How It Works for Partners
v0uch.me provides age verification as a service through a standard OAuth 2.0 / OpenID Connect integration. Partners redirect users to v0uch.me for age confirmation and receive a signed claim indicating whether the user meets the required age threshold. Partners never receive raw personal data -- only a boolean age claim and a privacy-preserving identifier.
Getting Started
- Register as a partner -- contact us to set up your partner account and receive your client credentials.
- Configure your integration -- register your redirect URIs and configure your OAuth client settings.
- Integrate the authorization flow -- redirect users to v0uch.me's authorization endpoint with PKCE. After the user consents, exchange the authorization code for tokens.
- Verify the age claim -- inspect the ID token or call the introspection endpoint to confirm the user's age verification status.
What You'll Receive
- A boolean age claim (18+ or 21+) -- confirming the user meets the required age, without revealing their actual date of birth.
- A pairwise user identifier -- unique to your application, so you cannot correlate users across partner sites.
- Webhook notifications -- for events such as consent revocation or account changes that affect the user's verification status.
Security
All partner communications are secured with mutual TLS (mTLS). Token exchanges use certificate-bound tokens and PKCE to prevent interception and replay attacks. Pushed Authorization Requests (PAR) keep sensitive parameters off browser URLs.