Verifying Access

Client-side checks are enough for UX, but servers should not trust the browser alone. tiun supports two verification patterns depending on whether you sell subscriptions (identity-based) or use time-based billing (session-based).

Subscriptions: user verification token

For subscription flows tied to a signed-in user, you verify identity and entitlements server-side using two things:

1. A verification token — call getUserVerificationToken() in the browser. It returns a signed JWT valid for five minutes (or null if the user is not authenticated).

2. An API key — generate one in the tiun.business dashboard under APIs.

The flow looks like this:

1. Your frontend calls getUserVerificationToken() to get a signed JWT

2. It sends the token to your backend (for example in an Authorization header)

3. Your backend sends the token and the API key to tiun's verification endpoint

4. tiun responds with whether the token is valid and which entitlements apply

For a complete code walkthrough with frontend and backend examples, see the Verify subscriptions server-side guide.

Time-based billing: session status

For time-based products, the paywallHide event includes a sessionId. You can verify that session on your backend to confirm the user actually has an active billing session.

The flow looks like this:

1. Your frontend captures the sessionId from the paywallHide event

2. It sends the session ID to your backend

3. Your backend calls tiun's session status API with the session ID, your provider ID, and your API key

4. tiun responds with whether the session is valid

Setup: create an API key and copy your provider ID from the tiun.business dashboard under APIs and Configuration respectively.

For a complete code walkthrough with frontend and backend examples, see the Verify sessions server-side guide.