MetzuAuth SDK
Passwordless. Device-bound. Phishing-resistant.
Replace passwords, TPINs, OTP dependency and insecure approval flows with cryptographic authentication, passkeys, biometric approval, device binding and strong transaction authorization.
Transaction
Transfer $12,480.00
to · IBAN ····8821 · Acme Holdings GmbH
Private key never leaves device
Why MetzuAuth
Three guarantees that OTP can't give you.
Strong Authentication
Cryptographic challenge-response instead of shared secrets like passwords or OTP codes.
Trusted Device Identity
Binds users to verified devices and blocks cloned, tampered or suspicious app environments.
Secure Approval
Protects financial and high-risk actions with biometric approval and transaction-specific signature verification.
Capabilities
A complete SDK surface for modern identity.
| Capability | Description |
|---|---|
| Passwordless Login | Authenticate users without passwords, TPINs or repeated OTP challenges. |
| Passkey-Based Authentication | FIDO2 / WebAuthn-style authentication using public/private key cryptography. |
| Device Binding | Bind user identity to a trusted device using secure cryptographic registration. |
| Biometric Approval | Face ID, Touch ID, fingerprint or secure device unlock on the trusted device. |
| Transaction Signing | Sign transaction-specific challenges for transfer, payment, beneficiary addition and sensitive changes. |
| Challenge-Response Security | Server-side challenges verified against signatures from registered devices. |
| Anti-Cloning Protection | Detect copied app data, modified device state, runtime tampering, emulators and abnormal signals. |
| Fallback Orchestration | Controlled fallback journeys when the trusted device or biometric approval is unavailable. |
| Risk-Based Controls | Extra verification by device, session, geography, behavior, transaction value and policy. |
| Audit Logs & Reporting | Complete logs for registration, authentication, approvals, failures, device changes and admin actions. |
Key journeys
From first registration to a $10k transfer.
User Registration
Secure device-bound identity using a public/private key pair and a server-side device registry.
Login Authentication
User signs a login challenge through biometric or secure device authentication.
Transaction Approval
High-risk actions are signed with transaction details and verified before execution.
Device Change
New devices follow a controlled registration journey with policy and risk checks.
Account Recovery
Fallback flows can require additional verification, approval or risk-based escalation.
High-Risk Action Control
Extra approval for unusual sessions, large transactions or sensitive profile changes.
Challenge-response
Five steps. Private key never leaves the device.
STEP 01
Challenge
Backend generates a unique challenge for login or transaction.
STEP 02
User Approval
User confirms through biometric or secure device authentication.
STEP 03
Private Key Sign
SDK signs the challenge on the trusted device.
STEP 04
Server Verify
Backend validates the signature against the registered public key.
STEP 05
Policy Decision
Action is approved, rejected or escalated based on risk.
SDK surfaces
One SDK, every channel your customers actually use.
SDK
Android
Device binding, biometric approval, local checks, challenge signing, transaction authorization.
SDK
iOS
Native secure authentication using platform controls, biometrics, passkeys and device-bound identity.
SDK
Web
Browser-based passkey and WebAuthn authentication for customer and workforce journeys.
SDK
React Native & Flutter
Cross-platform integrations for faster mobile delivery.
SDK
Backend APIs
Registration, challenges, signature verification, device registry, policy and audit events.
SDK
Admin Console
Manage users, devices, policies, logs, risk events and operational monitoring.
Enterprise control
Policies, devices, risk, kill switch, audit.
| Control | Description |
|---|---|
| Policy Management | Configure auth rules by channel, user type, transaction type, risk level or customer segment. |
| Device Registry | Trusted device records linked to customer accounts with lifecycle and status visibility. |
| Risk Rules | Extra controls for new devices, suspicious sessions, high-value transactions or abnormal behavior. |
| Kill Switch | Disable compromised devices, risky sessions or selected authentication flows instantly. |
| Audit & Reporting | Authentication history, registration events, device changes, approvals, failures and admin activity. |
Use cases
Built for regulated digital journeys.
| Industry | Use cases |
|---|---|
| Banking | Mobile banking login, beneficiary addition, fund transfer approval, card controls, recovery, profile changes. |
| Fintech & Wallets | Wallet login, payment authorization, merchant approval, device change, secure customer verification. |
| Telecom | SIM-linked services, customer verification, app-based identity assurance, account protection. |
| Government | Digital identity login, citizen services access, approval workflows, secure document requests. |
| Enterprise | Workforce passwordless login, privileged access, internal approvals, secure workflow authorization. |
Drop OTP. Ship passkeys.
See MetzuAuth integrated against your sign-in and transaction flows in a 30-minute session.