#
Incoming URL Signing
Verify includes an API that can integrate with your application to secure your verification requests. We provide an API where you can create a signature for your query string (URL signing). The signature then will be checked by Verify to ensure that the request has not been tampered with.
#
API Endpoints
The API endpoints are segmented by region as follows:
- EU: https://verify-api-eu.realeyesit.com/index.html
- US: https://verify-api-us.realeyesit.com/index.html
- SG: https://verify-api-sg.realeyesit.com/index.html
#
Request
The request method is POST /api/v1/redirect/create-signature
An API reference for this functionality is also available via the API Reference page.
#
Authorization Header
X-Api-Key: Account API-Key
The API Key is available in the Developers Portal.
#
Request Body
Full query string with all the parameters:
{
"queryString": "?FULLQUERYSTRING"
}
#
Response
The response contains the signature and the signed query string (including the signature) based on the provided query string.
{
"signature": "string",
"signedQueryString": "string",
"errorMessage": "string"
}
#
Regional Service Warning
Regional Endpoints
Because this is a region-based service, you will need to call the correct EU / US / SG endpoint to create signatures.
The Realeyes Verify service will append the region query string parameter to the final redirect URL so you can use that to determine the region to use for auditing a given verification.
Example: If you try to verify a signature signed with the EU redirect site from the US API (or vice-versa), you will get an error.
#
Example
Python Example
Here you can find an example:
import requests
import json
url = "https://verify-api-region.realeyesit.com/api/v1/redirect/create-signature"
api_key = "YOUR API KEY"
headers = {
"X-Api-Key": api_key,
"Content-Type": "application/json",
}
request = {
"queryString": "?FULLQUERYSTRING",
}
response = requests.post(url, headers=headers, data=json.dumps(request))
if response.status_code == 200:
print(response.json())
else:
print(response.status_code, response.text)
#
Validating Signatures
Validation
The signed query string can be checked by calling the POST /api/v1/redirect/validate-signature endpoint with the signed query string as the queryString parameter in the request body. This will return whether the signature is valid or not.
For more information, see the Audit Verifications section.
#
Self-Implementation
Custom Implementation
If you would like to sign your URL without calling our API we can provide you the algorithm to do so.
Please send your request to support@realeyes.ai
Or see the URL Signing Algorithm guide for implementation details.
#
Use Cases
#
Prevent Tampering
Sign URLs to prevent users from modifying query parameters before accessing the verification service.
#
Secure Integration
Ensure that only legitimate requests from your application can access the verification service.
#
Audit Trail
Maintain a secure audit trail by validating signatures on both incoming and outgoing requests.
#
Workflow Example
- Generate signed URL:
# Call create-signature API
response = requests.post(url, headers=headers, data=json.dumps({
"queryString": "?userId=user123&age=25&gender=male"
}))
signed_query_string = response.json()["signedQueryString"]
# Result: ?userId=user123&age=25&gender=male&re-signature=abc123def456- Send user to verification:
https://verify-eu.realeyesit.com/project/{projectSlug}?userId=user123&age=25&gender=male&re-signature=abc123def456- Verify receives request:
- Verify validates the signature
- If valid, proceeds with verification
- If invalid, rejects the request
- User completes verification:
- Verify signs the response URL
- User is redirected with signed parameters
- Validate response signature:
# Call validate-signature API
response = requests.post(validate_url, headers=headers, data=json.dumps({
"queryString": full_query_string_from_redirect
}))
is_valid = response.json()["isValid"]