Using Scout, you can verify your user's ownership of a specific persona (for example, an Xbox Live account) using our verification flow. In order to complete this flow, a user only has to follow the verification steps for one or more of the platforms specified by your application. The user is not required to have a Scout account, though we may ask them if they want to create one before sending them back to your application.

Requesting verification

Verification starts with your application directing the user to Scout's verification flow. If you're using the Scout SDK, we can build the verification flow URL and/or UI for you. An example of how to do this follows.

Note that it is okay and secure to build a verification flow URL from a client side app.

  • HTTP
  • Node.js
  • Web SDK (Javascript)
  • Native SDK (iOS)
  • Native SDK (Android)

The user will then complete the verification process on Scout. Once they are sent back, your application is ready to validate the verification.

Validating the response

In order to validate the response from Scout (to confirm the user isn't trying to trick your app), your app must validate the returned token using your app's secret key. The token is a JSON Web Token and is returned as the token query parameter on your return URL. Because your app's secret key is required, validation must happen on a secure server, not in client code.

Note: Validation of the returned token is ESSENTIAL as tokens are easily forged. Validation CANNOT be done on the client side at this time.

Below are examples of how you can validate a validation token.

  • Node.js