Prove you're
human.
Nothing else.

Free, open-source human verification. No passwords, no CAPTCHAs, no personal data. For everyone.

See it in Action ★ View on GitHub

3s

Verification time

0

Personal data shared

100%

eIDAS 2.0 compatible

100%

Free & Open source

How it
works

01

Scan

A platform shows a QR code. You scan it with the idonce app on your phone.

02

Confirm

Authenticate with FaceID or your fingerprint. Your device creates a cryptographic proof.

03

Verified

The platform knows a real person confirmed. No name, no email, no tracking. Done.

Try it
now

See human verification in action. Get the app, then try the live demo.

Verify you're human

Scan a QR code, confirm with biometrics, done. No passwords, no personal data.

Try the Live Demo

Who it's
for

Forums &
communities

Stop bot registrations. Every account is backed by a real device with biometric confirmation.

E-commerce

Prevent fake reviews. Require human verification before a review is published.

Voting &
governance

One device, one vote. Sybil-resistant polling without collecting personal data.

Fintech

Real-time transaction confirmation. Proof that a human approved this action, right now.

Security by
design

🔒

Biometric
confirmation

FaceID or Fingerprint for every verification. The device owner actively confirms.

📱

Device-bound
keys

Private key in Secure Enclave. Cannot be exported or copied to another device.

✅

Hardware
attestation

Apple App Attest and Google Play Integrity verify genuine hardware.

👁

Selective
disclosure

You choose claim-by-claim what to share. Nothing more.

🔄

Replay
protection

Every proof is single-use. Signature tracking prevents reuse.

🚫

Zero personal
data

No name. No email. No tracking. Only a pseudonymous device ID.

Built on
EU standards

Same technology as the upcoming EU Digital Identity Wallet.

SD-JWT-VC

Verifiable Credentials

The mandatory credential format for eIDAS 2.0. Selective disclosure built in.

OpenID4VP

Credential Presentation

Standard protocol for sharing credentials with any eIDAS-compatible verifier.

OpenID4VCI

Credential Issuance

Standard protocol for receiving credentials. Any wallet can use the idonce issuer.

did:web

Decentralized Identity

No vendor lock-in. Resolvable via standard DID Document.

For
developers

One API call. That's the integration.

# Use www.idonce.com or your own hosted issuer

# 1. Create verification session
curl -X POST https://www.idonce.com/vp/sessions \
-H 'Content-Type: application/json' \
-d '{"client_id":"your-platform"}'

# 2. Show QR code from response.qr_data to user

# 3. Poll for result
curl https://www.idonce.com/vp/sessions/vp_a1b2c3...

# Response when verified:
{ "status": "presented", "disclosed_claims": { "biometricConfirmed": true, "deviceBound": true } }

Full Documentation GitHub

How idonce
compares

	idonce	Turnstile	reCAPTCHA	World ID
Mechanism	Biometrics + HW	Fingerprint	Behavioral ML	Iris scan
Guarantee	Cryptographic	Probabilistic	Probabilistic	Cryptographic
Privacy	No tracking	Cloudflare	Google tracks	Iris database
App needed	Yes	No	No	Yes
eIDAS 2.0	Yes	No	No	No
Sybil resistance	Device-bound	Weak	Weak	Iris-bound

Frequently
asked questions

Do I need to install an app?↓

Yes. idonce uses your device's Secure Enclave and biometrics to create cryptographic proofs. This cannot be done in a browser alone.

What data is shared with platforms?↓

Only pseudonymous claims: "biometric confirmed" and "device bound". No name, email, location, or any personal data.

Is idonce really free?↓

Yes, completely. idonce is open source under a permissive license. The app, the issuer server, and the verifier are all free to use, modify, and self-host. No premium tier, no hidden costs, no vendor lock-in.

How does this relate to eIDAS 2.0?↓

idonce uses the same credential format (SD-JWT-VC) and protocols (OpenID4VP, OpenID4VCI) as the EU Digital Identity Wallet. Any eIDAS system can verify idonce credentials.

Can one person have multiple identities?↓

Yes — one device equals one identity. For most use cases like bot prevention and review verification, device-level identity is sufficient.

What happens if I lose my phone?↓

Your identity is bound to the device and cannot be transferred. On a new phone, you create a new identity. The old one can be revoked.

Prove you'rehuman.Nothing else.