web3.newbeta
by
← Protocols
World ID
ZK / Privacy·EVM

World ID

[ Docs ][ llms.txt ][ llms-full.txt ][ github.com/worldcoin/idkit ]
01Description

Proof-of-personhood protocol from Tools for Humanity. Users verify uniqueness via the Orb (iris) or Document/Device credentials, then prove humanity to apps with a zero-knowledge Semaphore proof — no PII shared.

02Best for
  • 01sybil-resistant signups
  • 021-person-1-vote governance
  • 03AI agent personhood gating (agentkit)
  • 04airdrop anti-sybil
  • 05human-only social/feedback apps
03Install
  • pnpm add @worldcoin/idkit @worldcoin/idkit-core
04Environment variables
VariableScopeDescription
NEXT_PUBLIC_WORLD_APP_IDClientWorld ID application ID from the Worldcoin Developer Portal (format: app_*).
NEXT_PUBLIC_WORLD_ACTIONClientAction ID/string registered for this verification flow in the dev portal.
WORLD_DEV_PORTAL_API_KEYServerServer-side API key used by /verify endpoint to call developer-portal.worldcoin.org.
05Prompt snippet
Use World ID for proof of personhood. Mount `<IDKitWidget app_id={...} action={...} verification_level={VerificationLevel.Orb} onSuccess={onSuccess} handleVerify={handleVerify} />`. In `handleVerify`, POST the proof payload (`merkle_root`, `nullifier_hash`, `proof`, `verification_level`) from the client to your server; on the server call `https://developer-portal.worldcoin.org/api/v2/verify/{app_id}` with the action and `signal` to validate. Persist `nullifier_hash` per (action, user) to prevent double-actions. Use `VerificationLevel.Device` as a weaker fallback when Orb is unavailable.
06Gotchas
  • Orb verification requires in-person Orb visit — coverage is geographically limited; offer Document or Device credentials as fallbacks.
  • `nullifier_hash` is per-action, not global — to detect a unique person across actions you must reuse a single action ID or use World ID Credentials with explicit cross-action signals.
  • Device-level verification is weak (phone-bound) and not true proof of personhood — gate high-value flows on Orb.
  • Always re-verify proofs server-side via the developer portal API; client-only checks are trivially bypassed.
  • Include a `signal` (e.g., wallet address or vote choice) bound to the action to prevent proof replay between users.
  • World App / WorldChain mini-app context differs from external web — IDKit's MiniKit flow is required inside World App.
  • Sanctions/region restrictions may block users in some jurisdictions — handle the rejected verification states.
07Alternatives
Civic PassHuman Passport (Gitcoin Passport)Polygon ID (Privado ID)