How to implement verified identity handshake without a webapp

I would like users on Discord to be able to verify to Dronefly bot that they are the legitimate account holders of an iNaturalist login id. Note: this isn’t about performing authenticated queries, but simply about making it difficult for a Discord user to spoof identity of an iNat user on Discord itself.

Whatever method we devise for this verification, ideally, we would like it to be carried out privately between the Discord user and the bot.

After talking it over with the Dronefly dev team, what we’re thinking may work is a process like this:

  1. Discord user initiates registration by sending a DM to the bot with their iNaturalist ID.
  2. The bot responds by sending the user a message on iNat (via the API: POST /v1/messages) that includes a generated token and further instructions.
  3. The user receives it on iNat, then follows the instruction to DM the bot again with the code, completing the registration.

I’m worried, though, that if I do the POST to the API authenticated with my own personal iNat account, and then anything ever went wrong, it could lead to flagging my account as a spammer, or even getting it suspended.

Would it be possible, therefore, to have Dronefly post through a separate bot account, expressly for the purpose of posting such registration challenge codes?

We would take reasonable precautions, such as limiting for retries to protect against outright abuse of the registration facility to spam messages to iNat account holders.


if you’re afraid of being flagged for spamming, can you go the other way and have a user send your iNat account a message from their iNat account? so the workflow could be something like this:

  1. user gets a unique code from the bot
  2. user sends a message in iNat to a given user with the unique code in the message title
  3. user tells the bot the message has been sent
  4. bot checks the iNat inbox for the message
  5. bot associates the iNat user who sent the message with the user who it gave the code to

That’s a possibility. I’ll try this method and see if it works for us. Thanks.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.