Credentialed Wallets that Scale: Compliant Onboarding Using Para + Self

This co-authored content was originally published by Para, available at https://blog.getpara.com/compliant-wallet-onboarding/

Applications that integrate crypto onboarding often face a dual challenge: providing a fast and frictionless user onboarding experience while also meeting user trust expectations and contributing to compliance requirements. 

Whether you’re building a trading app, community tool, or payment service, you often must prove who your users are, without compromising privacy or drowning in data liability.

Enter Self and Para: Self is a privacy-first identity solution leveraging ZK to verify proof of humanity and key characteristics like age and country of residence (without disclosing sensitive information). Self acts as a credentialing technology that can plug into a user’s Para wallet, linking verified identity attributes without exposing private data. The result is a smooth and compliant onboarding experience. 

The Tools: Para + Self

Let’s break down what each of these tools brings to the table.

Self: Verified Credentials Without Oversharing

Self Protocol allows users with government-issued biometric passports and ID cards from 129 and 35 countries, respectively, to create their Self Pass, which leverages zero-knowledge technology to verify key characteristics about the individual (e.g. age, country of residence, humanity).

Self never sees, owns, or shares any of the users’ encrypted information—just the proof, and only with the user’s consent (e.g., confirming “yes” to an e-commerce company that is asking “is this person over the age of 18?”).

Self is fully third-party audited by zksecurity and aligns with privacy-first user and compliance-aware needs for developers across apps. The protocol supports Web2 and Web3 use cases through onchain and offchain attestations, from providing sybil-resistant solutions to combat bot activity, to rewarding verified human users with social badges and incentives.

Para: Universal Embedded Wallets 

Para is a comprehensive wallet and authentication suite for crypto apps that provides users with fast and familiar access via email, social login, or an existing web3 wallet, with no extensions or seed phrases required.

Para’s universal embedded wallets are secured with MPC, and passkeys add strong, device-native authentication. Because each wallet is tied to an identity, it works globally across apps, chains, and ecosystems, so users can onboard once and transact forever across EVM, Solana, and Cosmos chains, all with the same wallet.

The Benefits of Linking Verified Credentials to Wallets

• User-centric identity: Credentials live with the wallet; they’re not siloed in each app.
  
  

• Reduced fraud & friction without the compliance overhead: Sybil resistance and automated watchlist checks are baked into the flow. Unlock compliance-grade verification without storing any personal data.
  
  

• Portable trust: As more apps integrate Self + Para, verified users move freely across ecosystems.

Real-World Use Cases: What Para + Self Enable Together

The Para + Self use cases span beyond general identity checks: they’re dynamic, app-spanning workflows.

1. Onboard Once, Access Anywhere

A user signs up for a trading app and verifies their age through Self, and that credential attaches directly to their Para wallet.

When they later try a lending app in the same ecosystem, the Para wallet is recognized, and the existing age proof is accepted.

2. Country-Gated Access Without Data Storage

An app needs to enforce region restrictions, for example, excluding users from OFAC-listed countries. By leveraging Self’s OFAC list’s exclusion proofs, projects can verify users’ country of residence is not OFAC sanctioned, linking that verification to the user’s Para wallet.

Additional apps using Para can choose to trust Self’s verification, since it uses government-issued identification, without ever accessing sensitive country data or requiring another ID scan.

3. Sybil Resistance That Actually Works

Apps offering rewards or referrals often struggle with duplicate accounts. Self can detect when the same ID has been used to generate multiple credentials. Para ensures that each credentialed identity is linked to a single wallet.

Velodrome has already announced plans to incorporate this model: users who verify with Self can access higher rewards, knowing the system can trust that each wallet represents a unique person. It's a fairer, more transparent way to scale incentives, without compromising on privacy.

Get Started

Here’s how Self and Para work together behind the scenes to verify identity without compromising experience or security:

1. Set up wallet onboarding and authentication through Para's SDKs
   Use Para’s SDK to embed wallet creation into your signup flow.
   
   Users create a wallet using familiar login methods (email, passkey, or social login). No extensions or seed phrases required.
   
   Behind the scenes, Para provides an MPC-secured wallet and returns a unique identifier (e.g. wallet address or auth token) to your app.
   
   

2. App requests a credential via Self
   When needed, such as after signup or before a sensitive action, initiate a credential check.
   
   Using Self’s SDK, define the criteria (e.g. age ≥ 18, exclude sanctioned countries), then generate a deeplink or a QR code from the SelfApp object.

Example:

const app = new SelfAppBuilder(
{
appName: "Your App Name",
endpoint: "Where you want to verify the credential, e.g. https://yourDNS.com/verify or a smart contract address. ",
userId: "supports wallet address or uuid",
disclosures:
{
minimumAge: 18,
excludedCountries: [countries.BELGIUM]
}
}).build()

const deeplink = getUniversalLink(app)

Open this deep link, or generate and scan a QR code to begin verification in the Self mobile app.

3. User verifies through the Self app
   The user scans their NFC-enabled passport or EuID via the Self app.
   
   Self generates a zero-knowledge proof, confirming attributes like age or nationality, without revealing sensitive personal data.
   
   The proof is returned securely to your backend (our backend can also directly send the proof to a smart contract).
   
   

4. App Verifies the Proof
   Your server uses Self’s SDK to validate the proof.
   
   It checks authenticity (verifies the zero-knowledge proof) and that all criteria are met (e.g. not on OFAC list, age confirmed).
   
   If valid, the user is marked verified. If not, you can block access or request manual review.
   
   

5. Link Credentials to Para Wallets
   Once verified, attach the credential to the user’s wallet for future reference. You can choose:

• Off-chain storage: Add a flag to your user database (e.g. age_verified = true).

• On-chain credential: Mint a Soulbound Token (SBT) or verifiable credential to the wallet address.

• Hybrid caching: Store the result and reverify only periodically, using Self’s identity commitments to prevent spoofing.

Trust That Moves With the User

Identity checks are necessary. But they don’t have to be painful for users (or for teams building apps).

By combining Self’s credentialing layer with Para’s wallet and authentication infrastructure, you get a model that respects user privacy, serves real compliance needs, and travels across apps. The result is reusable trust that unlocks new experiences without adding new friction.

If you're building a product where knowing your users matters, but collecting and storing their sensitive data doesn’t, Self and Para give you a better way forward. Its identity infrastructure that works like the rest of the internet should: portable, private, and built for people.

To learn more about Para, visit getpara.com

Learn more about Self

Start with our Quickstart docs here.

Download the Self mobile app here: iOS + Android.