage Proximity?
Two phones. One QR code. No internet between them (optional offline mode). A venue door-person holds phone A showing a QR. The customer scans it with phone B, approves with biometrics, and phone A instantly shows green 18+ badge. Debuts Summer 2026. Built on ISO 18013-5 Device Engagement, plus a proprietary QR-only mode for simple boolean age gates.
And hIDsign?
Qualified electronic signatures. Use hIDcap to verify the signer's identity with high LoA (via FNMT, Cl@ve, or Docaposte), then PAdES-LTV-sign their PDF server-side. Legally equivalent to a handwritten signature under eIDAS. Rolling out after Desteba's SGAD Service Provider registration completes (Q3 2026).
Do I need to integrate all of these?
No. Each tab is a standalone flow you can adopt independently. Most platforms start with QR-based age-gating, add Push when their users have accounts, layer in EUDIW for EU-wide interop, and pull in hIDage / hIDsign as adjacent products mature. One API key covers everything you're approved for.
What data do you see?
As little as possible. For a yes/no age check, we see a boolean. For login, we see the user's hashID and a timestamp. For identity, we see only the exact claims you requested (e.g. family_name, given_name). Our servers are in the EU. We do not store PII from verified credentials — ephemeral session data only. Whatever is not needed is discarded before the response returns.
How much does it cost?
Pricing is volume-tiered and depends on your use case. Reach out via the form below — we'll send exact pricing plus a two-week sandbox key. No credit card upfront. Switchers from AI-estimation vendors get preferred terms.
Sign up

Start verifying today.

Request a sandbox API key. We reply within 24h with exact pricing and access credentials.