@samantha how about calling a RESTlet from the client script to do the work and return either a true or false value after the security token is validated via the N/Crypto module?