Open Source · v0.1.0

Prove You're Human.
Not a Bot.

Tap a moving dot five times. Get a signed proof. One API call to verify. No KYC, no orb, no biometrics stored — just cryptographic evidence of humanity.

Download APK Free View on GitHub

$0.10 / verify 24h valid Zero PII stored

✓

Identity Verified 0.96

How it works

Four steps to verified humanity

No hardware. No biometrics. No waiting. Your phone and a tap are all you need.

📲

Download APK

Sideload the open-source Flutter app from GitHub Releases. Android only, no Play Store required.

👆

Behavior Challenge

Tap a moving dot 5 times. On-device TFLite model scores your gesture — bots can't fake human timing and pressure.

🔐

Get Your Proof

Receive a signed JWT with nullifier, device_hash, and behavior_score. Valid 24 hours. No personal data inside.

⚡

Projects Verify

POST the JWT to our API. Get valid: true back in milliseconds. Done.

API

One endpoint.
Ship in minutes.

No API key for the first 1,000 calls. No SDK. No wrapper. Just curl.

Request

$ curl -X POST \
  https://poh-api.vercel.app/api/verify \
  -H "Content-Type: application/json" \
  -d '{
    "proof": "eyJhbGciOiJFUzI1NiJ9..."
  }'

Response 200

{
  "valid": true,
  "nullifier": "0xa3f9...c8d2",
  "human_score": 0.96,
  "expires_at": "2026-04-09T..."
}

● score ≥ 0.85 = human ● nullifier prevents replay

Features

Built different.
For a reason.

📱

Mobile-Native

Built entirely in Flutter. The verification happens on a real Android device — where 3B+ humans already live.

🧠

On-Device ML

TFLite model scores your tap gesture locally. Your behavior data never leaves your phone. Score ≥ 0.85 proves humanity.

🛡️

Play Integrity

Google Play Integrity API confirms a genuine, unmodified Android device. Emulators, rooted phones, and bots are rejected at the gate.

🔁

Replay Protection

Every proof contains a cryptographic nullifier stored in Redis with 24h TTL. The same JWT can never be used twice.

⚡

One API Call

POST a JWT, get a boolean back. No SDK. No dependency. No ceremony. If you can curl, you can integrate in under five minutes.

💰

$0.10 / Verify

Flat rate. No tiers, no minimums. First 1,000 verifications are completely free — no credit card, no KYC to start.

Compare

How we stack up

Honest comparison. We're early. But the fundamentals are right.

Feature	Proof of Human	Worldcoin	Gitcoin Passport	Civic
Privacy-preserving	✓	✗	Partial	Partial
No hardware required	✓	✗	✓	✓
Mobile-native verification	✓	✗	✗	Partial
No biometric storage	✓	✗	✓	Partial
Simple REST API	✓	Partial	✗	✓
No KYC required	✓	✗	✗	✗
Under $0.50/verify	✓	✗	Partial	Partial

✓ Fully supported Partial Limited or partial ✗ Not supported

FAQ

Common questions

No personal data is stored anywhere. The server stores only a cryptographic nullifier — a random hex string — in Redis with a 24-hour TTL. Its sole purpose is preventing replay attacks. Your device_hash and behavior_score exist only inside the signed JWT on your device. No email. No name. No biometrics stored.

Two independent layers: 1) Google Play Integrity API confirms your device is a genuine, unmodified Android phone — not an emulator, not a rooted device. 2) An on-device TFLite ML model scores your tap gesture against patterns bots cannot replicate — timing variance, pressure, trajectory. A behavior score ≥ 0.85 is required. Both layers must pass to generate a valid proof.

One API call: POST https://poh-api.vercel.app/api/verify with the user's JWT proof in the request body. You receive { valid: true, nullifier: "0x...", human_score: 0.96 } back. First 1,000 verifications are completely free — no API key required. For volume access, reach out on Twitter @ProofOfHumanApp.

Get Started

Stop bots.
Start building.

First 1,000 verifications free. No credit card. No KYC.
Deploy in 5 minutes with a single API endpoint.