Learn about ZKAuth's security architecture, best practices, and compliance standards.
Built-in security features that protect your applications
Mathematically impossible to extract user credentials from authentication proofs
Multiple authentication layers including API keys, session tokens, and ZK proofs
No user data is ever stored or transmitted in plain text
SOC2, HIPAA, and GDPR compliance with comprehensive audit trails
Follow these guidelines to ensure maximum security
Secure your API keys and rotate them regularly
// Store API keys securely
const API_KEY = process.env.ZKAUTH_API_KEY;
// Rotate keys regularly
// Set up automated key rotation every 90 daysAlways use HTTPS in production environments
// Force HTTPS in production
if (process.env.NODE_ENV === 'production') {
app.use((req, res, next) => {
if (!req.secure) {
return res.redirect('https://' + req.headers.host + req.url);
}
next();
});
}Implement rate limiting to prevent abuse
// Implement rate limiting
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});
app.use('/api/', limiter);Validate all user inputs to prevent injection attacks
// Validate email format
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (!emailRegex.test(email)) {
throw new Error('Invalid email format');
}
// Validate password strength
if (password.length < 8) {
throw new Error('Password must be at least 8 characters');
}ZKAuth meets the highest security and privacy standards
Service Organization Control 2 compliance for security, availability, and confidentiality
Health Insurance Portability and Accountability Act compliance for healthcare data
General Data Protection Regulation compliance for EU data protection
Common issues, solutions, and debugging tools to help you resolve problems quickly
User authentication is not working
// Verify API key format
const apiKey = 'zka_live_your_api_key_here';
if (!apiKey.startsWith('zka_live_')) {
console.error('Invalid API key format');
}API requests are taking too long
// Add timeout configuration
const zkauth = new ZKAuth({
apiKey: 'your_api_key',
timeout: 10000, // 10 seconds
retries: 3
});Cannot connect to database
// Test database connection
const { Pool } = require('pg');
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: process.env.NODE_ENV === 'production'
});
pool.query('SELECT NOW()', (err, res) => {
if (err) {
console.error('Database connection failed:', err);
} else {
console.log('Database connected successfully');
}
});Zero-knowledge proof generation is failing
// Verify ZK proof generation
try {
const proof = await zkauth.generateProof(credentials);
console.log('Proof generated successfully');
} catch (error) {
console.error('Proof generation failed:', error);
// Check error details for specific issues
}Useful commands and tools for debugging
Check if ZKAuth service is running
curl -X GET https://api.zkauth.com/health{
"status": "healthy",
"timestamp": "2024-01-01T00:00:00Z",
"version": "1.2.0"
}Verify your API key is valid
curl -H "Authorization: Bearer zka_live_your_key" \
https://api.zkauth.com/api/v1/auth/verify{
"valid": true,
"permissions": ["read", "write"],
"expires_at": "2024-12-31T23:59:59Z"
}Check database connectivity
curl -X GET https://api.zkauth.com/health/db{
"database": "connected",
"response_time": "15ms",
"active_connections": 5
}