How to secure your app or form with Ubiqod key?

Ubiqod Key displays a QR code that changes at regular intervals.

If you use an integrated interface (single/multiple choice, digit…), the Ubiqod platform will check if the QR code is valid.

If you redirect the user to your own app or form, you will receive a token as a url parameter. This token must be checked after submission through an API endpoint.

Add the token to the redirected URL

In the redirection interface, check Validation token to add the token to the URL as URL parameter. You can customize the name of the parameter in the ADVANCED PARAMETERS.

Check the token validity with API

Request

In order to ensure that the token is valid, you can use our validation API enpoint.

Request type: GET

Headers: { “X-API-KEY”: API key } (You can create an API key in your account settings)

URL: https://scan.ubiqod.com/api/key/validatetoken

URL parameter: token=XXXXX where XXXXX is the token to be validated.

Response

Token is valid

If the token is valid, you will receive this response with code 200:

{
“tokenData”: {
“creationDate”: “2021-02-04T15:10:32.157Z”,
“trackerLabel”: “Test device Jerome”,
“trackerName”: “UK123456”
}
}

Where:

creationDate is the creation date of the token (ie time when the user scanned the code),

trackerLabel is the tracker label,

trackerName is the tracker serial number (or SLUG).

Token not found

If the token does not exists, you will receive this response with code 200:

{
“message”: “Token not found for this account”
}

Invalid Auth

If the token does not exists, you will receive a response with code 401.