Phone (RCS)

The Phone Legacy Identity Provider (LIDP) links a standard telecommunications number to a Nostr public key, opening up Lightning payments via text messages or messaging apps.

Identifier Format

Phone numbers must be strictly normalized to the international E.164 standard.

Rules: Must begin with a +, followed by the country code, followed by the subscriber number, with all spaces, dashes, and parentheses removed.
Raw Format: +12345678901
Resolved URI: phone:+12345678901

Privacy Model: Hashed (Strict)

Like Email, Phone numbers are highly sensitive personally identifiable information (PII). Zapf treats Phone as a High Privacy identity.

The raw identifier is stripped from all public Nostr events. The Kind 35521 Connection Key (d tag) is exclusively a SHA256 hash of the URI string. Senders must know the recipient's phone number to zap them.

Verification Flow (RCS OTP)

Zapf Identity Authorities recommend using modern RCS (Rich Communication Services), or fallback SMS, to deliver a One-Time Password (OTP) code to the user's device.

Upon entering the 6-digit code into the IA's dashboard, the IA issues the Kind 35522 attestation.

Security and Evidence

Similar to the Email flow, Phone verification generates an ephemeral, local proof of ownership.

No portable tokens: There is no OAuth access token generated by a telecom provider.
No Evidence Sharing: The evidence field inside the resulting Kind 35522 attestation will be empty.
Independent Verification: If a user wants attestations from multiple IAs, each IA must independently send and verify an RCS OTP code to that phone number.

Identifier Format​

Privacy Model: Hashed (Strict)​

Verification Flow (RCS OTP)​

Security and Evidence​

Identifier Format

Privacy Model: Hashed (Strict)

Verification Flow (RCS OTP)

Security and Evidence