Institutional B2B2C settlement and qualified custody for fintechs: regulated rails to offer crypto trading, stablecoin payments, tokenized assets, and yield products without holding licenses or building blockchain ops.
- 01regulated fintech crypto trading
- 02qualified custody (ZHTC trust)
- 03stablecoin settlement / payments
- 04tokenized RWA issuance
- 05broker-dealer turnkey crypto
| Variable | Scope | Description |
|---|---|---|
| ZEROHASH_API_KEY | Server | Zero Hash API public key (the `ZH-API-KEY` request header). Pair with `ZEROHASH_API_SECRET`. |
| ZEROHASH_API_SECRET | Server | Base64-encoded API secret used to compute the `ZH-API-SIGNATURE` HMAC over `timestamp + method + path + body`. |
| ZEROHASH_PASSPHRASE | Server | API passphrase chosen at key creation; sent as `ZH-API-PASSPHRASE`. |
| ZEROHASH_PLATFORM_CODE | Server | Customer platform code provisioned by Zero Hash; identifies your tenant in API calls. |
Use Zero Hash for regulated trading, custody, and settlement. All REST calls hit `https://api.cert.zerohash.com` (cert/sandbox) or `https://api.zerohash.com` (prod) and must carry four headers: `ZH-API-KEY`, `ZH-API-SIGNATURE` (HMAC-SHA256 of `timestamp + method + path + body`, base64), `ZH-API-TIMESTAMP`, and `ZH-API-PASSPHRASE`. Onboard end users via `POST /participants/customers/new` (KYC payload), fund accounts with `POST /accounts/movements` (USD deposit) or addresses returned from `POST /withdrawals/requests`, and execute trades with `POST /liquidity/rfq` followed by `POST /liquidity/execute`. For custody-only flows use `/withdrawals/requests` and `/transfers`. Subscribe to status updates over the Webhooks v2 channel and verify the `Zh-Signature` header before persisting state.
- ⚑Zero Hash is a B2B regulated platform — KYB onboarding and a signed master agreement are required before you receive any API credentials; there is no self-serve sandbox key.
- ⚑Every request signature must use the exact request path (including query string) and the raw body bytes — most failures stem from JSON re-serialization changing whitespace.
- ⚑End-customer onboarding (`/participants/customers/new`) goes through KYC asynchronously; do not let users trade until you receive the `participant.approved` webhook.
- ⚑Asset and chain availability varies by jurisdiction (US states, Australia, UK, etc.) — the same `participant_code` may be allowed to trade BTC but not stake ETH; check `/liquidity/markets` per-customer rather than caching globally.
- ⚑Settlement is T+0 for spot crypto and T+1 for fiat ACH withdrawals — surface the right ETA in your UI or users will support-ticket every order.
- ⚑Cert (sandbox) and production environments use different webhook signing keys and different participant codes — moving a user from cert to prod requires re-onboarding, not a flag flip.
- ⚑Custody is via Zerohash Trust Company (ZHTC), a North Carolina-chartered trust — you cannot use the custody product without ZHTC sub-account assignment in your contract.