Skip to main content
This guide walks you through the full verification flow end-to-end: create a collection, add a unit, attach a test chip, simulate a tap, and verify it. Every step uses curl.
Every /v1/* request includes your API key in the Authorization header — Authorization: Bearer end_sk_test_.... Keep it server-side only, and never expose it in browser code. See Authentication for the full details on credential types and session tokens.
1

Create a collection

A collection groups related units under one product line. Create one first — units belong to a collection, and the collection must be active before units can be issued.
Single-resource responses return their fields at the top level; list responses wrap their array under a plural key. See Response shape.
The collection is created on your organization’s default network, configured by Endstate at onboarding — no network field needed. You can read it (and the networks enabled for your organization) from GET /v1/settings, and pass chain_id explicitly only to override it.
The collection returns immediately with contract.status: "deploying" — provisioning is asynchronous. Poll GET /v1/collections/{collection_id} until contract.status is "active" before proceeding.
When contract.status is "active", the collection is ready. Poll on a short interval (one to two seconds) and give up after a reasonable timeout.
2

Create a unit

A unit is the unique digital record for a single physical item. Create one inside your collection.
The unit starts with collection.token.status: "pending". It moves to "active" (and receives a collection.token.serial) after a chip is paired in the next step.
3

Create a test chip

A test chip lets you simulate taps without physical hardware. Pass is_test: true and the unit you created.
Note the chip_id — you use it in the next two steps. Pairing a chip also triggers issuance: the unit’s token.status transitions from "pending" to "active" and token.serial is assigned.
4

Simulate a tap

Real chips produce a one-time e value when tapped. For test chips, the /tap endpoint generates one for you.
Each call to /tap produces a fresh, single-use e value. Use it immediately in the next step — it cannot be reused.
5

Verify the tap

Submit the e value to verify the chip. This is the core API call: it validates authenticity, records the scan, and returns a session token.
Two fields to note:
  • session_token — an object containing a short-lived token value (end_sess_...) that proves this chip was just tapped. Valid for 600 seconds by default. Pass the token string to a client to authorize unit-scoped actions without exposing your API key.
  • unit — the digital record for the verified item, including its issuance status and serial number.
If verification fails (e.g., the e value was already used), the API returns a structured error. Branch on error.code — see Errors.
6

Introspect the session token (optional)

Your client can confirm the session token’s scope without holding an API key. Send the token string from the session_token object as the bearer credential.
This endpoint accepts only end_sess_* tokens — not API keys. Use it from browser or mobile clients to confirm a verified session without exposing server credentials.

Next steps

Core concepts

Understand collections, units, chips, and how they fit together.

Verify a unit

The full production verification guide, including real chip handling.

Claim a unit

Use the session token you just received to transfer the unit to a recipient.

Authentication

API keys, session tokens, and security best practices.