End-to-end cryptography, drop-in

One formally-verified cryptographic core, packaged six ways. Each product exposes a clean REST API on its own *-api.zoza.world subdomain, with SDKs in Go, TypeScript, Swift, Kotlin — plus React, Vue, and Svelte component packages for the browser-side ones. Protocol details available to qualified evaluators under NDA at security@zoza.world.

Apply for an API key — key issued inside 24h

Auth → Docs

API

Replace SMS OTP with a device-bound cryptographic challenge. No SIM swap, no interception, no voice-scam — the user's Secure Enclave / Keystore signs the approval directly.

Free during pilot • paid tiers TBD post-trust

Vault → Docs

SDK

Encrypt form data in the browser before TLS terminates. Your CDN, WAF, and reverse proxy see only ciphertext. HIPAA BAA + PCI scope-reduction paths supported.

Free during pilot • paid tiers TBD post-trust

Verify → Docs

API

Cryptographically sign every SMS, email, and push notification. The user's device verifies — green badge if it matches, red if it doesn't. DKIM for humans, kills OTP phishing.

Free during pilot • paid tiers TBD post-trust

Shield → Docs

Extension + SDK + Guard

Browser extension, TypeScript SDK, REST API, and on-chain Safe Guard. Decodes every approval, signature, transaction. Blocks Permit2 drainers before the signature.

Free during pilot • Pro tier TBD post-trust

Sign → Docs

Free Tool + API

Decode raw transaction bytes into human-readable intent. Catches the UI-spoofing attack class that drained Bybit for $1.46B, WazirX for $230M, DMM for $305M.

Free decoder forever • pilot API free during pilot window

AI Agent → Docs

API

End-to-end encrypted channel between users and AI models. Zero-retention by protocol — the relay literally cannot log the prompt because it never sees it. Healthcare, legal, mental-health AI apps.

Free during pilot • paid tiers TBD post-trust

Quick Start — 3 lines of code

// Register your app (one-time)
curl -X POST https://vault-api.zoza.world/v1/apps \
  -H "Content-Type: application/json" \
  -d '{"name":"My App"}'

// Response: {"id":"app_xxx", "api_key":"vk_xxx", "public_key":"abc123..."}

// Encrypt in browser (add our SDK)
<script src="https://cdn.zoza.world/vault/v1/vault.js"></script>
<script>
  const vault = new ZozaVault('app_xxx');
  vault.protectForm('#payment-form');  // That's it. Form data is now E2E encrypted.
</script>

// Decrypt on your server
curl -X POST https://vault-api.zoza.world/v1/decrypt \
  -H "Authorization: Bearer vk_xxx" \
  -d '{"payload":"base64_from_browser"}'

API Reference

Auth — OTP Replacement
POST/auth/v1/appsRegister app
POST/auth/v1/devicesAPI KeyRegister device
POST/auth/v1/challengesAPI KeyIssue challenge
POST/auth/v1/challenges/{id}/respondDevice responds
GET/auth/v1/challenges/{id}API KeyCheck status
Vault — Encrypted Forms
POST/vault/v1/appsRegister app
GET/vault/v1/apps/{id}/public-keyGet public key
POST/vault/v1/decryptAPI KeyDecrypt payload
Verify — Anti-Phishing
POST/verify/v1/businessesRegister business
POST/verify/v1/signAPI KeySign message
POST/verify/v1/verifyVerify signature
GET/verify/v1/registryPublic key registry
Shield — Wallet Protection
POST/shield/v1/checkCheck URL safety
POST/shield/v1/reportReport phishing
GET/shield/v1/registrySigned dApp registry
Sign — Transaction Verification
POST/sign/v1/decodeDecode raw tx (FREE)
POST/sign/v1/verifyAPI KeyVerify intent vs bytes
AI Agent — E2E Encrypted AI
POST/ai/v1/modelsRegister AI model
GET/ai/v1/modelsList models
POST/ai/v1/sessionsCreate E2E session

Try It Live

Pricing

Everything is free to use until late 2026. No credit card, no contract, no meter running in the background. We are trading short-term revenue for the right to earn your trust on real traffic; when the free window ends we will ask if we have earned the right to keep serving you — you tell us.

Free · right now

$0
Every product · no card, no cap
  • Auth: cryptographic challenges at full scale
  • Vault: field encryption SDK, no decrypt meter
  • Verify: signed notifications, no volume gate
  • Shield: wallet protection APIs unrestricted
  • Sign: transaction decoder + receipt API
  • AI Agent: end-to-end sessions, no retention

Paid tiers

TBD
Structured post-trust, based on real usage
  • No public per-month price yet
  • No "starts at" number to plan against
  • When you tell us the product is worth paying for, we build a price around what your traffic actually looks like

Enterprise pilot

Free
Banks, exchanges, regulated buyers
  • Dedicated security engineer
  • Case-study exclusivity trade
  • SLA + custom integration support
  • On-prem / HSM path for regulated deployments
  • Security audit co-funded when required
  • Write to hello@zoza.world

Ready to ship secure?

Register your app and start encrypting in under 5 minutes.

Check API Status