This is the reusable Week 1 product core described in the 7-week plan. It is the shared backend that the IoT attendance device, insurance claim demo, crypto authorization demo, and hospital identity demo should all call.
Use this layer for:
- developer account creation and API-key management
- tenant-scoped device registration
- user enrollment without storing biometric data
- verification event recording
- attendance check-in and check-out events
- enterprise audit visibility
These endpoints are for the developer or operator building on ZeroAuth.
Create a tenant account and receive the first live API key.
curl -X POST https://api.zeroauth.dev/api/console/signup \
-H "Content-Type: application/json" \
-d '{
"email": "dev@company.com",
"password": "super-secure-password",
"companyName": "Company Inc"
}'Authenticate and receive a console token.
Return tenant profile, plan, quota, and account status.
List all API keys for the authenticated tenant.
Create another API key. Supports live or test environments and explicit scopes.
Revoke an API key permanently.
Return current-month usage, rate limits, and recent API calls.
Return the Week 1 demo viewer payload:
- counts for devices, users, verifications, attendance events, and audit events
- recent devices
- recent users
- recent verifications
- recent attendance events
- recent audit events
Return recent business audit events for a single environment.
All /v1/* routes require a tenant API key.
-H "Authorization: Bearer za_live_YOUR_KEY"The environment is derived from the key itself:
za_live_*writes and readsliverecordsza_test_*writes and readstestrecords
Default keys now include the central API scopes below:
devices:readdevices:writeusers:readusers:writeverifications:readverifications:writeattendance:readattendance:writeaudit:read
Devices model real enterprise assets such as the battery-powered attendance device in Week 2.
Register a device.
curl -X POST https://api.zeroauth.dev/v1/devices \
-H "Authorization: Bearer za_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Front Desk Attendance Unit",
"externalId": "iot-blr-hq-01",
"locationId": "blr-hq",
"batteryLevel": 94,
"metadata": {
"firmware": "0.1.0",
"connectivity": "wifi"
}
}'List devices for the current tenant and environment.
Optional query params:
status=active|inactive|retiredlimit=1..100
Update device status, battery level, metadata, or last seen timestamp.
Users are business identities enrolled under a tenant. This layer stores non-biometric reference data only.
Create an enrolled user.
curl -X POST https://api.zeroauth.dev/v1/users \
-H "Authorization: Bearer za_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"fullName": "Aditi Sharma",
"externalId": "emp-001",
"employeeCode": "ZS-001",
"primaryDeviceId": "DEVICE_UUID",
"metadata": {
"department": "Operations"
}
}'List enrolled users.
Optional query params:
status=active|inactivelimit=1..100
Update assigned device, status, or reference metadata.
Verifications are product-level decision records. This is the shared API contract that later demo wrappers should call, regardless of whether the flow is IoT attendance, insurance claim validation, or crypto withdrawal authorization.
Record a verification outcome.
curl -X POST https://api.zeroauth.dev/v1/verifications \
-H "Authorization: Bearer za_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"userId": "USER_UUID",
"deviceId": "DEVICE_UUID",
"method": "fingerprint",
"result": "pass",
"reason": "matched-template",
"confidenceScore": 98.5,
"referenceId": "attendance-attempt-1001",
"metadata": {
"presenceCheck": "depth-ok"
}
}'Supported methods:
zkpfingerprintfacedepthsamloidcmanual
Supported results:
passfailchallenge
List recent verification events.
Optional query params:
method=...result=...limit=1..100
Attendance is the Week 2 showcase surface. It should be driven by the same verification records above.
Record a check-in or check-out event.
curl -X POST https://api.zeroauth.dev/v1/attendance \
-H "Authorization: Bearer za_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"userId": "USER_UUID",
"deviceId": "DEVICE_UUID",
"verificationId": "VERIFICATION_UUID",
"type": "check_in"
}'If verificationId is supplied and result is omitted, ZeroAuth derives:
acceptedfrom apassverificationrejectedfrom afailorchallengeverification
List recent attendance events.
Optional query params:
type=check_in|check_outresult=accepted|rejectedlimit=1..100
Audit is the enterprise evidence layer. Every central-API domain write records an audit event.
List audit events for the current tenant and environment.
Optional query params:
action=device.createdstatus=success|failurelimit=1..100
Audit events include:
- actor type and actor id
- action
- entity type and entity id
- success or failure
- summary
- timestamp
- metadata
With this central API in place, the next layers can stay thin:
- IoT attendance device: capture signal locally, call
/v1/verifications, then/v1/attendance - insurance claim wrapper: call
/v1/verifications, then write claim identity audit metadata - crypto authorization wrapper: call
/v1/verifications, then attach reference IDs to the withdrawal flow - hospital identity wrapper: call
/v1/verifications, then record visit events
That is the main architectural rule for the next 7 weeks: one backend core, many narrow demo wrappers.