Skip to main content
POST
Verify SDK launch token

Body

application/json
params
object
required

The launch parameters to verify. May include launch_token, launch_nonce, and launch_timestamp keys (these are stripped during canonicalization before HMAC comparison). All values are stringified to match the sign-side canonicalization.

launch_token
string
required

The HMAC-SHA256 token returned from sdk-sign

Example:

"a1b2c3d4e5f6..."

nonce
string
required

The nonce returned from sdk-sign

Example:

"f47ac10b58cc4372a5670e02b2c3d479"

timestamp
integer
required

The timestamp returned from sdk-sign (must be within 10-minute window)

Example:

1740500000

Response

Token verified successfully

success
boolean
Example:

true