Handling Destination Verification Requests
When you click Verify and Save, RedoxEngine will make a POST or a GET request to your Destination’s Redox API Endpoint in order to perform destination verification and verify the validity of the URL.
Important Note: For a new destination, we default to using POST for stronger security. Using GET is still permitted if that’s preferred.
Verification with a POST from Redox will include a header and a JSON body with a challenge value.
'application-name': 'RedoxEngine' 'Content-type': 'application/json' 'host': '<IP>' 'content-length': '93' 'Connection':'close'
'verification-token': 'verificationtoken' 'challenge':'cc2f1bdf-af51-4974-af5c-f3af19d6526c'
A GET verification request from Redox will also include the same header, with an additional query string appended to the URL with the challenge value.
When your server receives one of these requests, it needs to:
- Verify the verification-token matches the one you supplied when creating your Destination. This is a security check so that your server knows the request is being made by RedoxEngine and relates to the Destination you just configured.
- Render a response to the POST or GET request that includes only the challenge value. This confirms that this server is configured to accept POSTs from Redox, and is used for security verification on RedoxEngine’s side.
Example of a response to the verification request:
The verification step is based on W3C’s WebSub, and we have a 15 minute video to walk you through the challenge step.