Verdict Schema
In one sentence
The verdict your backend reads is { country, confidence, alarm } — three fields, nothing about how they were derived.
Success response
Returned by GET /v1/verdict/{sessionRef} once a verdict is ready:
{
"country": "DE",
"confidence": 0.91,
"alarm": "none"
}
| Field | Type | Range / values | Meaning |
|---|---|---|---|
country | string | ISO 3166-1 alpha-2 (e.g. "DE", "US") | Estimated country of origin for the session. May be empty if there wasn't enough signal. |
confidence | number | 0–1 | Confidence in country. Higher is more confident. |
alarm | string | "none" | "low" | "medium" | "high" | Escalation indicator for the session. Higher warrants more caution. |
Supported surface
country, confidence, and alarm are the stable, supported fields. Treat anything else that may appear in a response as internal and unsupported — it can change or be removed. Build your policy only on these three.
Pending response
If the verdict isn't ready (the browser is still collecting, or no signals arrived for that sessionRef):
{ "status": "pending", "ref": "sess_abc123" }
returned with HTTP 404. Use the waitMs long-poll, or retry shortly. See Fetch the Verdict.
How to interpret it
confidencegauges how much to trustcountry; choose a threshold for your risk tolerance and treat low confidence as "not enough signal", not as a negative.alarmis a separate axis — use it to decide how cautious to be, independent ofcountry.
There is, by design, no field telling you why. See Verdicts and Trust & Privacy.
Where to go next
- Fetch the Verdict. How to read it.
- Verdicts. The conceptual read.