# Cross Site Verification

This guide explains how AgeGO allows verified users to be automatically recognized across multiple AgeGO-enabled sites.

It covers how verified links work, how verification tokens are generated, and how to implement cross-site verification securely and respecting regulations.

## <mark style="color:$primary;">Overview</mark>

AgeGO Cross-Site Automatic Verification allows users who have already verified their age on one AgeGO-enabled site (Site A) to be automatically recognized as verified when they click on a link going to another AgeGO-enabled site (Site B).

It is designed to reduce repeated verification prompts while staying compliant and privacy-friendly.

This mechanism uses a short-lived, single-use verification token called `ag_token`, generated in real time when the user clicks a link or ad.

## <mark style="color:$primary;">Why This Matters</mark>

Using verified links helps:

* Prevent repeated age-verification flows.
* Reduce friction for returning users.
* Maintain regulatory compliance across linked sites.
* Preserve user privacy (no third-party cookies involved).

## <mark style="color:$primary;">Key Benefits</mark>

* **Robust by design**: The verification status is not passed as “trust me.” It is validated server-side through AgeGO.
* **Generated in 60 seconds**: Tokens are short-lived (60 seconds), so they are only useful in the exact click-through moment.
* **No cookies required**: This mechanism does not rely on third-party cookies and can thus be used in cookie-restricted or incognito/private browsing environments.
* **Hard to bypass:** Tokens are single-use and validated by AgeGO servers. Even if copied, they expire quickly and cannot be reused after validation.

## <mark style="color:$primary;">What is a Verified Link?</mark>

A verified link is a standard website link that includes an AgeGO Verification Token (`ag_token`).

**Example:**

```dts
https://site-b.example/page?ag_token=...
```

When a verified user clicks through from Site A to Site B, the AgeGO script on Site B reads and validates the token. If valid, the user is granted access without repeating verification.

{% hint style="warning" %}
If Site B uses a Server-to-Server integration, the AgeGO script may need to be loaded in `s2sMode` so the frontend can read and validate `ag_token` from the URL. See **S2S Integration →** [**Overlay S2S Mode**](/integration/integration/s2s-integration.md#overlay-s2s-mode).
{% endhint %}

## <mark style="color:$primary;">How It Works (High-Level)</mark>

{% stepper %}
{% step %}
User verifies on Site A.
{% endstep %}

{% step %}
User clicks a link or ad going to Site B.
{% endstep %}

{% step %}
Site A requests a token from AgeGO.

The token is generated at the moment of the click.
{% endstep %}

{% step %}
Token is appended to the destination URL as `ag_token`.
{% endstep %}

{% step %}
From Site B, AgeGO validates the token.
{% endstep %}

{% step %}
If valid, user is instantly recognized as verified.
{% endstep %}
{% endstepper %}

## <mark style="color:$primary;">Security Design</mark>

Cross-site Automatic Verification includes several security safeguards:

* **Not proof of age**: The token itself is not the proof of age. It’s a secure, single-use “ticket” that allows Site B to fetch verification status from AgeGO.
* **Single-use**: Once successfully validated, the token is immediately invalidated and cannot be used again.
* **Short TTL (60 seconds)**: Tokens expire quickly, making them useless if copied and passed to another user.
* **Just-in-time generation**: Created at click time; not stored long-term in the browser.
* **No third-party cookies**: Does not depend on cross-site cookies or third-party tracking.

## <mark style="color:$primary;">Implementation Options</mark>

AgeGO supports two implementation options for cross-site verification. Choose the one that best fits your setup.

* If you work with an AgeGO partner integration (e.g. ExoClick), start with Option 1: Automatic Integration.
* If you want to create verified links yourself, start with Option 2: Manual Integration. This option includes two approaches:
  * Option A for the simplest setup.
  * Option B for advanced or dynamic use cases.

No demo environment is required.

All examples can be tested directly on your staging or production environment.

### <mark style="color:$info;">Option 1: Automatic Integration (Recommended)</mark>

#### <mark style="color:$primary;">Who is This For?</mark>

Publishers using partner ad networks with direct AgeGO integration, such as ExoClick.

#### <mark style="color:$primary;">How Does it Work?</mark>

* No manual implementation is required.
* AgeGO and ExoClick handle everything automatically.

