Skip to main content



Method: POST
Endpoint: /api/v1/verification/verify
Content-Type: application/json (payload as JSON string in the request body)

Verifies the form data and tells the website's backend if a submission was correct or manipulated.


To secure the API endpoint, authentication is required. The Authorization header must be sent with the request. You must set the project's public key in the header as the username. An HMAC SHA256 hash of the API endpoint URL combined with the request data, serialized as JSON, must be set as the password. The private key will be used as the key for the HMAC SHA256 hash.

Authorization: [base64 of <publicKey>:<hmacHash>]


$privateKey = 'stH6Ugo4FcbQLp6_KPlOYltFMHfY59rxCUQRk3_AxYQ';
$apiEndpoint = '/api/v1/verification/verify';
$formData = ['first-name' => '0fde7e04a97f64098b5285c6e33502ddd918a04a7fc8c7012a13caae19b26c3b'];

$hmacHash = hash_hmac('sha256', $apiEndpoint . json_encode($formData), $privateKey);
$authHeader = base64_encode($hmacHash);
Authorization: UXFmQnhzbU9mSU13MC11Vk5uUlZkRGxNVVpkTHBURzF4bzB5eWlmeUxySTozYmRkMzg1Y2FhNTNlM2RhNzZhOGRjYmZjYWEwZDlmNGUwNGQ4YzE4OWZhYjAzYmE0MTM4M2RlZWEyMzZiMmQzCgo=





submitTokenStringRequiredThe submit token was requested by the JavaScript script in the frontend.
validationSignatureStringRequiredThe HMAC SHA256 hash of the validation token.
formSignatureStringRequiredThe HMAC SHA256 hash of the form data (serialized as JSON string).
formDataObjectRequiredAn object with all form fields and the SHA256 hash of the data for every field.






If mosparo completed the request successfully, the following properties would be present in the answer:

validBooleanThis Is true if the request was valid and can be processed by the backend. If this is false, the submission is not acceptable.
verificationSignatureStringThe signature generated by mosparo. This needs to be checked with the signature created by the backend itself to prevent manipulation (see Evaluate the answer).
verifiedFieldsObjectAn object with all verified fields and with the status for every field (see Values for verifiedFields).
issuesArrayAn array with possible issues as a string.

If an error occurred, only the following properties would be present in the answer:

errorBooleanIf true, an error occurred.
errorMessageStringThe description of the error which occurred.