Tags and Triggers
VerifyHuman uses product tags, product metafields, collection tags, customer metafields, cart attributes, and cart total thresholds to determine when and what level of verification is required. This page documents every trigger mechanism and how verification levels are computed.
Verification Levels Overview
VerifyHuman defines three assurance levels:
| Level | Name | Description |
|---|---|---|
| L1 | Human Check | Basic bot detection / liveness check |
| L2 | Age Verification | Age verification (18+ or 21+) |
| L3 | Identity Verification | Full KYC with ID document + selfie match |
Higher levels provide stronger assurance. A customer verified at L3 also satisfies L2 and L1 requirements.
Product Tags
Product tags are the simplest way to mark products as requiring verification. Tags are checked by both the storefront Liquid templates (theme app extension) and the server-side cart validation function.
Identity Verification Tags
| Tag | Effect |
|---|---|
vh_requires_idv |
Requires identity verification (L3 in Advanced Mode, or the store's minimum required level in Simple Mode) |
VH_REQUIRES_IDV |
Same as above (case-insensitive matching) |
Age Verification Tags
| Tag | Effect |
|---|---|
vh_requires_age |
Requires age verification (L2) |
VH_REQUIRES_AGE |
Same as above (case-insensitive matching) |
Age Gate Tags (Theme Extension)
The Age Gate embed supports a configurable product tag (default: age-restricted) for triggering the age gate overlay when the trigger mode is set to "Products with Specific Tag." This tag is separate from the checkout validation tags above and only controls whether the storefront overlay appears.
| Tag | Configurable | Default | Used By |
|---|---|---|---|
| Product tag for age gate | Yes (Theme Editor) | age-restricted |
Age Gate embed (storefront overlay) |
| Collection tag for age gate | Yes (Theme Editor) | age-restricted |
Age Gate embed (storefront overlay) |
How to Add Tags to Products
- Go to Products in your Shopify admin.
- Select the product you want to restrict.
- In the Tags field, add the appropriate tag (e.g.,
vh_requires_idv). - Click Save.
You can also bulk-tag products using Shopify's bulk editor or CSV import.
Product Metafields
Metafields provide a structured alternative to tags for marking products as restricted.
verifyhuman.requires_idv
- Namespace:
verifyhuman - Key:
requires_idv - Type: Single-line text
- Accepted values:
true,1,yes(all treated as truthy; anything else is falsy) - Effect: Same as the
vh_requires_idvtag — requires identity verification
This metafield is checked by:
- The cart checkout validation function (server-side, at checkout)
- The identity-checkout Liquid embed (storefront, on the cart page)
- The
restricted-detectionservice (server-side utility)
verifyhuman.required_level
- Namespace:
verifyhuman - Key:
required_level - Type: Single-line text
- Accepted values:
1,2,3 - Effect: Overrides any tag-based detection and sets the exact verification level required for the product
This metafield takes precedence over tags. For example, if a product has the vh_requires_idv tag (normally L3) but its required_level metafield is set to 2, only L2 (age verification) is required.
How to Set Product Metafields
- Go to Products in your Shopify admin.
- Select the product.
- Scroll down to Metafields.
- Add a metafield with namespace
verifyhumanand keyrequires_idv, valuetrue. - Click Save.
You may need to define the metafield definition first under Settings > Custom data > Products.
Collection Metafields
Collections can also be marked as restricted using metafields.
verifyhuman.requires_idv
- Namespace:
verifyhuman - Key:
requires_idv - Type: Single-line text
- Accepted values:
true,1,yes - Effect: All products in the collection are treated as requiring identity verification
This is checked by the server-side restricted-detection service. Note that collection metafield detection is only available when the detection mode includes metafield checks (both or metafields_only).
Customer Metafields
Customer metafields store verification results. These are written by the server (via the Shopify Admin API) after a successful verification and are considered trusted because they cannot be modified by the customer.
| Namespace.Key | Type | Description |
|---|---|---|
verifyhuman.identity_verified |
Single-line text | true if the customer has been verified |
verifyhuman.assurance_level |
Single-line text | The verification level achieved (1, 2, or 3) |
verifyhuman.age_result |
Single-line text | Age verification result (e.g., over_18, over_21) |
verifyhuman.identity_expires_at |
Single-line text (ISO 8601 date) | When the verification expires |
How Customer Verification Is Checked
The cart checkout validation function reads these metafields at checkout time:
- If
identity_verifiedis nottrue, the customer is treated as unverified. - If
identity_expires_atis in the past, the verification is treated as expired. - The
assurance_levelis compared against the required level for cart items. - For L2 requirements,
age_resultis parsed (e.g.,over_21) and compared against the store's age threshold.
Shop Metafields
Shop-level metafields store global configuration that the cart validation function reads at checkout. These are written by the app when you save settings in the dashboard.
| Namespace.Key | Type | Description |
|---|---|---|
verifyhuman.app_url |
Single-line text | The app's base URL (used by theme extension scripts) |
verifyhuman.app_mode |
Single-line text | simple or advanced |
verifyhuman.min_required_level |
Single-line text | Minimum verification level (1, 2, or 3) — used in Simple Mode |
verifyhuman.age_threshold |
Single-line text | Required age (18, 21, or 25) |
verifyhuman.identity_cart_threshold |
Single-line text | Cart total threshold for automatic L3 upgrade (dollar amount) |
verifyhuman.allow_guest_checkout |
Single-line text | true to allow guest checkout for restricted items (reduced security) |
Cart Attributes
For guest checkout (when allowGuestCheckout is enabled), verification tokens are stored as cart attributes since there is no customer account to write metafields to.
| Attribute Key | Description |
|---|---|
vh_idv_token |
JWT-format token containing verification claims (scope, assurance level, expiration) |
The cart validation function performs basic token validation (format and expiration check) but this is not cryptographically verified and provides defense-in-depth only. For compliance-grade verification, require customer accounts.
