Skip to main content
POST
Verify a chip and issue a session token

Authorizations

Authorization
string
header
required

Use Authorization: Bearer end_sk_* for partner API keys (e.g. end_sk_AbCd_example_api_key).

Path Parameters

chip_id
string
required

Chip identifier from the tap URL.

Pattern: ^[0-9A-Fa-f]{10}$
Example:

"ABCDEF0123"

Body

application/json
e
string
required
Pattern: ^[0-9A-Fa-f]{32}$
Example:

"C78566198547116F3A715DC1C62AF96F"

dry_run
boolean
default:false
ttl
integer | null

Session-token TTL override in seconds. Must be between 60 and 3600 inclusive; out-of-range values return 400 validation.failed.

Required range: 60 <= x <= 3600
Example:

600

Response

200 - application/json

Chip verified; session token issued (or null on dry_run).

id
string<uuid> | null
required

Scan identifier. null when dry_run=true (no Scan record created).

Example:

"12345678-1234-4567-8901-234567890abc"

session_token
object | null
required

Opaque session token scoped to (orgId, chipId, apiKeyId, scanId). null on dry_run.

chip
object
required
unit
object
required
redirect_url
string<uri> | null
required

Canonical verify URL on the org's verified domain. null when no verified domain exists.

Example:

"https://domain.com/verify/ABCDEF0123"

dry_run
boolean
required