Learn & FAQ

Learn

The Infrastructure Behind CheckOut

At CheckOut, we prioritize traditional and robust web development processes. Our scalable and resilient server network is powered by a classic stack of nginx, Varnish, and Node.js. For enhanced security, we use a non-Cloudflare security proxy to protect against DDoS attacks.

We avoid modern frameworks and technologies, focusing instead on proven, reliable methods. By not using serverless solutions, we maintain greater control over our infrastructure, ensuring better stability and performance. This traditional approach allows us to deliver consistent and secure services, minimizing the risk of downtime and technical issues.

100% score lighthouse test

Pictured above is the lighthouse score for CheckOut.

Device ID's and Tracking

We use a combination of your IP address, account information, and device ID (stored in a cookie) to identify and track your activity on our site, including submissions. This tracking system helps us build your reputation and enhance account functionality, ensuring a personalized and secure experience.

Please note that only logged-in users can access their settings page and manage their account information. For more control over your data, visit our Data Control page where you can reset and delete your information, and request a copy of any data we hold about you.

Displayed in the footer of the account and settings page, your device ID is linked to the cookie that CheckOut stores in your browser or mobile device, which is essential for reputation building and account functionality.

More information is available in the Terms and Privacy policy.

Caching

For performance reasons and to ensure the best user experience, especially during busy times, API and code results are hard-cached. This means the cache cannot be manually refreshed by users. However, data should not be delayed by more than a minute, and in normal use, the data displayed on the home page, for example, is updated almost instantaneously.

Please note that caching does not affect AutoCheckin users, as their check-ins are processed instantly on the server-side.

API

We are pleased to offer a RESTful API for your use. While our site is accessible to anonymous users (please refer to the FAQ section below for details on account requirements), anyone can utilize the API to retrieve data on codes, courses, classes, and other structured information related to our platform. You can explore all the available features in our API explorer.

Please note that CheckOut's API is governed by fair use policies. Along with adhering to our terms of service, it's important not to use the API in ways that could negatively impact other users' experiences. This includes avoiding excessive data requests for timetables and refraining from actions like updating account information or attempting to bypass the cache. Submission of codes via the API is prohibited. Only applications that have received prior approval are permitted to submit codes through the API. To submit codes, please use the web forms available on our web and mobile applications. For more details, visit our API explorer.

Why Aren't the Website and Mobile Apps Open Source?

We understand that many users value open-source software for its transparency and collaborative potential. However, our website and mobile apps are not currently open source, and there are two main reasons for this:

  • Codebase Readiness: While we appreciate the benefits of collaborative development, our codebase is not yet in a state that meets modern development standards. Bringing it up to those standards would require significant time and effort, which we believe is better spent on developing new features and improving the user experience. We are committed to delivering high-quality updates and innovations, and this focus ensures we can continue to meet the needs of our users.
  • Security Concerns: Protecting our users is a top priority. Some of the algorithms we use, particularly those designed to combat spam and manage external services, are kept confidential to enhance security. By keeping these aspects of our system closed-source, we reduce the risk of malicious actors exploiting vulnerabilities, ensuring a safer and more reliable experience for everyone.

We hope this clarifies our approach and the reasons behind our decision. We remain committed to transparency where it counts and to delivering a secure, high-quality service for all users.

FAQ

What modules/classes does the site support?

CheckOut includes many timetabled and standard courses. If you can't find your course in the course selection page or have any other questions, please contact our support team.

How can I spot a verified code?

Codes with the Verified mark have been verified through AutoCheckin or by a moderator. Submitters with high-repuation scores may also receive verification. Click on the Verified button next to a code for transparency behind the codes verification status.

My code has not appeared on the site?

While quality control checks and caching is taking place, your code may take up to a minute to appear on the site. This could take longer in peak times.

What is an API 'auth_error'?

The error code 'auth_error' occurs when trying to use an API endpoint that you have not got permissions for. As described in the API explorer, some or all endpoints may require changing authentication requirements. You can prepare your application for this by getting an API key from your account and providing it in the X-CheckOut-Key header.

What should I do if I spot an incorrect code?

If you notice an incorrect code, you can use the 'Report Code' option if available on the code entry. If this option isn't visible, please contact our support team with details about the incorrect code. We greatly appreciate our users helping to maintain data accuracy on CheckOut.

We work hard to ensure code accuracy through our reputation scoring system and moderation processes, but user reports are invaluable in helping us maintain high-quality data for everyone.

What if I submit the wrong code or select the wrong session?

If you've submitted an incorrect code or selected the wrong session, visit your submission history and click the 'Hide' button next to the incorrect submission. After hiding the incorrect submission, you can immediately submit the correct code or submit to the correct session.

If you can't find the submission in your history, please contact our support team immediately to have it removed. Taking prompt action helps prevent reputation damage and potential account restrictions.

Account

Is an account required to use CheckOut?

Currently authentication is set to false . If set to true, an account is required for all pages on the site and mobile app. Usually, an account is not needed to access codes, however an account-only restriction may be set for submissions.

My account is compromised, help!
  • If you can sign in, visit your account and click the 'Logout all sessions' button. This will sign out everyone, including yourself, so you will need to sign in again.
  • If you can't sign in, contact support, giving your account's email address. An admin will explore the options available to secure your account.

If your Google account, passkey, or other login method is compromised, inform us using the above email. We can then remove the compromised method from your account.

I'm unable to sign in.

We'll try our best to help. Contact support.

🔒 Security Vulnerability Reporting

If you've discovered a security vulnerability, please email support@jemedia.xyz immediately. Include as much information as possible about the vulnerability, including steps to reproduce, potential impact, and any supporting documentation. We take all security reports seriously and will investigate them promptly.