Cart Total Threshold
In both Simple and Advanced modes, you can configure a High-Value Cart Threshold that automatically upgrades the required verification level to L3 (Identity) when the cart total exceeds a specified dollar amount.
Example: If the threshold is set to $500 and a customer's cart totals $600, identity verification (L3) is required even if none of the individual products have restriction tags or metafields.
Configure this in Dashboard > Settings > Verification Mode > High-Value Cart Threshold.
Level Computation Logic
Simple Mode
In Simple Mode, the system uses a straightforward approach:
- Start with the store's Minimum Required Level (default: L2).
- Check each product in the cart for tags (
vh_requires_idv,vh_requires_age) or metafields (verifyhuman.requires_idv,verifyhuman.required_level). - The
required_levelproduct metafield overrides tag-based detection. - For products with
vh_requires_idvtags orrequires_idvmetafields, the required level is the store's minimum required level. - For products with
vh_requires_agetags, L2 is required. - If the cart total exceeds the identity cart threshold, upgrade to L3.
- The highest required level across all cart items is enforced.
Advanced Mode
In Advanced Mode, each verification type is controlled independently:
- Identity (L3): Required if
identityEnabledis true and the cart contains restricted items (tagged or metafield-marked). - Age (L2): Required if
agegateEnabledis true and the cart contains age-restricted items. - Human (L1): Required if
humanEnabledis true (applies to form protection, not checkout).
Priority order: L3 > L2 > L1. The highest applicable level is enforced.
Detection Modes
The server-side restricted detection service supports three modes, controlled by the detectionMode setting:
| Mode | Tags Checked | Metafields Checked |
|---|---|---|
both (default) |
Yes | Yes (product + collection) |
tags_only |
Yes | No |
metafields_only |
No | Yes (product + collection) |
Age Gate Trigger Modes
The Age Gate theme extension embed supports four trigger modes that determine where the age verification overlay appears:
| Trigger Mode | Description |
|---|---|
| Entire Store (All Pages) | Age gate appears on every page |
| Products with Specific Tag | Only on product pages where the product has the configured tag |
| Collections with Specific Tag | Only on collection pages or product pages within a tagged collection |
| Specific Page Handles | Only on pages matching a comma-separated list of handles |
These trigger modes only control the storefront overlay (the age gate popup). Server-side checkout enforcement uses the vh_requires_age / vh_requires_idv tags and metafields independently.
Identity Verification Triggers
Identity verification can be triggered in multiple ways:
Pre-Checkout (Cart Page)
The identity-checkout embed monitors the cart page. If any cart item has the vh_requires_idv tag or the verifyhuman.requires_idv metafield set to true, the checkout button is intercepted and the verification modal is presented.
Settings:
- Require for All Checkouts — bypasses tag/metafield checks and requires verification for every checkout
- Product Tag — configurable tag name (default:
vh_requires_idv)
Button-Triggered (Product Page)
The identity-block can be placed on any product page as an app block. It renders a "Verify My Identity" button that opens the verification modal when clicked.
Server-Side Enforcement
The cart checkout validation function runs at checkout and blocks the order if the required verification level is not met. This is the compliance-grade enforcement layer that cannot be bypassed by the customer.
Guest vs. Authenticated Checkout
| Scenario | Behavior |
|---|---|
| Authenticated + Verified | Checkout proceeds if customer metafield verification level meets requirements |
| Authenticated + Not Verified | Checkout blocked with message to complete verification |
| Authenticated + Expired | Checkout blocked with message that verification has expired |
Guest + allowGuestCheckout off (default) |
Checkout blocked; customer must create an account |
Guest + allowGuestCheckout on |
Token-based defense-in-depth check (reduced security) |
Quick Reference: Tag and Metafield Summary
| Trigger | Scope | Type | Level | Used By |
|---|---|---|---|---|
vh_requires_idv tag |
Product | Tag | L3 (Advanced) / Min Level (Simple) | Cart validation, identity-checkout embed |
vh_requires_age tag |
Product | Tag | L2 | Cart validation |
verifyhuman.requires_idv metafield |
Product | Metafield | L3 (Advanced) / Min Level (Simple) | Cart validation, identity-checkout embed, restricted-detection service |
verifyhuman.required_level metafield |
Product | Metafield | Exact level (1-3) | Cart validation |
verifyhuman.requires_idv metafield |
Collection | Metafield | L3 | Restricted-detection service |
age-restricted tag (configurable) |
Product / Collection | Tag | Age gate overlay | Age Gate embed |
| Cart total threshold | Cart | Dollar amount | L3 | Cart validation, level computation |
verifyhuman.identity_verified metafield |
Customer | Metafield | Verification status | Cart validation |
vh_idv_token attribute |
Cart | Attribute | Guest token | Cart validation |