Capabilities
Passkey authentication
WebAuthn-based registration and sign-in. No passwords, no shared secrets.
Portable identifiers (DIDs)
W3C-compliant identifiers anchored to the user’s passkey keypair.
ERC-4337 smart accounts
Gasless on-chain accounts linked to the user’s DID.
UCAN authorization
Capability-based delegation without a permission server.
Device sync
Deterministic key derivation enables seamless multi-device identity.
Encrypted vault
Client-side encrypted storage, decryptable only by the identity holder.
Why HyperAuth
Open source
Every layer — SDK, hooks, smart contracts, WASM enclave, vault worker — is open source and auditable.
Self-hostable
Deploy the worker on your own Cloudflare account. No SaaS dependency, no per-MAU billing.
No custody
Keys never leave the user’s device. We can’t lose or leak what we never hold.
Install
Where to start
Quickstart
Add passkey sign-in to an existing app in minutes.
Register an identity
Walk through the full 12-phase registration flow.
Sign and verify
Produce and verify a UCAN-signed payload.
Architecture
Why HyperAuth is built the way it is.
SDK guides
Task-oriented instructions for common integration scenarios.Authentication
Handle sign-in, session management, and device re-auth.
Smart accounts
Create and use ERC-4337 accounts from a DID.
UCAN delegation
Issue and validate capability tokens.
Vault management
Read, write, and rotate encrypted vault entries.
Device sync
Link a new device to an existing identity.
Payments
Send gasless transactions via the smart account.
Alias lookup
Resolve human-readable aliases to DIDs.
Deploy
Deploy the HyperAuth Worker to your own Cloudflare account.