Skip to content

How verification works

  1. You call POST /verify/init with an API key, a platform_user_id to verify, and a callback_url to receive the result. Auth314 creates a one-time session and returns a verify_url.
  2. The end user opens verify_url and completes the Pi Sign-in OAuth flow against Pi Network's own servers. Auth314 never sees the user's Pi password or any Pi Network credentials — only the access token Pi's OAuth flow returns.
  3. Auth314 verifies that access token against the Pi Platform API to confirm the user's identity, then POSTs a one-time result to your callback_url.
Your app                Auth314                  Pi Network
   |  POST /verify/init     |                          |
   |----------------------->|                          |
   |  { verify_url }        |                          |
   |<-----------------------|                          |
   |                        |                          |
   |  (user opens verify_url)                           |
   |                        |  OAuth flow              |
   |                        |------------------------->|
   |                        |  access token            |
   |                        |<-------------------------|
   |                        |  verify token             |
   |                        |------------------------->|
   |                        |  uid, username            |
   |                        |<-------------------------|
   |  POST callback_url     |                          |
   |<-----------------------|                          |

One-to-one enforcement

Auth314 maps each Pi account to exactly one (platform, platform_user_id, guild_id) at a time. If the same Pi account later verifies under a different platform identity, Auth314 automatically revokes the previous one and sends verified: false to that operator's original callback_url.

Why you never receive Pi identity

Per Pi's Developer Terms of Use, a user's Pi UID and username may not be shared with third parties. Auth314 stores that identity internally to enforce one-to-one verification and for its own audit trail, but every webhook you receive contains only platform_user_id, guild_id, and verified — values you already know, confirmed.

Not affiliated with Pi Network or the Pi Core Team.