Skip to main content

User Validation

This endpoint lets you check whether a user’s most‑recent traffic event is considered trusted, suspicious or invalid.

In short

It links the identity you know (your userId) with the behavioural signals we collect, so you can instantly decide whether to trust the user or not.

1️⃣ Grab the ta_session_id

In your Frontend (client-side) get the ta_session_id and pass it to the backend:

// Example JavaScript Code:
const taSessionId = window.localStorage.getItem('ta_session_id');
// Then somehow pass it to your backend (e.g. add it to your signup form)

2️⃣ Bind traffic to user

In your Backend (server‑to‑server) make the API call to bind a user to the ta_session_id.

POST https://developers.trustedaccounts.org/v1/{client_id}/bind
Content-Type: application/json

With the following Request Body:

FieldTypeRequiredDescription
clientSecretstringYour plain client secret (from the developer console).
trustedSessionIdstringThe trusted session ID obtained in the previous step.
userIdstringYour internal user identifier.

Response Codes

StatusMeaning
204 No ContentSession bound successfully.
404 Not Foundclient_id + secret pair not recognised.
400 / 422Validation failed (missing field, bad JSON).
5xxServer error; retry or contact support.

Example (Axios)

import axios from 'axios';

await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/bind`,
{
clientSecret: CLIENT_SECRET,
trustedSessionId: TRUSTED_SESSION_ID,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
); // 204 = success

Example (cURL)

curl -X POST https://developers.trustedaccounts.org/v1/1234/bind \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","trustedSessionId":"sess_abc","userId":"user_42"}' \
-i # shows 204 status

Check a user's validation status

Once you've bound traffic to an account you can query that account’s trust status at any time.

POST https://developers.trustedaccounts.org/v1/{client_id}/check
Content-Type: application/json

With the following Request Body:

FieldTypeRequiredDescription
clientSecretstringYour plain client secret (same value you use for the /bind call).
userIdstringThe user identifier on your platform (e.g. primary key, UUID, email hash).

Example (axios)

import axios from 'axios';

const res = await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/check`,
{
clientSecret: CLIENT_SECRET,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
);

Example (cURL)

curl -X POST https://developers.trustedaccounts.org/v1/1234/check \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","userId":"user_42"}' \
-i # shows status / headers

You can also review all verified users in Developer Console → Users, complete with risk scores and timelines — perfect for spotting threats and moderating efficiently.

Made with ❤️ for a more human Web.