Auth API
The Auth API provides zero-knowledge identity management via ZeqAuth. The server stores only ZID + hash + salt — no equations, no PII.
Endpoints
POST /api/auth/register
Register a new ZID (Zeq Identity).
curl -X POST https://www.zeq.dev/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com", "password": "..."}'Response: { "zid": "zid_abc123...", "message": "Registration successful" }
POST /api/auth/login
Authenticate with email + password. Returns a session cookie.
curl -X POST https://www.zeq.dev/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com", "password": "..."}'POST /api/auth/verify
Verify a session is valid. Returns the authenticated ZID.
curl -X POST https://www.zeq.dev/api/auth/verify \
--cookie "session=..."POST /api/auth/session-key
Get a session key for browser-based API calls. Used by COMPONENTS.js for auto-auth.
curl -X POST https://www.zeq.dev/api/auth/session-key \
-H "Content-Type: application/json" \
--cookie "session=..."Response: { "sessionKey": "sk_...", "expiresAt": "..." }
GET /api/auth/salt/:email
Get the salt for a given email (used for client-side hashing).
Security Model
ZeqAuth uses zero-knowledge proof of identity. The server never sees or stores plaintext passwords. All authentication is wrapped in a ZSP envelope.
Free Tier
Registration is free. Each ZID gets 10 computations/day and 10 AI chat messages/day.