Verify SDK launch token
curl --request POST \
--url https://pria.praxislxp.com/api/auth/sdk-verify \
--header 'Content-Type: application/json' \
--data '
{
"params": {},
"launch_token": "a1b2c3d4e5f6...",
"nonce": "f47ac10b58cc4372a5670e02b2c3d479",
"timestamp": 1740500000
}
'import requests
url = "https://pria.praxislxp.com/api/auth/sdk-verify"
payload = {
"params": {},
"launch_token": "a1b2c3d4e5f6...",
"nonce": "f47ac10b58cc4372a5670e02b2c3d479",
"timestamp": 1740500000
}
headers = {"Content-Type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
params: {},
launch_token: 'a1b2c3d4e5f6...',
nonce: 'f47ac10b58cc4372a5670e02b2c3d479',
timestamp: 1740500000
})
};
fetch('https://pria.praxislxp.com/api/auth/sdk-verify', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://pria.praxislxp.com/api/auth/sdk-verify",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'params' => [
],
'launch_token' => 'a1b2c3d4e5f6...',
'nonce' => 'f47ac10b58cc4372a5670e02b2c3d479',
'timestamp' => 1740500000
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://pria.praxislxp.com/api/auth/sdk-verify"
payload := strings.NewReader("{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://pria.praxislxp.com/api/auth/sdk-verify")
.header("Content-Type", "application/json")
.body("{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://pria.praxislxp.com/api/auth/sdk-verify")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}"
response = http.request(request)
puts response.read_body{
"success": true
}{
"success": false,
"message": "Missing verification parameters"
}{
"success": false,
"message": "Invalid launch token"
}SDK Launch
Verify SDK launch token
Verifies an HMAC-SHA256 launch token against the server-held secret.
Called by Sdk.js (React frontend) before proceeding to autosignup.
Verification steps:
- Checks that the timestamp is within a 10-minute window
- Recomputes the HMAC from canonicalized params (values stringified,
launch_*keys stripped) - Compares using constant-time
crypto.timingSafeEqualto prevent timing attacks
When verification fails:
- Expired tokens (>10 min) return 401 with “Launch token expired”
- Tampered or invalid tokens return 401 with “Invalid launch token”
POST
/
api
/
auth
/
sdk-verify
Verify SDK launch token
curl --request POST \
--url https://pria.praxislxp.com/api/auth/sdk-verify \
--header 'Content-Type: application/json' \
--data '
{
"params": {},
"launch_token": "a1b2c3d4e5f6...",
"nonce": "f47ac10b58cc4372a5670e02b2c3d479",
"timestamp": 1740500000
}
'import requests
url = "https://pria.praxislxp.com/api/auth/sdk-verify"
payload = {
"params": {},
"launch_token": "a1b2c3d4e5f6...",
"nonce": "f47ac10b58cc4372a5670e02b2c3d479",
"timestamp": 1740500000
}
headers = {"Content-Type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({
params: {},
launch_token: 'a1b2c3d4e5f6...',
nonce: 'f47ac10b58cc4372a5670e02b2c3d479',
timestamp: 1740500000
})
};
fetch('https://pria.praxislxp.com/api/auth/sdk-verify', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://pria.praxislxp.com/api/auth/sdk-verify",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'params' => [
],
'launch_token' => 'a1b2c3d4e5f6...',
'nonce' => 'f47ac10b58cc4372a5670e02b2c3d479',
'timestamp' => 1740500000
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://pria.praxislxp.com/api/auth/sdk-verify"
payload := strings.NewReader("{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://pria.praxislxp.com/api/auth/sdk-verify")
.header("Content-Type", "application/json")
.body("{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://pria.praxislxp.com/api/auth/sdk-verify")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"params\": {},\n \"launch_token\": \"a1b2c3d4e5f6...\",\n \"nonce\": \"f47ac10b58cc4372a5670e02b2c3d479\",\n \"timestamp\": 1740500000\n}"
response = http.request(request)
puts response.read_body{
"success": true
}{
"success": false,
"message": "Missing verification parameters"
}{
"success": false,
"message": "Invalid launch token"
}Body
application/json
The launch parameters to verify. May include launch_token, launch_nonce, and
launch_timestamp keys (these are stripped during canonicalization before HMAC comparison).
All values are stringified to match the sign-side canonicalization.
The HMAC-SHA256 token returned from sdk-sign
Example:
"a1b2c3d4e5f6..."
The nonce returned from sdk-sign
Example:
"f47ac10b58cc4372a5670e02b2c3d479"
The timestamp returned from sdk-sign (must be within 10-minute window)
Example:
1740500000
Response
Token verified successfully
Example:
true
Was this page helpful?
⌘I