Two-way Strong ¦ Sign In ¦ New User

Application Programming Interface (API)



User Account


Test Environment

Web Application



Session Check

Session Check (Static)


Logout (Static)

Mobile Application

Mobile Login Check

Key Data Fields

Response Messages

Demo Examples

Powered By (Credit)

Technical Support


Session Check Function (Static)

The software developer can protect a static HTML page from unauthorized access by adding a JavaScript function in the header of the HTML page. When a user tries to access the page, the JavaScript will immediately execute the session check function before the Web browser has a chance to display the content. Required input values are your API key and two absolute URL addresses to tell Two-way Strong where you want the user to go on success and failure. The Session ID is optional and may be left blank.

This implementation will only provide a very basic level of protection and may not work in all Web browsers. For full protection and security, you must use the Web server script implementation.

Use this URL address to connect to the Test Environment:

Use this URL address to connect to the Live Environment:

Copy the entire computer program code and add it in your HTML page inside the HTML Head tag.

    <link rel="stylesheet" href="" type="text/css" />
        var TwowayApiAddress = "";
        var setApiKey = "INSERT API KEY";
        var setReturnLoginPath = "INSERT USER LOGIN URL";
        var setReturnDestPath = "INSERT DESTINATION URL";

        var getSessionID = "";
        var permitAccess = "false";
        var queryString =;
        var queryParams = new URLSearchParams(queryString);
        getSessionID = queryParams.get("sessionID");
        permitAccess = queryParams.get("permitAccess");

        if (permitAccess == "true" || queryString.includes("permitAccess=true")) {
            // Do nothing
        } else {

        function TwowayCheck() {
            var TwowayForm = document.createElement("form");
            TwowayForm.setAttribute("action", TwowayApiAddress);
            TwowayForm.setAttribute("method", "post");
            TwowayForm.setAttribute("enctype", "application/x-www-form-urlencoded");

            var apiKey = document.createElement("input");
            apiKey.setAttribute("type", "hidden");
            apiKey.setAttribute("name", "apiKey");
            apiKey.setAttribute("value", setApiKey);

            var sessionID = document.createElement("input");
            sessionID.setAttribute("type", "hidden");
            sessionID.setAttribute("name", "sessionID");
            sessionID.setAttribute("value", getSessionID);

            var returnLoginPath = document.createElement("input");
            returnLoginPath.setAttribute("type", "hidden");
            returnLoginPath.setAttribute("name", "returnLoginPath");
            returnLoginPath.setAttribute("value", setReturnLoginPath);

            var returnDestPath = document.createElement("input");
            returnDestPath.setAttribute("type", "hidden");
            returnDestPath.setAttribute("name", "returnDestPath");
            returnDestPath.setAttribute("value", setReturnDestPath);


        window.oncontextmenu = function () {
            return false;

Download the complete source code.