Skip to main content

Environments

All examples in this documentation use the production base URL. Swap in the staging URL for integration testing.

API Keys

Research Defender issues two keys. Which one you use depends on whether the call is made from the browser (client-side) or your server (server-side). The key is passed as the final path segment of the request, for example:
Keep your private key secret. It is used to decode server-to-server tokens and to sign Hashed Validation values — never expose it in client-side code.
For Research Defender to access a respondent’s cookies on the browser side, the request must allow credentials. With a JavaScript-based implementation, set the withCredentials attribute to true:
This lets Research Defender better track duplicate and fraudulent respondents.

Protecting Against Suppression

To prevent respondents from manipulating links or suppressing the API response, use one of the two security options described in Security Options.