How verification works
- You call
POST /verify/initwith an API key, aplatform_user_idto verify, and acallback_urlto receive the result. Auth314 creates a one-time session and returns averify_url. - The end user opens
verify_urland completes the Pi Sign-in OAuth flow against Pi Network's own servers. Auth314 never sees the user's Pi password or any Pi Network credentials — only the access token Pi's OAuth flow returns. - Auth314 verifies that access token against the Pi Platform API to confirm the user's identity, then POSTs a one-time result to your
callback_url.
Your app Auth314 Pi Network
| POST /verify/init | |
|----------------------->| |
| { verify_url } | |
|<-----------------------| |
| | |
| (user opens verify_url) |
| | OAuth flow |
| |------------------------->|
| | access token |
| |<-------------------------|
| | verify token |
| |------------------------->|
| | uid, username |
| |<-------------------------|
| POST callback_url | |
|<-----------------------| |One-to-one enforcement
Auth314 maps each Pi account to exactly one (platform, platform_user_id, guild_id) at a time. If the same Pi account later verifies under a different platform identity, Auth314 automatically revokes the previous one and sends verified: false to that operator's original callback_url.
Why you never receive Pi identity
Per Pi's Developer Terms of Use, a user's Pi UID and username may not be shared with third parties. Auth314 stores that identity internally to enforce one-to-one verification and for its own audit trail, but every webhook you receive contains only platform_user_id, guild_id, and verified — values you already know, confirmed.