NoTap SDK - Portable, Device-Free Authentication

NoTap is a revolutionary passwordless, device-free payment authentication platform powered by zero-knowledge proofs and multi-factor authentication.

🌟 Why NoTap?

• 🔐 Passwordless: No passwords to remember or forget

• 📱 Device-Free: No phone? No problem! Authenticate on any terminal

• 🛡️ Ultra-Secure: Zero-knowledge proofs + multi-factor authentication

• ⚡ Fast: Sub-second authentication

• 🌐 Universal: Works on POS terminals, web, mobile

• 🔒 Privacy-First: Your factors never leave your device

🔗 Links

• 🌐 Website: notap.xyz

• 📚 Documentation: docs.notap.xyz

• 💬 Discord: Join Community

• 🐦 Twitter: @NoTapAuth

• 📧 Support: [email protected]

NoTap

Device-Independent Authentication Layer for Payments and Access

NoTap is a device-independent fallback authentication layer. When phone-based authentication fails — lost device, dead battery, no signal — NoTap allows users to verify their identity from any available interface, and PSPs to recover the transaction.

The Problem

Today, digital identity is tightly bound to personal devices.

Authentication methods like SMS OTP, authenticator apps, and device biometrics all assume the user has access to their phone. When the device is unavailable — lost, out of battery, not present, or blocked — authentication fails.

For PSPs and merchants, this means:

• Legitimate transactions are declined

• Customers abandon purchases

• Support costs increase

• Fraud exploits gaps in device-dependent flows

Authentication failure is not only a security issue. It is a revenue problem.

The NoTap Approach

NoTap is a fallback and recovery layer, not a replacement for existing authentication.

When a user's primary device-based authentication fails, NoTap activates. It verifies identity using memory-based identity factors the user enrolled in advance — factors they can reproduce from any available interface: a store terminal, a kiosk, a browser, or another device.

The transaction continues. The PSP never sees a failure.

NoTap integrates as a secondary verification layer within existing payment and access flows. It does not process payments. It verifies identity.

Users enroll once (5 minutes, on their own device). They configure multiple authentication factors — a PIN, a drawn pattern, a tap rhythm, a color sequence, an emoji sequence, or others. These are converted into cryptographic fingerprints. The raw values never leave the device.

After enrollment, they authenticate from any device. The system selects 2–3 factors per transaction based on risk:

What Makes NoTap Different

Every existing authentication method verifies the device. NoTap verifies the person.

Because NoTap factors are memory-based and reproducible from any interface, authentication continues through scenarios where every other method fails.

Additional properties:

• Bot-resistant — Behavioral timing patterns make automation significantly harder

• SIM-swap proof — No phone number dependency, no SIM swap attack surface

• No replay attacks — Each session uses a nonce and timestamp; factor grids randomize per transaction

• 24-hour key rotation — Daily digest rotation limits breach exposure to a single day

Business Impact

Organizations using NoTap can:

• Recover failed transactions that would otherwise be lost to device unavailability

• Reduce false declines by providing higher-confidence identity verification

• Reduce fraud by eliminating the attack vectors that exploit device-based authentication

• Designed for SCA compliance — knowledge, behavioral, and biometric factors across 3 categories satisfy PSD3 requirements without 3D Secure friction

• Reduce support costs from authentication-related access issues

NoTap does not replace your PSP. It sits in front of it. When authentication succeeds, your existing payment flow handles everything else.

Integration

PSP Integrations

NoTap integrates with major payment providers including Stripe, Adyen, Square, Tilopay, and MercadoPago.

PSP sessions can be created in parallel with authentication to reduce checkout latency.

SDKs

Quick Start

Full API reference: docs.notap.io/api

Compliance

Pricing

Pricing depends on verification volume. Enrollments are free and unlimited.

See notap.io/pricing for full tier details, or Extended Features for consumer pricing.

Product Scope

Core Platform

Device-independent authentication fallback for payments and access control. This is what NoTap is today and what every integration is built on.

The core platform works independently of blockchain, AI, or agentic payment systems. It requires only an API connection and one of the available SDKs.

Future Extensions

The same authentication infrastructure will extend to support:

• AI agent authentication — Identity verification for autonomous agents initiating payments

• Decentralized identity — Integration with self-sovereign identity systems

• Blockchain name services — Human-readable identifiers (.sol, .eth, .crypto) resolved to NoTap IDs

• Autonomous payment agents — Authentication flows for agent-to-agent commerce

These are extensions of the core primitive. They do not change how the core platform works.

