AgeOnce Docs
Dashboard
API Reference

All Endpoints

Complete list of AgeOnce API endpoints

All API Endpoints

Complete list of available AgeOnce API endpoints.

Authentication and verification

GET /verify

Age verification page for the user.

GET https://app.ageonce.com/verify?client_id=...&redirect_uri=...&state=...
ParameterTypeDescription
client_idstringYour Client ID
redirect_uristringURL for redirect
statestringCSRF protection

Learn more →

POST /api/oauth/token

Exchange authorization code for age token.

POST https://app.ageonce.com/api/oauth/token

Request Body:

{
  "client_id": "string",
  "client_secret": "string",
  "code": "string",
  "redirect_uri": "string"
}

Response:

{
  "age_token": "string",
  "token_type": "Bearer",
  "expires_in": 600,
  "transaction_id": "uuid"
}

transaction_id — Audit ID for compliance; searchable in Dashboard Audit Logs.

Learn more →

POST /api/oauth/validate

Validate age token.

POST https://app.ageonce.com/api/oauth/validate

Request Body:

{
  "token": "string"
}

Response:

{
  "valid": true,
  "payload": {
    "sub": "anonymous",
    "age_verified": true,
    "min_age": 18,
    "verification_id": "uuid",
    "verified_at": "2026-02-11T12:00:00Z",
    "client_id": "string",
    "iat": 1739275200,
    "exp": 1739361600,
    "iss": "ageonce"
  }
}

Learn more →

GET /api/oauth/jwks

JSON Web Key Set for local validation.

GET https://app.ageonce.com/api/oauth/jwks

Response:

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "ageonce-public-key",
      "use": "sig",
      "alg": "RS256",
      "n": "...",
      "e": "AQAB"
    }
  ]
}

Learn more →

Statistics (Dashboard API)

These endpoints are only available to authenticated dashboard users.

GET /api/stats/usage

API usage statistics.

GET https://app.ageonce.com/api/stats/usage
Authorization: Bearer <session_token>

Response:

{
  "period": "month",
  "total_verifications": 1250,
  "successful": 1180,
  "failed": 70,
  "daily_breakdown": [
    { "date": "2026-02-01", "count": 45 },
    { "date": "2026-02-02", "count": 52 }
  ]
}

HTTP Status Codes

CodeDescription
200Success
400Invalid parameters
401Unauthorized
403Access denied
404Not found
500Internal error

Error Response Format

All errors are returned in standard format:

{
  "error": "error_code",
  "error_description": "Human readable description"
}

Error codes

CodeDescription
invalid_requestMissing or invalid parameters
invalid_clientInvalid client_id or client_secret
invalid_grantInvalid or expired code
unauthorized_clientClient not authorized
access_deniedAccess denied
server_errorInternal server error

JWKS Endpoint

JSON Web Key Set for local token validation

Security

Security best practices for AgeOnce integration

On this page

All API EndpointsAuthentication and verificationGET /verifyPOST /api/oauth/tokenPOST /api/oauth/validateGET /api/oauth/jwksStatistics (Dashboard API)GET /api/stats/usageHTTP Status CodesError Response FormatError codes