How to verify the validity of SafeQod (formerly Ubiqod Key) token?
When a user scans SafeQod (formerly Ubiqod Key), the Ubiqod platform ensures that this scan is legitimate.
There are 2 cases to distinguish:
- You are using an interface created on the Ubiqod platform: validation is performed automatically
- You redirect the user to your own interface: a token is sent in the URL, and its validity can be verified via an API route
This article explains how to use this validation API endpoint to add proof of presence to your own form or application via a redirect.
Adding the validation token to the URL
To redirect users to your own interface, create a Redirection type interface:
Then enter the URL of your interface, and check the Validation token box:
We recommend that you check Tracker serial number to strengthen verifications (see Verifying token validity section)
The URL preview (Redirection example) allows you to preview the parameters that will be added.
If you wish to change the default parameter name, uncheck Validation token and add the parameter using the advanced options:
Verifying token validity
API call
You need to retrieve the token content and the serial number of the issuing SafeQod (formerly Ubiqod Key) from the redirected URL parameters.
You can then verify the validity of the token by calling the GET route: https://k.ubiqod.com/key/validatetoken
As with a standard API call, you will need to pass your API key in the header, in an X-API-KEY property ({X-API-KEY: <<your-api-key>>})
The token must be passed in the token URL parameter (token=<<your-token>>)
Complete URL example (excluding header): https://k.ubiqod.com/key/validatetoken?token=<<your-token>>
Server response
In case of success, the server response will be in the form (code 200):
- {
- "tokenData": {
- "creationDate": "2021-02-04T15:10:32.157Z",
- "trackerLabel": "Test device",
- "trackerName": "UK12346"
- }
- }
We recommend that you ensure the token is valid AND that the trackerName matches the serial number of the issuing SafeQod (formerly Ubiqod Key).
If the token does not exist, the response will be (code 200):
- {
- "message": "Token not found for this account"
- }
For performance and security reasons, the token is kept for 24 hours after its issuance: remember to perform this validation upon receiving the data.
In case of an invalid API key, a 401 error will be returned.
If the token is not provided, a 400 error will be returned.
Try Ubiqod
Get 100 free credits to start building with Ubiqod: sign up here
Related Articles
Add a SafeQod (formerly Ubiqod Key) to your Ubiqod account
Introduction SafeQod (formerly Ubiqod Key) is a secure, patented QR code designed for use cases that require enhanced security. Before you can use a SafeQod on the Ubiqod platform, it must first be added to your account. After purchasing SafeQods, ...Activate your SafeQod (formerly Ubiqod Key)
Introduction When you receive your SafeQod (formerly Ubiqod Key), the screen is blank and the batteries are not inserted. This precaution helps prevent screen burn-in and preserves battery life during transport. Make sure to follow the steps below ...Where can I check the battery level of SafeQod (formerly Ubiqod Key)?
The battery level of your SafeQod (formerly Ubiqod Key) can be accessed in two ways: Directly on the device When the battery level becomes too low, a warning message automatically appears on the SafeQod (formerly Ubiqod Key) screen to indicate that ...What is Ubiqod?
Welcome to Ubiqod – the new way to connect your field staff to your IT systems. Ubiqod provides a simple and efficient way to collect data from the field and integrate it with your preferred software, whether it's a Human Resources Information System ...How to link a Microsoft Form to a Ubiqod Dynamic QR Code
Using Microsoft Forms with Ubiqod Dynamic QR Codes allows you to collect data from multiple locations using a single form. By leveraging dynamic parameters, you can identify where each form submission comes from—without duplicating your form. This ...