Ábyrg verslunFyrirtækiAldursskírteiniVefþjónustaAlgengar spurningar
Vefþjónusta

Manual Verification

Record an employee-approved verification. An employee uses their 6-digit access code to identify themselves before approving the transaction.

Note: Manual verifications must be performed and confirmed by a registered employee. The employeeId field must contain a valid employee ID for your tenant.

Employee Lookup

Before calling the manual verification endpoint, resolve the employee by their 6-digit access code:

GET/api/v1/employees/code

Resolve an employee by their 6-digit access code. Returns the employee ID and name required for the manual verification endpoint.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires employees:read scope

Query Parameters

codestringRequired

Employee's 6-digit access code

Response

{
  "data": {
    "id": "emp_abc",
    "name": "Jón Jónsson",
    "createdAt": "2024-01-15T10:00:00.000Z",
    "updatedAt": "2024-01-15T10:00:00.000Z"
  }
}

Record Manual Verification

Once you have the employee ID, submit the manual verification. The server records an immutable transaction.

POST/api/v1/verifications/manual

Record an employee-approved manual verification. The employee must have been resolved via their access code before calling this endpoint. The server records an immutable transaction.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires transactions:write scope

Content-TypestringRequired

application/json

Request Body

employeeIdstringRequired

Employee ID — obtained by resolving their 6-digit access code

requiredAgenumberRequired

Minimum age threshold verified (for example, 18)

posReferencestringOptional

Your own reference for this transaction (e.g. receipt or basket ID, max 20 characters). Returned on the transaction record for reconciliation

deviceIdstringOptional

Service-client callers only: attribute the transaction to an api-origin device (created via POST /api/v1/devices). Returns 404 if the device does not exist, 400 if it is not an active api-origin device

Examples

cURL

curl -X POST https://abyrgverslun.is/api/v1/verifications/manual \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "employeeId": "emp_abc",
    "requiredAge": 18,
    "posReference": "till-4-receipt-1234",
    "deviceId": "dev_def456"
  }'

JavaScript

// Step 1: Resolve employee by access code
const lookupResponse = await fetch(
  'https://abyrgverslun.is/api/v1/employees/code?code=123456',
  {
    headers: { 'Authorization': 'Bearer YOUR_ACCESS_TOKEN' },
  },
);

if (!lookupResponse.ok) {
  console.error('Employee not found');
  return;
}
const { data: employee } = await lookupResponse.json();

// Step 2: Record the manual verification
const response = await fetch('https://abyrgverslun.is/api/v1/verifications/manual', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    employeeId: employee.id,
    requiredAge: 18,
    posReference: 'till-4-receipt-1234',
  }),
});

const data = await response.json();
// data.result === 'pass'
// data.transactionId === 'j57b2mNkR4e9...'

Response

{
  "result": "pass",
  "transactionId": "j57b2mNkR4e9..."
}