#### <mark style="color:$primary;">What Happens Behind the Scenes?</mark>

{% stepper %}
{% step %}
A partner ad is displayed on your site.
{% endstep %}

{% step %}
The user clicks on it.
{% endstep %}

{% step %}
The partner script

* Detects the click on the ad.
* Requests a verification token.
* Adds the token to the ad’s destination URL.
  {% endstep %}

{% step %}
The user is redirected as usual.
{% endstep %}
{% endstepper %}

#### <mark style="color:$primary;">How Can I Enable this?</mark>

* You have to contact both your AgeGO and ExoClick account manager so they enable this feature for your account.
* No other action is needed.

### <mark style="color:$info;">Option 2: Manual Integration</mark>

Use this option when you want to create verified links yourself, without relying on an automatic partner integration.

Within the manual approach, AgeGO supports two implementation patterns, depending on how much control you need. AgeGO provides simple JavaScript functions to support this.

#### <mark style="color:$primary;">Option A: All-in-One Automatic Redirect (Easiest)</mark>

**Who is this for?**

Publishers who want the simplest and safest implementation.

**What this does**

{% stepper %}
{% step %}
Generates the verification token.
{% endstep %}

{% step %}
Append it to the destination URL.
{% endstep %}

{% step %}
Redirects the user automatically.
{% endstep %}
{% endstepper %}

All in one step.

An optional parameter, `openInNewTab`, controls how the redirect is opened. By default, it is set to false, meaning the redirect occurs in the current tab. If set to true, the redirect will open in a new browser tab.

**Example:Button:**

```hsp
<button onclick="window.AGEGO('redirectToVerified', 'https://site-b.example')">       Go to Site B (Open the same tab)</button>
```

```livecodeserver
<button onclick="window.AGEGO('redirectToVerified', 'https://site-b.example', true)">       Go to Site B (Open a new tab)</button>
```

**Example Link:**

```livecodeserver
<a href="#" onclick="window.AGEGO('redirectToVerified', 'https://site-b.example'); return false;">    Go to Site B (Open the same tab)</a>
```

```livecodeserver
<a href="#" onclick="window.AGEGO('redirectToVerified', 'https://site-b.example', true); return false;">    Go to Site B (Open a new tab)</a>
```

**Key Benefits**

* Only the destination URL needs to be replaced.
* Ideal for “Continue”, “Enter”, or “Visit Site” buttons.
* Recommended for most publishers.

#### <mark style="color:$primary;">Option B: Token-Only Generation (Advanced)</mark>

**Who is this for?**

Publishers with:

1. Custom JavaScript logic.
2. Dynamic pages.
3. Multiple verified links per page.

**How it works**

{% stepper %}
{% step %}
Your site requests a verification token from AgeGO.
{% endstep %}

{% step %}
The token is added to the destination URL.
{% endstep %}

{% step %}
The user is redirected to the destination.
{% endstep %}
{% endstepper %}

If token generation fails, the user is redirected normally without interruption.

**Example JavaScript:**

```xml
<script> document.addEventListener('click', async function(e) {  const target = e.target.closest('.manual-verify');  if (target) {   e.preventDefault();   const destination = target.href || target.getAttribute('data-href');   if (!destination) return;   try {    const data = await window.AGEGO('getVerificationToken');    if (data && data.token) {     const url = new URL(destination);     url.searchParams.set('ag_token', data.token);     window.location.href = url.toString();    } else {     window.location.href = destination;    }   } catch (error) {    console.warn("AgeGO token failed, redirecting normally.", error);    window.location.href = destination;   }  } });</script>
```

**Implementation href and button**

```applescript
<a href="https://site-b.example/page1" class="manual-verify">    Go to Site B (Manual Implementation)</a><button id="manual-verify" class="btn btn-primary">    Go to Site B (Manual Implementation)</button>
```

In this example, the publisher’s script:

1. Requests a verification token from AgeGO.
2. Append the token to the destination URL if available.
3. Redirects the user accordingly.

**Note:** If token generation fails, the user is redirected normally without interruption.

#### <mark style="color:$primary;">Important: Intermediate Redirects</mark>

{% hint style="warning" %}
If your link passes through one or more intermediate redirects before reaching the final destination:

**The `ag_token` must always be preserved.**

**✅ Correct flow:** Site A → Site B → Site C (token preserved).

**❌ Incorrect flow:** Site A → Site B (token lost).

Losing the token invalidates the verification.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.agego.com/methods/cross-site-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.