About verifications

Verifications

Most of the services offered by the Cryptshare Server require a form of verification, before they can be used. The Cryptshare Server supports two types of verification: Email based verification and Client id based verification.

Verification token

With both verification methods, the REST API consumer receives a Verification Token. This Verification Token is only valid in combination with the email address and the client id that were provided during the request of the Verification Token.

For endpoints that require a verified email address, the Verification Token has to be sent as X-CS-VerificationToken header.

Verification tokens have a limited validity and might need to be re-requested again at a later date.

Check availability for verification modes

GET https://<your-url>/api/users/<email-address>/verification

You can determine which verification methods are available for a client id with the contents of the field verificationMethods. When the value email is contained, email based verification is available. When the value clientId is contained, client id based verification can be used.

What is a verified email address? / Using the Verification Token

The term verified email address means that the email address has been verified by requesting a Verification Token via one of the methods. The Token is sent together with the client id and the email address inside the requests, to the Cryptshare server. Please note that a Verification Token is only valid in combination with the client id and email address that were used in the request for the Verification Token itself.

The email address is usually part of the request path, whereas the Client id is sent with the X-CS-ClientId header, and the Verification Token is sent with the X-CS-VerificationToken header.