How are you being limited to JS only? Their JS is surely calling an API endpoint that you could utilize. Sorry, there isn't much I can suggest as you'll need to provide more information about the outside software. In general what you're asking isn't doable without a completely new and custom JS validation rule, but I don't see how it's going to benefit you given it in theory would just call the API endpoint which you could just do from code validation provided by CB Code Field using PHP.