The verification layer for every mobile-rooted identity.
Authmatech is one API that wraps two distribution paths — native silent auth (Verify N) and browser silent auth (Verify N+) — backed by a single ledger, dashboard, and audit trail.
A platform, not a primitive.
Everything you need to ship silent verification in production — SDKs, gateway, ledger, audit, dashboard — built around the network-level guarantee.
Single-call verification
POST a number and an encrypted token. Get a yes/no in <400ms. No webhook chasing, no polling.
Carrier-attested
Result is signed by the mobile network operator over our partner channel. Not a code in transit.
AES-256 field encryption
Every MSISDN and operator secret is encrypted at rest with field-level keys.
Verify N + Verify N+
SDK (mobile) and GIF (web) paths converge to the same API. Zero downstream complexity.
Composable with KYC
Drops into your existing pipeline as one stage. Use standalone or as a step-up factor.
MENA-native
Live across STC · Mobily · Zain. UAE, Egypt, Jordan in active partner onboarding.
Silent verification for native apps.
Embed our iOS, Android, or Flutter SDK. The SDK produces an encrypted MSISDN token locally that you forward to your backend. Your backend calls Authmatech once and gets a clean yes/no. The user never sees a screen, never types a code.
- Best for native consumer apps with mobile data access
- Token generation runs entirely on-device
- AES/ECB/PKCS5 sealed payload, decrypted at the edge
- Fallback to SMS OTP requires zero code branching from the developer
import Authmatech
let client = AuthmatechClient(
apiKey: ProcessInfo.processInfo.environment["AUTHMATECH_KEY"]!,
clientId: ProcessInfo.processInfo.environment["AUTHMATECH_CID"]!
)
let token = try await client.sdk.seal(msisdn: "+966512345678")
let result = try await client.verify(
mobileNumber: "+966512345678",
encryptedMobileNumber: token
)
if result.validNumber {
session.upgrade(factor: .simPossession)
}import { Authmatech } from '@authmatech/web';
const authmatech = new Authmatech({
publishableKey: process.env.NEXT_PUBLIC_AUTHMATECH_PK!,
});
const { transactionId } = await authmatech.initVerification({
mobileNumber: phoneInput.value,
});
// Server-side
await fetch('/verify', {
method: 'POST',
body: JSON.stringify({ transactionId, mobileNumber }),
});Silent verification for the modern web.
For browsers, our web SDK calls the operator’s MSISDN-forwarding service and returns a transaction ID. Your backend passes that ID to Authmatech, which resolves it against the operator — same yes/no contract, same billing, no SMS in sight.
- No app install required — runs in any modern browser
- Works on carrier IP (mobile data). Surfaces a clean fallback on Wi-Fi.
- Server-side resolves transactionId; raw MSISDN never touches the browser
- Drop-in React, Next.js, Vue, and Svelte components
Pick the path. We unify the contract.
Two distribution paths so you never have to compromise between mobile and web. One API, one balance, one dashboard.
| Capability | Verify N | Verify N+ |
|---|---|---|
| Distribution surface | Native iOS · Android · Flutter SDKs | Browser SDK (JS) + transactionId flow |
| Encrypted payload origin | Mobile SDK seals MSISDN locally | Operator gateway issues a transaction ID |
| Resolution path | Direct decrypt at edge | PartnersMSISDNForwarding/retrieve → decrypt |
| Network requirement | Mobile data on the same SIM | Browser session over carrier IP |
| Typical latency | 180–280 ms | 230–360 ms |
| Fallback policy | SMS OTP if SIM mismatch | SMS OTP if Wi-Fi or unsupported carrier |
| Pricing | Per-verification | Per-verification |
Built on the same primitives we ship to banks.
Every part of the stack — interceptor, gateway, ledger — is designed for traffic that has compliance reviewers attached.
API key interceptor
X-API-KEY hashed with SHA-256 at request time. Raw keys are returned exactly once and never stored.
Balance ledger
Every verification decrements an auditable balance. Expiry dates enforce hard cutoffs. Per-customer balance attached.
Encrypted audit trail
VN- / VNM- records persisted per call, with operator, latency, result, and masked MSISDN. Queryable from the dashboard.
Dedicated DOT identity (Enterprise)
Reserved partner identity at the carrier for high-volume processors. No noisy-neighbor risk on regulated flows.
Encryption-at-rest
Field-level @Encrypt annotation, AES-256 with rotating keys. Logs go through an isolated masking ObjectMapper.
i18n + RTL by default
Validation messages localized in en/ar/it/tr/zh, RTL parity from day one. No retrofit when you launch in KSA or UAE.
One API today. A trust platform for what's next.
We use the same network-level primitives to power a roadmap of identity products. Customers buying verification today get them at the same contract.
Silent verification
Verify N + Verify N+ for any session, signup, or transaction.
Visitor identification
Recover a verified MSISDN at first visit — consent-aware website attribution.
AI voice authentication
Carrier-attested voice callbacks with code playback for high-trust step-ups.
Get started in 24 hours
Replace your last OTP screen this quarter.
Book a 20-minute call. We will benchmark your traffic, scope the integration, and stand up a sandbox you can ship against the same week.