TAGBASE

Quickstart

Get started

Authenticate, provision a tag, and run your first verification.

This quickstart takes you from zero to a first verification using the live API. You’ll authenticate, provision a tag, and submit a scan. It covers the API surface and the verdicts you get back — not the internals of how a tag proves itself.

The whole public API is three POST endpoints under https://platform.tagbase.io/api/v1. Every request carries your API key and the JSON:API content type. Each call below is shown in curl, JavaScript (fetch), PHP (Guzzle), and Elixir (Req) — pick your language with the tabs.

1. Authenticate

You authenticate as an account with a bearer key. Put it in an environment variable so it never lands in your shell history:

export TAGBASE_API_KEY="key_abcdef0123456789:superstrongrandomsecret"

See Authentication for the key format and where keys come from.

2. Provision a tag

Create a tag under your account. You get back the tag’s id, which you’ll keep and reference when verifying scans.

curl https://platform.tagbase.io/api/v1/tags \

  -X POST \

  -H "Authorization: Bearer $TAGBASE_API_KEY" \

  -H "Content-Type: application/vnd.api+json" \

  -d '{ "data": { "type": "tags", "attributes": { "protocol": "<protocol>", "count": 1 } } }'

{

  "data": [ { "type": "tags", "id": "tag_abcdef0123456789" } ]

}

protocol is the tag protocol for your hardware — ask TAGBASE for the value to use. See Tags for the full request and the tag lifecycle.

3. Run a verification

Once a tag has been written to a physical chip, a tap produces a URL with scan parameters in its query string. Forward those parameters to the platform and read back the verdict:

curl https://platform.tagbase.io/api/v1/tags/tag_abcdef0123456789/verifications \

  -X POST \

  -H "Authorization: Bearer $TAGBASE_API_KEY" \

  -H "Content-Type: application/vnd.api+json" \

  -d '{ "data": { "type": "verifications", "attributes": { "...": "...tap URL params..." } } }'

{

  "data": {

    "type": "verifications",

    "id": "vrf_abcdef0123456789",

    "attributes": { "status": "pending", "inserted_at": "2026-06-08T12:34:56.123456Z" },

    "relationships": {

      "session": { "data": { "type": "sessions", "id": "ses_abcdef0123456789" } },

      "tag":     { "data": { "type": "tags",     "id": "tag_abcdef0123456789" } }

    }

  }

}

The first scan returns pending and opens a session. To finish the check, forward a second tap with that session id as tagbase_session_id:

curl https://platform.tagbase.io/api/v1/tags/tag_abcdef0123456789/verifications \

  -X POST \

  -H "Authorization: Bearer $TAGBASE_API_KEY" \

  -H "Content-Type: application/vnd.api+json" \

  -d '{ "data": { "type": "verifications", "attributes": { "...": "...tap URL params...", "tagbase_session_id": "ses_abcdef0123456789" } } }'

{

  "data": {

    "type": "verifications",

    "id": "vrf_MqiFaFwAs6U1pu5ALCxa5M",

    "attributes": { "status": "valid", "inserted_at": "2026-06-08T12:34:58.654321Z" },

    "relationships": {

      "session": { "data": { "type": "sessions", "id": "ses_abcdef0123456789" } },

      "tag":     { "data": { "type": "tags",     "id": "tag_abcdef0123456789" } }

    }

  }

}

status: "valid" — a genuine tag, proven live. That’s a complete verification.

Testing. Your own code is testable offline: since the verification attributes are just the inbound query string passed through, you can unit-test your tap handler and two-scan branching with any synthetic parameters. What you can’t fake is a real valid/invalid verdict — that needs a tag TAGBASE has provisioned and written to a physical chip. There’s no public sandbox, so ask TAGBASE for test tags to exercise the flow end to end.

Next steps

TAGBASE uses cookies to keep you signed in and protect against fraud. With your permission, we also measure how the site is used. Read our cookie policy for details.
Necessary
Analytics