How to verify the validity of an Ubiqod Key token?
When a user scans an Ubiqod Key, the Ubiqod platform ensures that this scan is legitimate.
There are 2 cases to distinguish:
- You are using an interface created on the Ubiqod platform: validation is performed automatically
- You redirect the user to your own interface: a token is sent in the URL, and its validity can be verified via an API route
Adding the validation token to the URL
To redirect users to your own interface, create a Redirection type interface:
Then enter the URL of your interface, and check the Validation token box:
We recommend that you check Tracker serial number to strengthen verifications (see Verifying token validity section)
The URL preview (Redirection example) allows you to preview the parameters that will be added.
If you wish to change the default parameter name, uncheck Validation token and add the parameter using the advanced options:
Verifying token validity
API call
You need to retrieve the token content and the serial number of the issuing Ubiqod Key from the redirected URL parameters.
You can then verify the validity of the token by calling the GET route: https://k.ubiqod.com/key/validatetoken
As with a standard API call, you will need to pass your API key in the header, in an X-API-KEY property ({X-API-KEY: <<your-api-key>>})
The token must be passed in the token URL parameter (token=<<your-token>>)
Complete URL example (excluding header): https://k.ubiqod.com/key/validatetoken?token=<<your-token>>
Server response
In case of success, the server response will be in the form (code 200):
- {
- "tokenData": {
- "creationDate": "2021-02-04T15:10:32.157Z",
- "trackerLabel": "Test device",
- "trackerName": "UK12346"
- }
- }
We recommend that you ensure the token is valid AND that the trackerName matches the serial number of the issuing Ubiqod Key.
If the token does not exist, the response will be (code 200):
- {
- "message": "Token not found for this account"
- }
For performance and security reasons, the token is kept for 24 hours after its issuance: remember to perform this validation upon receiving the data.
In case of an invalid API key, a 401 error will be returned.
If the token is not provided, a 400 error will be returned.
Try Ubiqod
Get 100 free credits to start building with Ubiqod: sign up here
Related Articles
Activate your Ubiqod Key
Introduction When you receive your Ubiqod Key, the screen is blank and the batteries are not inserted. This precaution helps prevent screen burn-in and preserves battery life during transport. Make sure to follow the steps below carefully before ...Adding a Ubiqod Key to your account
To use a Ubiqod Key on the platform, it must first be added to your Ubiqod account. This step is necessary for activating and configuring the device. Accessing the Ubiqod Key section Log in to the Ubiqod interface. From the menu, go to Trackers. ...What is Ubiqod?
Welcome to Ubiqod – the new way to connect your field staff to your IT systems. Ubiqod provides a simple and efficient way to collect data from the field and integrate it with your preferred software, whether it's a Human Resources Information System ...Where can I check the battery level of Ubiqod Keys?
The battery level of your Ubiqod Keys can be accessed in two ways: Directly on the device When the battery level becomes too low, a warning message automatically appears on the Ubiqod Key screen to indicate that it's time to replace the batteries. ...Getting events and data from Ubiqod: using the webhook
The Ubiqod platform lets you send the data received from your trackers in real time through webhooks. In this article, you’ll learn how to set up this dispatch. The Ubiqod REST API gives you access to configuration data for trackers, badges, and ...