Handling Destination Verification Requests

Handling Destination Verification Requests

When you click Verify and Save, RedoxEngine will make a POST or a GET request to your Destination’s Redox API Endpoint in order to perform destination verification and verify the validity of the URL.

Important Note: Using GET for verification will be deprecated on or after December 31, 2018. You can continue using this method in the interim, but Redox recommends using POSTs.


Verification with a POST from Redox will include a header and a JSON body with a challenge value.

POST header

'application-name': 'RedoxEngine'
'Content-type': 'application/json'
'host': '<IP>'
'content-length': '93'

POST body

'verification-token': 'verificationtoken'


A GET verification request from Redox will also include the same header, with an additional query string appended to the URL with the challenge value.




When your server receives one of these requests, it needs to:

  • Verify the verification-token matches the one you supplied when creating your Destination. This is a security check so that your server knows the request is being made by RedoxEngine and relates to the Destination you just configured.
  • Render a response to the POST or GET request that includes only the challenge value. This confirms that this server is configured to accept POSTs from Redox, and is used for security verification on RedoxEngine’s side.

Example of a response to the verification request:


The verification  step is based on W3C’s WebSub, and we have a 15 minute video to walk you through the challenge step.