Client id based verification
With Client id based verification, any sender email address can be used for the services, without having to perform an email based verification process. For this, a client id has to be registered in the Cryptshare administration interface. After registering, the REST API consumer can request Verification Tokens for arbitrary email addresses, using the registered client id. This verification token is only valid for the respective email address and the requesting client id.
Risk of abuse
Using Client id based verification increases the risk of abuse, since anyone with access to the client id can use the services using any sender email address. It is therefore recommended that Client id based verification should be used only if email based verification does not meet your requirements, and the client id is not publicly available as in web application calls. Only server-side applications or other applications where REST API calls are not easily visible via the browser’s developer tools.
To be clear: We recommend the client id based verification only for server applications or trusted environments. Data gained from the server application could be offered to the respective users when custom authentication mechanisms are used.
Preparations
Check availability for client id based verification
GET https://<your-url>/api/users/<email-address>/verification
You can determine which verification methods are available for a client id in the field verificationMethods. When the value clientId is contained, client id based verification can be used. If it is not contained, please register the client id in the Cryptshare Administration Interface
