✅Verify The Token

Now you are on the server-side.

When you made super-safe key, but it's meaningless until you get the keyhole that check the key.

But don't worry, verifying the token is so much simpler than making keyhole.

/validate

POST https://hamutan86.pythonanywhere.com/nonstress/validate

Request (Content-Type: application/json)

Example

{
  "token": "0dc240c66802f7329a1cb9f85804c49f6bb34a..."
}

Parameters

name	description
token	the token.

Response

200 OK

{
  "error": "",
  "pass": true,
  "score": 0.98,
  "risk_rate": "low",
  "user_data": {
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64...",
    "ip": "d3be2698fceafeb3a93dda396941118588743..."
  }
}

400 Bad Request

When token was invaild:

{
  "error": "token doesn't exist",
  "pass": false
}

When token was expired:

{
  "error": "expired token",
  "pass": false
}

Parameters

name	description
error	error text will be here when validation is failed.
pass	user passed the nonstress challenge or not. it will be false when score is 0.0 even error doesn't happend.
score	token's suspicion. range is 0.0 - 1.0, and high score means low suspicious, low score means high suspicious.
risk_rate	verbalized score, here's all risk_rate: clean, low, medium, high, bot( pass: false ).
user_data	user's some infomations. it is useful to make validation more secure.
user_data[user-agent]	the user-agent header.
user_data[ip]	user's ip address. it's hashed with sha-256 for user's privacy, but still useful for validation.