User Validation
This endpoint lets you check whether a user’s most‑recent traffic event is considered trusted, suspicious or invalid.
It links the identity you know (your userId
) with the behavioural signals we collect, so you can instantly decide whether to trust the user or not.
1️⃣ Grab the ta_session_id
In your Frontend (client-side) get the ta_session_id
and pass it to the backend:
// Example JavaScript Code:
const taSessionId = window.localStorage.getItem('ta_session_id');
// Then somehow pass it to your backend (e.g. add it to your signup form)
2️⃣ Bind traffic to user
In your Backend (server‑to‑server) make the API call to bind a user to the ta_session_id
.
POST https://developers.trustedaccounts.org/v1/{client_id}/bind
Content-Type: application/json
With the following Request Body:
Field | Type | Required | Description |
---|---|---|---|
clientSecret | string | ✅ | Your plain client secret (from the developer console). |
trustedSessionId | string | ✅ | The trusted session ID obtained in the previous step. |
userId | string | ✅ | Your internal user identifier. |
Response Codes
Status | Meaning |
---|---|
204 No Content | Session bound successfully. |
404 Not Found | client_id + secret pair not recognised. |
400 / 422 | Validation failed (missing field, bad JSON). |
5xx | Server error; retry or contact support. |
Example (Axios)
import axios from 'axios';
await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/bind`,
{
clientSecret: CLIENT_SECRET,
trustedSessionId: TRUSTED_SESSION_ID,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
); // 204 = success
Example (cURL)
curl -X POST https://developers.trustedaccounts.org/v1/1234/bind \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","trustedSessionId":"sess_abc","userId":"user_42"}' \
-i # shows 204 status
Check a user's validation status
Once you've bound traffic to an account you can query that account’s trust status at any time.
POST https://developers.trustedaccounts.org/v1/{client_id}/check
Content-Type: application/json
With the following Request Body:
Field | Type | Required | Description |
---|---|---|---|
clientSecret | string | ✅ | Your plain client secret (same value you use for the /bind call). |
userId | string | ✅ | The user identifier on your platform (e.g. primary key, UUID, email hash). |
Example (axios)
import axios from 'axios';
const res = await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/check`,
{
clientSecret: CLIENT_SECRET,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
);
Example (cURL)
curl -X POST https://developers.trustedaccounts.org/v1/1234/check \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","userId":"user_42"}' \
-i # shows status / headers
You can also review all verified users in Developer Console → Users, complete with risk scores and timelines — perfect for spotting threats and moderating efficiently.
Made with ❤️ for a more human Web.