Minimize exposed data. Interactive flows → hosted verify. Private proofs → owner auth only.
Authentication Model
| Operation | Authentication |
|---|
Verification submission (POST /api/v1/verification) | Signature over NEUS Standard Signing String |
Proof record by receipt id (GET /api/v1/proofs/{qHash}) | Public for public proofs; minimal payload for private unless owner-authenticated |
| Owner-only reads of private proofs | Additional owner signature |
Do Not
- Do not treat proof signatures as bearer tokens (they are request-bound)
- Do not embed secrets in browser bundles
- Do not log or persist:
- proof signatures
- API keys
- third-party auth credentials or provider tokens
Privacy defaults
client.verify() defaults to private with storeOriginalContent: true. VerifyGate create mode defaults to unlisted public (public + publicDisplay: false) for reuse-first gating. See Security and trust.
For raw SDK flows that must power gateCheck without an owner session, set unlisted public explicitly:
{
privacyLevel: 'public',
publicDisplay: false,
}
storeOriginalContent: false only when your product must not persist original bytes (hash/metadata only).
| Control | Purpose |
|---|
privacyLevel | Vaulted (private) vs policy-checkable without session (public) |
publicDisplay | Discovery vs unlisted |
storeOriginalContent | Retain original content (default true) vs hash-only |
Unlisted public proofs are still public to anyone with the proof id.
