ZK / Privacy·EVM · Multi-chain
Reclaim Protocol
Reclaim is a zkTLS protocol: a decentralized network of attestors sits between the user and any HTTPS endpoint, witnesses the TLS session, and signs a ZK proof of the response. The result is portable, on-chain-verifiable proofs of arbitrary web2 data (Uber rides, bank balances, Twitter handles, API responses) without trusting the dapp.
- 01porting web2 data on-chain (banking, social, gig-economy)
- 02zkTLS attestations of API responses
- 03private API-key usage with verifiable output (zkFetch)
- 04KYC-lite via existing accounts
- 05verifiable oracles over arbitrary HTTPS
- pnpm add @reclaimprotocol/js-sdk
- pnpm add @reclaimprotocol/zk-fetch
- pnpm add @reclaimprotocol/attestor-core
| Variable | Scope | Description |
|---|---|---|
| RECLAIM_APP_ID | Client | Reclaim Application ID from https://dev.reclaimprotocol.org. |
| RECLAIM_APP_SECRET | Server | Reclaim Application Secret used to initialise the SDK on the server. |
| RECLAIM_PROVIDER_ID | Client | Provider ID for a specific Reclaim data provider (e.g. Twitter, Coinbase, Uber). |
Use Reclaim Protocol for zkTLS proofs over web2 APIs. On the server, instantiate `const reclaim = new ReclaimProofRequest(RECLAIM_APP_ID, RECLAIM_APP_SECRET, RECLAIM_PROVIDER_ID)` from `@reclaimprotocol/js-sdk`, then `await reclaim.buildProofRequest()` and send the resulting QR/url to the client. The user opens the Reclaim app/extension, signs into the target site, and the attestor network produces a signed proof you receive at your callback. Verify with `await reclaim.verifyProof(proof)`. For server-driven flows where you fetch a private API yourself, use `zkfetch(url, options, secrets, publicOptions)` from `@reclaimprotocol/zk-fetch` to produce a proof that hides the API key while exposing only the response fields you redact in.
- ⚑The attestor network is permissioned today — proofs are only as trustworthy as the attestor set; treat them as 1-of-N attestor honesty assumption, not pure cryptography.
- ⚑Each Provider is hand-built (regex over a specific endpoint); when the target site changes its HTML/JSON shape, the provider breaks until the team updates it.
- ⚑Mobile flows require the Reclaim mobile app or browser extension, which adds onboarding friction — measure drop-off and provide fallback paths.
- ⚑On-chain verification gas is non-trivial (hundreds of thousands of gas on EVM); batch verifications or verify off-chain when feasible.
- ⚑Rate limits on the attestor network apply per AppId — production apps must request quota increases or risk throttling during traffic spikes.