Cloud validation, security & API

Algorithmic validation. Real-time fraud monitoring. One API.

Whichever route your codes are printed on, validation, security and consumer-support data flow through the same cloud platform. Built for billions of codes per year, designed to be integrated by an agency in days — not months — and engineered around a closed-loop architecture that has no exposable database of codes to leak.

Data flow from pack code to consumer entry, algorithmic validation, fraud signal and Consumer Support Panel
One validation journey: the consumer-facing entry, the mathematical validation decision, the fraud signal and the support record are all tied together.

Algorithmic, not database lookup

The most consequential design choice in our validation system is that it isn’t a database lookup. When a consumer submits a code, we don’t scan a table of issued codes to see if it’s on the list. We reverse-engineer the code algorithmically against an “allocation” — a logical grouping of codes that share properties such as market, SKU and production line.

Two consequences follow.

  • It scales. Validation is fast and consistent regardless of whether you’ve issued 1 million or 10 billion codes. There’s no table to grow, no index to maintain, no hardware cost that scales with code volume.
  • It’s structurally more secure. A database breach of issued codes — the kind of incident that has compromised entire campaigns at competing providers — isn’t structurally possible, because there isn’t a database of issued codes.

The validation system still maintains a complete audit trail: every code entry, every consumer, every redemption, every suspicious pattern. That’s a different (and well-protected) data store from the codes themselves, and it’s the foundation of the fraud monitoring described below.

A single API your agency can integrate in days

Validation happens through a clean, well-documented API. Your agency — or your in-house team — integrates it into the consumer-facing app or web experience that runs your campaign. Submit a code; get back validity, security flags, and any associated metadata (SKU, market, production date) for the campaign logic to use.

  • One code can only ever be validated successfully once, regardless of how many times it’s submitted.
  • Repeated entries of the same code — whether by the same consumer or different ones — are logged for fraud-pattern analysis.
  • The API returns full consumer history when needed, supporting personalised mechanics and ROI measurement.
  • Test servers and test code allocations are provided during integration so the agency can build with confidence before campaign go-live.

Many leading European promotional agencies have already integrated our API on past campaigns and can do so quickly on new ones.

Real-time fraud monitoring

The validation system is paired with continuous fraud monitoring. Suspicious patterns are detected, scored and acted on in real time rather than at the end of a campaign.

  • Risk-scoring per consumer. Each consumer record carries a risk score that updates with every entry, based on entry patterns, code-sharing signals, geographic anomalies, and other behavioural signals.
  • Configurable thresholds. Limits on invalid-code attempts, valid entries per period, geographic spreads — configurable per campaign.
  • Code-copying detection. When two different consumer accounts try to enter the same code, both events are logged and cross-referenced — allowing us to distinguish between Type 1 (in-store copying) and Type 2 (sharing) and respond appropriately.
  • Statistical reporting. Marketing teams get clean campaign statistics with fraudulent entries flagged or removed.

AI Vision as an optional audit layer

Outside-pack code copying is rare in practice, but some campaigns have a lower tolerance for even small residual risk. Where that matters, recent advances in AI Vision make an additional audit layer feasible: the consumer journey can ask the user to scan the code and surrounding environment so the campaign can check they are not standing in-store when submitting the code.

That check can be applied to every entry, or reserved for consumers whose behaviour already looks suspicious. In that selective model, Hive IP’s risk scoring flags the entry pattern and the campaign can trigger an AI Vision audit step rather than adding camera friction for every legitimate consumer.

More on AI Vision as an audit layer →

Full audit trail

Every event in the system is logged: every code generated, every code synchronised with the validation service, every code entry (valid or invalid), every consumer record update, every replacement code issued by support staff. The audit trail is queryable and is the source of every report we provide to a brand or agency.

For brands operating in regulated markets or with strict internal compliance requirements, the audit trail is also the basis for any external attestation needed.

Infrastructure

  • Hosted on AWS with resilient cloud infrastructure for campaign-scale validation.
  • Disaster recovery and daily machine images replicated across regions to keep spin-up times to a minimum.
  • 99.85% uptime SLA on the validation service.
  • Dynamic scaling to handle peak load during high-traffic campaign moments.
  • Test, staging and production environments per engagement, isolated from each other.
  • Additional regional data centres can be configured on request for brands with specific data-residency requirements.

Print errors happen — we’re built for them. The most common operational issues we see across hundreds of factory deployments are the small ones: an allocation of codes accidentally printed across two SKUs, a batch prefix mis-selected, a production date offset. Our validation system is designed to handle these cleanly, and our team has resolved most of them before. We support brands directly through any incident.

Next

Want to see the API or talk to your agency about integration?

We can walk through the API with your agency on a 30-minute call, share documentation, and provide test codes. Most agencies need a day or two of integration work; experienced ones less than that.

Send an enquiry Consumer Support Panel

Or get straight in touch: info@hiveip.co.uk