API Format - IM18+ Technical Explanation

PostMessage API Specification

The IM18+ system uses the browser's postMessage API for secure cross-origin communication between partner sites and the verification service.

Message Format

{
  "verified": boolean,
  "source": "im18plus",
  "timestamp": number,
  "expires": number
}

API Endpoints

GET /api/check-anonymous.php Primary

Anonymous verification check via iframe embedding

Response Messages:

Verified User: {verified: true, source: "im18plus", timestamp: 1704067200, expires: 1706659200}

Unverified User: {verified: false, source: "im18plus", verification_url: "https://verify.im18.app/verify.php"}

GET /api/ip.php?ip=x.x.x.x Geolocation

IP-based country detection for compliance

Response Format:

{
  "success": true,
  "ip": "8.8.8.8",
  "country_code": "US",
  "country_name": "United States",
  "continent": "North America",
  "is_eu": false,
  "method": "best_in_class_detection"
}

Integration Examples

JavaScript Integration

// Basic iframe integration
const iframe = document.createElement('iframe');
iframe.src = 'https://verify.im18.app/api/check-anonymous.php';
iframe.style.display = 'none';
document.body.appendChild(iframe);

// Listen for verification response
window.addEventListener('message', function(event) {
    // Verify origin for security
    if (event.origin !== 'https://verify.im18.app') return;

    const data = event.data;
    if (data.source === 'im18plus') {
        if (data.verified === true) {
            showAdultContent();
            console.log('User verified until:', new Date(data.expires * 1000));
        } else {
            showVerificationPrompt(data.verification_url);
        }
    }
});

function showVerificationPrompt(url) {
    // Open verification in popup
    const popup = window.open(url, 'verification', 'width=600,height=400');

    // Listen for verification completion
    const checkClosed = setInterval(() => {
        if (popup.closed) {
            clearInterval(checkClosed);
            location.reload(); // Refresh to re-check status
        }
    }, 1000);
}

PHP Server-Side Integration

<?php
// Server-side verification check
function checkAgeVerification() {
    return isset($_COOKIE['age_verified']) && $_COOKIE['age_verified'] === 'true';
}

// Usage in content pages
if (!checkAgeVerification()) {
    // Show verification interface
    include 'verification-required.php';
    exit;
}

// Show adult content
include 'adult-content.php';
?>

IP Geolocation Integration

// Client-side IP detection
async function checkUserLocation() {
    try {
        // Get user's IP (using external service or server-side detection)
        const response = await fetch('https://verify.im18.app/api/ip.php?ip=auto');
        const data = await response.json();

        if (data.success) {
            console.log('User location:', data.country_name);

            // Apply country-specific rules
            if (data.is_eu) {
                // Enhanced privacy controls for EU users
                enableGDPRCompliance();
            }

            if (data.country_code === 'DE') {
                // German-specific age verification requirements
                setMinimumAge(18);
            }
        }
    } catch (error) {
        console.log('Location detection failed:', error);
    }
}

🔒 Security Best Practices

• Always verify event.origin before processing postMessage data
• Use HTTPS for all API communications
• Implement timeout handling for iframe responses
• Validate all API responses before taking action
• Never trust client-side verification alone for critical content

API Format & PostMessage Communication