Phone (RCS)

The Phone Legacy Identity Provider (LIDP) links a phone number to a Nostr public key so users can receive Lightning payments via text messages or messaging apps.

Identifier Format

Phone numbers must be strictly normalized to the international E.164 standard.

Rules: Must begin with a +, followed by the country code, followed by the subscriber number, with all spaces, dashes, and parentheses removed.
Raw Format: +12345678901
Resolved URI: phone:+12345678901

Privacy Model: Hashed (Strict)

Like Email, Phone numbers are highly sensitive personally identifiable information (PII). Zapf treats Phone as a High Privacy identity.

The raw identifier is stripped from all public Nostr events. The Identity Connection Connection Key is exclusively a hash of the URI string. Senders must know the recipient's phone number to zap them.

Verification Flow (RCS OTP)

Zapf Zap Settlement Providers recommend using modern RCS (Rich Communication Services), or fallback SMS, to deliver a One-Time Password (OTP) code to the user's device.

Upon entering the 6-digit code into the ZSP's dashboard, the ZSP issues the ZSP Attestation.

Security and Evidence

Similar to the Email flow, Phone verification generates an ephemeral, local proof of ownership.

No portable tokens: There is no OAuth access token generated by a telecom provider.
No Evidence Sharing: The evidence field inside the resulting ZSP Attestation will be empty.
Independent Verification: If a user wants attestations from multiple ZSPs, each ZSP must independently send and verify an RCS OTP code to that phone number.

Identifier Format​

Privacy Model: Hashed (Strict)​

Verification Flow (RCS OTP)​

Security and Evidence​

Identifier Format

Privacy Model: Hashed (Strict)

Verification Flow (RCS OTP)

Security and Evidence