Skip to main content
Research Defender offers two options for protection against API suppression and link manipulation — a common practice used by respondents attempting to manipulate data to bypass security checks.
V3 offers server-to-server callbacks via the GETTOKEN API, which hides sensitive scores and flags produced by SEARCH and REVIEW behind a server-side response.Workflow
1

Request a token (client-side)

Make a client-side GETTOKEN call to Research Defender with your publishable key. Launching client-side ensures the respondent’s device information is gathered in the same transaction.
2

Receive the token

Research Defender returns a unique single-use token (a SHA-256 hash value) in a client-side response.
3

Call SEARCH or REVIEW (server-side)

Make a server-side SEARCH or REVIEW call that includes the token in the header, along with your private key.
4

Receive results

Research Defender returns all relevant SEARCH or REVIEW data in a server-side response.
Integration notes
  • A unique token is required for each transaction — tokens cannot be reused.
  • GETTOKEN generates between 1 and 10 tokens per call. By default it returns one; request more with the tokens= parameter.
  • Identity parameters such as rt_sr_pd (panelist ID) and rt_hd_el (hashed email) should be provided on the GETTOKEN call as well as the SEARCH call. These are optional and only apply to customers who know the identity of their respondents.
  • GETTOKEN is only available on V3 and only via the GET method.
See the GETTOKEN endpoint.