Validate a session code

Validate a session code (“access pass”)

A session code is in this format:

https://sticky.to/[...]?sessionId=[SESSION_ID]

Use a URL parser or a regex to extract the sessionId from the query parameters. It will always be a UUID.

Make a GET request with your public key; be sure to replace [SESSION_ID] with the right value:

curl --request GET \
  --url 'https://sticky.to/v1/applications/---/session?sessionId=[SESSION_ID]' \
  --header 'Authorization: Bearer public-b3c64fdc-b37f-44fc-83e4-53206e7adb8c'

The session code exists when the id key in the response matches the sessionId from the query parameters:

{
	"id": "[SESSION_ID]",
	"crossUserSector": "{\"name\":\"Jack Smith\"}",
	"userSector": "{\"Verified\":1684269600,\"Discount\":10}",
	"applicationSector": "{}"
}

Step 1: Match IDs

When the session code doesn’t exist, the id key will be different as our API is creating a new session code for you. This means your code is wrong.

Assert that the id matches the sessionId you have extracted.

Step 2: Check for “verification”

JSON parse the userSector key into an object.

Assert that the Verified key is a number. Reject any other type or no key with name Verified.

Step 3: Apply discounts

Decode userSector key and pluck Discount (e.g. const { Discount } = JSON.parse(response.userSector))

Test data

Test session 1 (Verified; 10% discount)

https://sticky.to/go/flow/c2f22399-b6db-483e-9f20-1fdc98ee9d38?sessionId=1667e296-cb62-4f6e-8aa7-e898d62c3d11

Test session 2 (Not verified; no discount)

https://sticky.to/go/flow/c2f22399-b6db-483e-9f20-1fdc98ee9d38?sessionId=1f6fc080-56d3-4290-8a57-38dad58f34e6

Full example

const assert = require('assert')
const url = require('url')

function isUuid (v) {
  return typeof v === 'string' && (v.match(/^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/i))
}

const SESSION_CODE = 'https://sticky.to/go/flow/c2f22399-b6db-483e-9f20-1fdc98ee9d38?sessionId=1667e296-cb62-4f6e-8aa7-e898d62c3d11'
const PUBLIC_KEY = 'public-b3c64fdc-b37f-44fc-83e4-53206e7adb8c'

;(async () => {
  try {
    const urlObject = url.parse(SESSION_CODE, true)
    const { sessionId } = urlObject.query
    assert(isUuid(sessionId), 'Assert 1: sessionId is not a UUID; session code is malformed')
  
    const r = await fetch(
      `https://sticky.to/v1/applications/---/session?sessionId=${sessionId}`,
      {
        headers: {
          Authorization: `Bearer ${PUBLIC_KEY}`
        }
      }
    )
    const asJson = await r.json()

    assert(asJson.id === sessionId, 'Assert 2: Session does not exist; check your code')

    const userSectorAsJson = JSON.parse(asJson.userSector)
    const { Verified, Discount } = userSectorAsJson

    assert(typeof Verified === 'number', 'Assert 3: Session is not verified')

    // SUCCESS
    console.log(`Session code ${asJson.id} is valid (Discount=${Discount})!`)
    process.exit(0)

  } catch ({ message }) {

    // FAILURE
    console.error(message)
    process.exit(1)

  }
})()
Embedded POSWooCommerce