External verification runs the verification experience on your own domain while TAGBASE handles authenticity behind the scenes. Tags carry your URL, and customers see only your brand.
Why use it
- Your domain and branding. Customers only ever see, for example,
verify.brand.com. - Your UI. Build a verification page that matches your brand.
- TAGBASE security, hidden. The two-scan check runs behind your domain.
- Setup. One DNS record plus a small snippet.
How it works
- You point a verification subdomain at TAGBASE with a CNAME.
- TAGBASE validates and activates the domain.
- Tags are programmed with your domain instead of a TAGBASE URL.
- When a customer taps, TAGBASE verifies behind your CNAME, then redirects to
your page with a tag identifier (
tid) in the query string. - Your page fetches the verification result from TAGBASE and renders it.
Setup
1. CNAME record
Create a CNAME pointing your verification subdomain at TAGBASE:
| Type | Name | Value |
|---|---|---|
| CNAME | verify |
external.tagbase.io |
This routes https://verify.brand.com to TAGBASE’s verification infrastructure.
2. Fetch the result
On your verification page, read the tid parameter and request the result:
async function fetchVerification() {
const params = new URLSearchParams(window.location.search)
if (!params.has("tid")) return
const response = await fetch(
`https://verify.brand.com/verifications/${params.get("tid")}`,
{ headers: { accept: "application/json" }, credentials: "include" }
)
if (!response.ok) throw new Error(`Response status: ${response.status}`)
const { data } = await response.json()
// First tap returns "pending"; prompt the customer to tap again.
if (data.status === "pending") updateLocation()
return data
}
window.addEventListener("load", fetchVerification)
3. Example response
{
"data": {
"id": "vrf_ULPkD39Y5884BYJFsfw3evkzgWp",
"status": "pending",
"title": "",
"description": "...",
"website": "https://brand.com/products/p1",
"image_urls": ["https://brand.com/products/p1/images/01.jpg"],
"on_device": true,
"inserted_at": "2026-04-26T15:34:20.454709Z"
},
"messages": [
{ "type": "info", "text": "Please scan again to complete the verification." }
]
}
| Field | Description |
|---|---|
status |
pending, valid, invalid, or valid_with_warnings |
on_device |
Whether the verification happened on this device |
description |
Product description |
image_urls |
Product image URLs |
messages |
Instructions to show the customer |
The first tap always returns pending; the second resolves to valid or
invalid. See how it works.
4. Geolocation (optional)
The result is only finalised on the second tap, so capture location during the
first (pending) tap to have it available in time:
function updateLocation() {
navigator.geolocation.getCurrentPosition(({ coords }) => {
const data = {
latitude: coords.latitude,
longitude: coords.longitude,
accuracy: coords.accuracy
}
document.cookie =
`tagbase_geolocation=${encodeURIComponent(JSON.stringify(data))}` +
`; path=/; SameSite=Lax; domain=.brand.com; max-age=${60 * 10}`
})
}