ZPIP capability catalog¶
The live list of capabilities each Zev product exposes via ZPIP. This page is auto-generatable from the product_capabilities table in ZevID; currently maintained by hand until the generator is built.
Each row tells the DPO: which product owns the capability, what user data it touches, which scope grants it, and whether it requires user consent.
Publicly-accessible Zev products¶
The Zev products end-users can sign up for today (as of 2026-05-15):
- ZevPay (
clientId: zevpay) — payments + KYC - ZevCommerce (
clientId: zevcommerce) — merchant platform - ZevCloud (
clientId: zevcloud) — developer cloud / deployment - ZevWorkspace (
clientId: zevworkspace) — org collaboration
Other oauth_clients rows exist in production (internal / not-yet-launched / sandbox) but are not surfaced to end-users. TODO: deployment owner to confirm the non-public list when needed for an internal audit.
Account-creation model: ZevID accounts are NEVER auto-created across products. A user visiting accounts.zevop.com directly creates a ZevID-only account; their accounts on other products are created only when they visit that product and explicitly sign up via ZevID (which triggers an OAuth consent screen). This means a ZevID account holder may not be enrolled at every Zev product — the per-product enrollment is consent-gated.
Catalog¶
| Capability | Owner product | Required scope | Auth model | Data accessed | Description |
|---|---|---|---|---|---|
Example: zevpay.kyc.status |
ZevPay | zevpay.kyc.status |
service+user | User's ZevPay KYC tier | Lets a calling product see whether ZevPay considers the user tier 1 / 2 / 3 |
Example: zevpay.banking.read |
ZevPay | zevpay.banking.read |
service-only | None (generic NUBAN lookup) | Resolves a NUBAN to the registered account name via banking partner |
How rows are added¶
When a product registers a new capability via POST /v1/internal/capabilities/register, the same PR should add a row here. Reviewer enforces this — the contributor checklist at the repo root (REVIEW_CHECKLIST.md, visible to engineers in the GitHub view of this repo) names the check.
Future: auto-generation¶
The catalog is data in product_capabilities. We plan a script that runs against a ZevID admin token and regenerates this page in CI. Until that ships, the table is maintained manually. Misses found during quarterly review get fixed in the next PR.