✅Verify The Token
Now you are on the server-side.
When you made super-safe key, but it's meaningless until you get the keyhole that check the key.
But don't worry, verifying the token is so much simpler than making keyhole.
/validate
POST https://hamutan86.pythonanywhere.com/nonstress/validate
Request (Content-Type: application/json)
{
"token": "0dc240c66802f7329a1cb9f85804c49f6bb34a..."
}token
the token.
Response
{
"error": "",
"pass": true,
"score": 0.98,
"risk_rate": "low",
"user_data": {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64...",
"ip": "d3be2698fceafeb3a93dda396941118588743...",
"ip_type": "ipv4"
}
}error
error text will be here when validation is failed.
pass
user passed the nonstress challenge or not. it will be false when score is 0.0 even error doesn't happend.
score
token's suspicion. range is 0.0 - 1.0, and high score means low suspicious, low score means high suspicious.
risk_rate
verbalized score, here's all risk_rate: clean, low, medium, high, bot( pass: false ).
user_data
user's some infomations. it is useful to make validation more secure.
user_data[user-agent]
the user-agent header.
user_data[ip]
user's ip address. it's hashed with sha-256 for user's privacy, but still useful for validation.
user_data[ip_type]
ip version of user_data[ip]. this param will be only ipv4 or ipv6.
Last updated