BriteVerify is a valuable service - that's why we charge for it! So sometimes bad people on the internet might try and steal verification services, using your registration page as a way to do it.

The straightforward way that one might implement BriteVerify on their registration page would be to simply verify an email address as it is submitted. And this, of course, makes sense. But if potential attackers discover that, and realize that they can verify email addresses using it, then they might try to attack your form.

The simplest option to start with is to use a simple CSRF token to protect your form. This is usually the easiest first step to take, and many frameworks such as Rails or Laravel can make integrating a CSRF token almost automatic.

The next step after that would be to put in an IP-based restriction. You limit the number of registration submissions based on the end-user's IP address. The numbers that might make sense for you will be variable, but you might want to start with limiting to 5 or 10 submissions per IP address per hour, then you can either force the end-user to verify a CAPTCHA, or block them outright. It depends on what makes the most sense for your users.

While we fully realize that this can be a problem for you – our customers – we are working on making BriteVerify more flexible for everyone to be able to handle security concerns, as well as develop other methods that can help resolve issues more easily for everyone.

Basic info on our real-time API can be found here and also don't forget to check out this article on best practices when implementing the real-time API. 

Did this answer your question?