Identity / Names·Solana · EVM · Polygon · Base · Arbitrum
Civic Pass
Civic Pass is a tokenized identity / KYC pass built on the open-source Gateway Protocol. Users complete identity verification once with Civic and receive a non-transferable on-chain pass (gateway token / SBT) that smart contracts and dapps check to gate access — supports KYC, uniqueness, and AML-screened passes on Solana and EVM (including a Uniswap v4 hook and Solana Token-2022 transfer hook).
- 01permissioned DeFi pools (KYC'd liquidity)
- 02compliant token sales / RWA access
- 03Sybil-resistant airdrops via Uniqueness Pass
- 04AML-screened wallet gating
- 05Token-2022 transfer-hook gated tokens
- pnpm add @civic/solana-gateway-react @identity.com/solana-gateway-ts
- pnpm add @civic/ethereum-gateway-react
| Variable | Scope | Description |
|---|---|---|
| NEXT_PUBLIC_CIVIC_GATEKEEPER_NETWORK | Client | Public key of the Gatekeeper Network (e.g. Uniqueness, KYC, IDV) the dapp requires. |
| NEXT_PUBLIC_CIVIC_STAGE | Client | Civic environment to target — usually `prod` or `preprod`. |
Use Civic Pass to gate access on a verified identity pass. Wrap the app in `<GatewayProvider wallet={wallet} connection={connection} gatekeeperNetwork={GATEKEEPER_NETWORK_PK} stage='prod'>` from `@civic/solana-gateway-react` (or `@civic/ethereum-gateway-react` for EVM with `wagmiConfig`). In components call `const { gatewayToken, requestGatewayToken, gatewayStatus } = useGateway()`; trigger the modal with `requestGatewayToken()` and only render protected UI when `gatewayToken?.state === State.ACTIVE`. For server-side checks on Solana use `findGatewayToken({ connection, owner, gatekeeperNetwork })`; on EVM read the Gateway Token contract or call `GatewayTokenClient.getGatewayTokensForOwnerAndGatekeeperNetwork`. For trading flows enforce the pass at the contract level via the Civic Uniswap v4 Hook or Token-2022 transfer hook.
- ⚑Each Gatekeeper Network is a separate pass type (Uniqueness, KYC, IDV, AML) with different cost and revocation rules — pick the right network for your compliance posture.
- ⚑Passes are wallet-bound: rotating wallets requires re-issuance and possibly re-verification, which has user-visible cost and KYC re-collection.
- ⚑Passes can be revoked or frozen by the gatekeeper after issuance (e.g. on AML hits) — always re-check `gatewayToken.state === ACTIVE` rather than just existence; cache invalidation matters for long sessions.
- ⚑PII is collected by Civic / its KYC partners, not stored on-chain — but the on-chain pass is a public signal that *some* identity exists for that wallet, which is itself a fingerprint to defend against.
- ⚑Sybil bypass risk: Uniqueness Pass dedupes per identity document, but multi-document farmers and synthetic IDs are an active attack vector — combine with World ID or Gitcoin Passport for high-value airdrops.
- ⚑On Solana the older Gateway Token program and the new Token-2022 transfer-hook flow are different integration paths; mixing them is a common source of 'pass not found' bugs.