OAuth2

SDK

We provide a PHP SDK with an example integration to make it easier and faster to get ready to verify your customers' age:

VerifyMyAge Adult PHP SDK

API Domain

Our API is designed to be used in two environments: a sandbox environment and a production environment.

The sandbox environment is intended for testing and development purposes, while the production environment is used for live data and real-world use cases.

To ensure the security and integrity of our API, we use separate API keys for each environment. This means that you will need to obtain different API keys for the sandbox and production environments, and should not use the same key for both.

DomainEnvironmentPurpose
https://oauth.verifymyage.comproductionTesting and development
https://sandbox.verifymyage.comsandboxLive data and real-world use

User Journey

Each country has different requirements for accessing adult content which are laid out by the regulator of that country.

A user is required to verify their age the first time they visit your site. They simply log in to their VerifyMyAge account for future sessions.

User journey diagram

Integration Steps

The OAuth2 verification consists of 2 basic steps, getting a user access token and then getting user data:

1. Redirect the user to the VerifyMyAge verification flow

2. Your server performs a POST request to exchange the code for an access_token

Then, you can confirm that the user is age-verified by calling the user details endpoint using the access_token received.

OAuth2 Flow

Redirect user to the flow

This will redirect the user back to the URL you've sent on the redirect_uri query parameter with one key extra query parameter:

Use CaseWhat happens
successYour redirect_uri will have the code=SOME-RANDOM-CODE query parameter amended. This value will be required on the next step of the OAuth2 flow.
failureYour redirect_uri will have the error_reason=REASON. query parameter amended. You can take action and show a message to your user based on its value.

Request parameters

client_id required

Your API Key which can be found in your VerifyMyAge dashboard.

scope required

Constant value must be set as adult.

redirect_uri required

URL that the user will be redirected to after the age-verification flow.

country required

2-letter ISO country code. Available options: gb, de, fr, or us.

Note: Additional options are available. Please contact us to discuss this further.

user_id optional

User's unique ID.

method optional

Send the user direct to a specific verification method to start the verification.

ValueDescription
AgeEstimationEstimates an individual's age using a quick selfie video
EmailEstimates an individual's minimum age using their email address
IDScanGovernment-issued ID
IDScanFaceMatchGovernment-issued ID verification combined with a face match for the holder
MobileEstimates an individual's minimum age using their mobile number
CreditCardCredit card verification
DoubleBlindVerifying age without collecting identifiable personal information

session_id optional

A correlation id, a reference of the user who will do the age-verification flow.

Error responses

CodeDescription
400
{"message": "invalid client id", "status_code": 400}
Copy

Copied!

400
{"message": "invalid params","status_code": 400}
Copy

Copied!

400
{"message": "invalid scope","status_code": 400}
Copy

Copied!

401
{"message": "Unauthorized redirect_uri","status_code": 401}
Copy

Copied!

500
{"message": "Internal Server Error","status_code": 500}
Copy

Copied!

API Call
httpcurlphp
GET /oauth/authorize?client_id=CLIENT-ID&scope=adult&country=gb&method=AgeEstimation&redirect_uri=https://your-domain.com/your-path HTTP/1.1
Copy

Copied!

curl https://sandbox.verifymyage.com/oauth/authorize?client_id=CLIENT-ID&scope=adult&country=gb&method=AgeEstimation&redirect_uri=https://your-domain.com/your-path
Copy

Copied!

<?php
require(__DIR__ . "/vendor/autoload.php");

use \VerifyMyAge\OAuth;
use \VerifyMyAge\Countries;
use \VerifyMyAge\Methods;

$redirectURL = $vma->redirectURL(Countries::FRANCE, Methods::AGE_ESTIMATION);
Copy

Copied!

Response 302

Exchange code by token

For security reasons, you'll have to send your secret key via server-side to exchange the code for an access_token.

Following the OAuth2 standard, you'll have to send the Authorization header using the Basic authentication format:

The value is generated by the base64 string of the concatenation of your API Key and API Secret separated by a colon (:).

Example in PHP:

[
    'Authorization' => 'Basic ' . base64_encode(
        $apiKey . ':' . $apiSecret
    )
]

Request parameters

code required

The code received as a query parameter to your redirect_uri in the previous step.

Error responses

CodeDescription
400
{"message": "invalid client credentials", "status_code": 400}
Copy

Copied!

401
{"message": "client id and client secret does not match","status_code": 401}
Copy

Copied!

401
{"message": "Unauthorized redirect_uri","status_code": 401}
Copy

Copied!

500
{"message": "Internal Server Error","status_code": 500}
Copy

Copied!

API Call
httpcurlphp
POST /oauth/token HTTP/1.1
Content-Type: application/json
Authorization: Basic {BASE64}

{
    "code": "CODE-RECEIVED-ON-THE-FIRST-STEP"
}
Copy

Copied!

curl -d '{"code": "CODE-RECEIVED-ON-THE-FIRST-STEP"}' \
    -H "Content-Type: application/json" \
    -H "Authorization: Basic {BASE64}" \
    -X POST https://sandbox.verifymyage.com/oauth/token
Copy

Copied!

<?php
require(__DIR__ . "/vendor/autoload.php");

use \VerifyMyAge\OAuth;
use \VerifyMyAge\Countries;

$accessToken = $vma->exchangeCodeByToken($_GET['code']);
Copy

Copied!

Response 200: (application/json)
{
  "access_token": "RANDOM-CODE"
}
Copy

Copied!

User details

You are able to get the status of the verification now.

Request parameters

access_token required

The token generated by VerifyMyAge in Step 2.

Response parameters

age_verified

Boolean that represents whether the user completed the process or not.

ValueDescription
trueThe user has completed the verification process successfully.
falseThe user has not completed the verification process successfully

id

Unique Identifier representing a verification.

threshold

The age threshold the user has to meet. It is a fixed value of 18.

Error responses

CodeDescription
400
{"message": "malformed token", "status_code": 400}
Copy

Copied!

500
{"message": "error trying to save verification","status_code": 500}
Copy

Copied!

500
{"message": "invalid scope to present","status_code": 500}
Copy

Copied!

500
{"message": "Internal Server Error","status_code": 500}
Copy

Copied!

API Call
httpcurlphp
GET /users/me?access_token={TOKEN} HTTP/1.1
Copy

Copied!

curl https://sandbox.verifymyage.com/users/me?access_token={TOKEN}
Copy

Copied!

<?php
require(__DIR__ . "/vendor/autoload.php");

use \VerifyMyAge\OAuth;
use \VerifyMyAge\Countries;

$user = $vma->user($accessToken);
Copy

Copied!

Response 200: (application/json)
{
  "age_verified": true,
  "id": "ABC-12345-DEF-64321",
  "threshold": 18
}
Copy

Copied!