Server-side (curl, Python, PHP, Node, Go)
Reference snippets for calling /v1/score from your backend in popular languages. All use the same JSON contract; only the HTTP client differs.
curl
curl -X POST https://api.veritus.uk/v1/score \
-H "Authorization: Bearer $VERITUS_KEY" \
-H "Content-Type: application/json" \
-d '{
"signup": {
"email": "user@example.com",
"country": "GB",
"ip": "86.142.71.21"
}
}'Python (requests)
import os
import requests
def score_signup(email, country, ip):
r = requests.post(
"https://api.veritus.uk/v1/score",
headers={
"Authorization": f"Bearer {os.environ['VERITUS_KEY']}",
},
json={
"signup": {
"email": email,
"country": country,
"ip": ip,
},
},
timeout=2,
)
r.raise_for_status()
return r.json()
# Usage
result = score_signup("user@example.com", "GB", "86.142.71.21")
if result["verdict"] == "block":
abort(403, "Sign-up not permitted")Python (httpx, async)
import httpx, os
async def score_signup(email, country, ip):
async with httpx.AsyncClient(timeout=2) as client:
r = await client.post(
"https://api.veritus.uk/v1/score",
headers={"Authorization": f"Bearer {os.environ['VERITUS_KEY']}"},
json={"signup": {"email": email, "country": country, "ip": ip}},
)
r.raise_for_status()
return r.json()PHP (cURL)
<?php
function score_signup(string $email, string $country, string $ip): array {
$ch = curl_init("https://api.veritus.uk/v1/score");
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 2,
CURLOPT_HTTPHEADER => [
"Authorization: Bearer " . getenv("VERITUS_KEY"),
"Content-Type: application/json",
],
CURLOPT_POSTFIELDS => json_encode([
"signup" => [
"email" => $email,
"country" => $country,
"ip" => $ip,
],
]),
]);
$body = curl_exec($ch);
if ($body === false) throw new RuntimeException(curl_error($ch));
return json_decode($body, true);
}Node.js (fetch)
async function scoreSignup(email, country, ip) {
const res = await fetch("https://api.veritus.uk/v1/score", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.VERITUS_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
signup: { email, country, ip },
}),
signal: AbortSignal.timeout(2000),
});
if (!res.ok) throw new Error(`Veritus HTTP ${res.status}`);
return res.json();
}Go (net/http)
package main
import (
"bytes"
"encoding/json"
"net/http"
"os"
"time"
)
type Signup struct {
Email string `json:"email"`
Country string `json:"country"`
IP string `json:"ip"`
}
func ScoreSignup(s Signup) (map[string]interface{}, error) {
body, _ := json.Marshal(map[string]Signup{"signup": s})
req, _ := http.NewRequest("POST",
"https://api.veritus.uk/v1/score",
bytes.NewReader(body))
req.Header.Set("Authorization", "Bearer "+os.Getenv("VERITUS_KEY"))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: 2 * time.Second}
resp, err := client.Do(req)
if err != nil { return nil, err }
defer resp.Body.Close()
var out map[string]interface{}
return out, json.NewDecoder(resp.Body).Decode(&out)
}Fail-safe pattern
What if Veritus is down? You have to choose: fail-open (let the signup through) or fail-closed (block). The right answer depends on your risk tolerance.
try:
result = score_signup(email, country, ip)
if result["verdict"] == "block":
return reject_signup()
elif result["verdict"] == "review":
flag_for_manual_review()
except (requests.Timeout, requests.ConnectionError):
# Veritus unreachable. Fail-open (let through) for normal sites;
# fail-closed (reject) for high-risk flows like financial signups.
log.warning("Veritus unreachable; falling back")
# Choose your policy here
Found a typo or have a suggestion?
Let us know.