Summary

NoTap is authentication infrastructure for payments and access. It fills the gap that exists when device-based authentication fails — which happens more often, and costs more, than most organizations measure.

One sentence: NoTap is a device-independent fallback authentication layer — when device-based authentication fails, it verifies identity from any available interface so PSPs can recover the transaction.

Resources

• Website: https://notap.io

• Documentation: https://docs.notap.io

• Developer Portal: https://developer.notap.io

• API Reference: https://docs.notap.io/api

• General: [email protected]

• Technical Support: [email protected]

• Partnerships: [email protected]

Licensed under Apache License 2.0

Made with ❤️ by the NoTap Team

📚 Documentation

Comprehensive guides and references available:

Getting Started

• Quick Start Guide - Get up and running in 5 minutes

• Installation - Detailed installation instructions

• First Authentication - Your first NoTap integration

Integration Guides

• Android Integration - Native Android SDK integration

• iOS Integration - Native iOS SDK integration

• Web Integration - JavaScript/Web integration

• Backend API - RESTful API documentation

Architecture & Security

• Architecture Overview - System architecture and design

• Security Best Practices - Security guidelines and threat model

• Authentication Flow - How NoTap authentication works

Testing

• Testing Guide - How to test your integration

• E2E Testing - End-to-end testing with Bugster

🚀 Quick Start

1. Install the SDK

Android (Gradle):

iOS (CocoaPods):

Web (NPM):

2. Initialize NoTap

Android:

iOS:

Web:

3. Authenticate a User

That's it! See our Developer Guides for complete integration tutorials.

🎯 Use Cases

🛒 Point of Sale (POS)

• Device-free payments: Customer left phone at home? No problem!

• Faster checkout: No fumbling with phones or cards

• Reduced fraud: Multi-factor authentication with ZK proofs

💻 E-Commerce

• Passwordless login: No more password resets

• One-click checkout: Authenticate with your chosen factors

• Cross-device: Start on phone, finish on desktop

🏦 Banking & Finance

• High-security transactions: Multi-factor + zero-knowledge proofs

• Regulatory compliance: PSD3-ready authentication

• Fraud prevention: Behavioral biometrics + knowledge factors

🏢 Enterprise

• SSO Integration: Works with existing identity providers

• Admin controls: Manage users and permissions

• Audit trails: Complete authentication history

🔐 Security

NoTap is built with security at its core:

• 🔐 Zero-Knowledge Proofs: Prove you know your factors without revealing them

• 🔒 End-to-End Encryption: Factors encrypted on device, never sent in plain text

• ⏱️ Constant-Time Operations: Protection against timing attacks

• 🛡️ PSD3 Compliant: Multi-category authentication (knowledge, biometric, possession)

• 🔑 Hardware Security: Android KeyStore, iOS Keychain integration

• 📊 Security Audits: Regular third-party security audits

See: Security Documentation for complete security architecture.

🌐 Supported Platforms

🤝 Contributing

We welcome contributions from the community!

How to Contribute

1. Found a bug? Open an issue

2. Have a feature request? Start a discussion

3. Want to improve docs? Submit a pull request!

Documentation Contributions

This repository contains public documentation only. Documentation is automatically synced from our development repository.

To contribute:

• Documentation improvements: Submit PRs directly to this repo

• Code changes: Contact us at [email protected] for contributor access

See our Contributing Guide for detailed guidelines.

💬 Community & Support

Get Help

• 📧 Email: [email protected]

• 💬 Discord: Join our community

• 📖 Documentation: docs.notap.xyz

• 🐛 Bug Reports: GitHub Issues

Stay Updated

• 🐦 Twitter: @NoTapAuth

• 📝 Blog: blog.notap.xyz

• 📬 Newsletter: Subscribe

📄 License

Copyright © 2025 NoTap Labs. All rights reserved.

This documentation is licensed under CC BY 4.0.

For SDK licensing, contact: [email protected]

🏷️ About the Name

NoTap is our public brand name. Internally, the codebase uses "zeropay" - this is intentional and follows industry standards (like Meta/Facebook, Google/Alphabet). This enables us to rebrand without breaking existing integrations.

For developers: Use package names like xyz.notap.sdk in your apps, even though internal packages may reference zeropay.

Made with ❤️ by the NoTap Labs team

Website • Docs • Discord • Twitter