Sign your outbound SMS, email, and WhatsApp so recipients can prove the sender. One line of code, no phone-number verification hurdles, no SMS tax, no SIM-swap risk.
npm install @zoza/verifyimport { VerifyClient } from '@zoza/verify';
const verify = new VerifyClient({ apiKey: process.env.ZOZA_VERIFY_KEY! });
const signed = await verify.sign({
channel: 'sms',
content: 'Your ICICI OTP is 482194. Do not share.',
});
// Send signed.full_message via your SMS gateway:
// "Your ICICI OTP is 482194. Do not share. [zoza:bid=icici&sig=...&mid=...&ch=sms]"
// Recipient opens zoza.world/verify, pastes the message, gets a green check.Every bank, exchange, and healthcare app sends OTPs and transactional SMS. Recipients have no way to tell a real message from a phishing copy, and SIM swaps let attackers intercept legitimate traffic. Zoza Verify adds an Ed25519 signature — produced server-side using your registered business key — so recipients can cryptographically verify the sender with one tap.
| Option | Type | Notes |
|---|---|---|
apiKey |
string (required) |
Issued at zoza.world/developers/verify. Format vfy_<base64>. |
apiUrl |
string |
Default https://verify-api.zoza.world. Override for self-host. |
fetch |
typeof fetch |
For Node <18 or custom request signers. |
Returns { message_id, channel, signature, compact, signed_at, full_message }.
Signs up to 1000 messages in one call.
Public endpoint (no API key needed). Returns { valid, business_name?, reason? }.
Fetches the signed public registry of verified businesses.
npm install
npm testOffline mocked tests for speed + determinism. Live round-trip lives in
examples/live-api.mjs and requires a real vfy_* key.
MIT © Zoza