User Validation
This endpoint lets you check whether a user’s most‑recent traffic event is considered trusted, suspicious or invalid.
It links the identity you know (your userId) with the behavioural signals we collect, so you can instantly decide whether to trust the user or not.
1️⃣ Grab the ta_session_id
In your Frontend (client-side) get the ta_session_id and pass it to the backend:
// Example JavaScript Code:
const taSessionId = window.localStorage.getItem('ta_session_id');
// Then somehow pass it to your backend (e.g. add it to your signup form)
2️⃣ Bind traffic to user
In your Backend (server‑to‑server) make the API call to bind a user to the ta_session_id.
POST https://developers.trustedaccounts.org/v1/{client_id}/bind
Content-Type: application/json
With the following Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
clientSecret | string | ✅ | Your plain client secret (from the developer console). |
trustedSessionId | string | ✅ | The trusted session ID obtained in the previous step. |
userId | string | ✅ | Your internal user identifier. |
Response Codes
| Status | Meaning |
|---|---|
| 204 No Content | Session bound successfully. |
| 404 Not Found | client_id + secret pair not recognised. |
| 400 / 422 | Validation failed (missing field, bad JSON). |
| 5xx | Server error; retry or contact support. |
Example (Axios)
import axios from 'axios';
await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/bind`,
{
clientSecret: CLIENT_SECRET,
trustedSessionId: TRUSTED_SESSION_ID,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
); // 204 = success
Example (cURL)
curl -X POST https://developers.trustedaccounts.org/v1/1234/bind \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","trustedSessionId":"sess_abc","userId":"user_42"}' \
-i # shows 204 status
Check a user's validation status
Once you've bound traffic to an account you can query that account’s trust status at any time.
POST https://developers.trustedaccounts.org/v1/{client_id}/check
Content-Type: application/json
With the following Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
clientSecret | string | ✅ | Your plain client secret (same value you use for the /bind call). |
userId | string | ✅ | The user identifier on your platform (e.g. primary key, UUID, email hash). |
Example (axios)
import axios from 'axios';
const res = await axios.post(
`https://developers.trustedaccounts.org/v1/${CLIENT_ID}/check`,
{
clientSecret: CLIENT_SECRET,
userId: USER_ID,
},
{ headers: { 'Content-Type': 'application/json' } }
);
Example (cURL)
curl -X POST https://developers.trustedaccounts.org/v1/1234/check \
-H "Content-Type: application/json" \
-d '{"clientSecret":"s3cr3t","userId":"user_42"}' \
-i # shows status / headers
You can also review all verified users in Developer Console → Users, complete with risk scores and timelines — perfect for spotting threats and moderating efficiently.
Made with ❤️ for a more human Web.