GRAYPASSDOC/DEV-01

Three calls.
One identity.

The SDK runs in the browser. Your server gets an accept or deny with calibrated confidence. Your session layer stays yours. First integration in one sitting.

I. WHAT RUNS WHERE

TIMINGS ONLY · NEVER CONTENTSALTED VECTORVERDICT + CONF01 YOUR APP02 @GRAYPASS/SDK · IN THE BROWSER03 GRAYPASS API
  1. 01 · YOUR APP

    Your UI, your session layer, your rules. Nothing about your stack changes.

  2. 02 · @graypass/sdk · IN THE BROWSER

    Reads interaction timings locally and folds them into a salted vector. Raw signals never leave the device.

  3. 03 · GRAYPASS API

    Scores the vector against the enrolled print and answers: accept or deny, with calibrated confidence, under 200 ms.

II. INTEGRATE

login.ts

III. WIRE FORMAT

What crosses the wire when step 03 runs: your server verifies the token, GrayPass answers with the decision and the confidence behind it.

REQUEST

POST /v2/verify
Authorization: Bearer sk_live_…
Content-Type: application/json

{
  "token": "<payload>.<hmac>",
  "target": "dashboard.example.com"
}

RESPONSE

{
  "valid": true,
  "user_id": "tnt_…:u_42",
  "trust_at_issue": 0.92
}

IV. LIVE LATENCY

0

Free billable calls a month, no card

-- ms

p95 round-trip from your browser · measuring

0

Raw events leave the device

V. STACK & SUPPORT

JS / TS SDK@GRAYPASS/SDK
MIDDLEWAREEXPRESS + NEXT.JS
REST V2BEARER KEYS, HMAC TOKENS
WEBHOOKSSIGNED TRUST EVENTS

Questions land with the people who wrote the matcher. Email hello@graypass.org and expect an engineer, not a queue.

Ship it this week.

If you get stuck, email reaches the founders directly.