Skip to main content
By default, tapping a chip lands the user on Endstate’s hosted verify page. This guide shows how to host that experience yourself — your domain, your design — by combining tap redirects with the verify endpoint. The shape: you configure a redirect to a page you own; Endstate sends each tap there with the chip_id and one-time e; your page forwards them to your server, which verifies the tap and returns the item. You render the result.

Prerequisites

  • Registered items — a collection, a unit per item, and a paired chip. See Set up your catalog.
  • A secret API key (end_sk_...), used server-side only.
  • A page on your domain to receive taps (the redirect destination).
1

Point taps at your page

Set a redirect_url to the page you’ll host. Choose the level that matches how broadly it applies — a single unit, a whole collection, or your organization default:
From now on, a tap on any item covered by that redirect sends the user to your URL with the tap’s chip_id and e appended:
The most specific redirect wins (unit → collection → org default). See Tap redirects for the full resolution order.
2

Receive the tap on your page

Read endstate_chip_id and endstate_e from the query string and forward them to your server. Your browser code must never call Endstate with your secret key.
The e value is single-use and short-lived. Forward it to your server and verify promptly; do not log it or store it at rest.
3

Verify the tap server-side

Your server calls POST /v1/chips/{chip_id} with the e. A successful response is the proof of authenticity — it can only be produced by a genuine chip that was just tapped.
See Verify a unit for the full response, the session-token model, and error handling.
4

Render the result

Return the unit to your page and render a branded authenticity view — its name, attributes, and serial (unit.collection.token.serial). If a follow-on action needs it, pass the session_token.token (end_sess_...) to the client; it’s safe there, unlike your API key.A successful verify means authentic. A failure (chip.invalid_e_value, chip.already_scanned) means the tap couldn’t be confirmed — show a “tap again” state rather than asserting the item is fake on a single failed tap.
The session token also authorizes claiming the unit — transferring ownership to a recipient. You can add that to your page as a next step. See Claim a unit.

Next steps

Verify a unit

The full server-side verification flow and its response in depth.

Tap redirects

Resolution order and how to set redirects per unit, collection, or org.