Verify Pass
Submit a digital pass for server-side verification. The server verifies the pass, checks the challenge conditions, and records an immutable transaction.
Note: The server always records a transaction regardless of result. Invalid or expired passes return "fail".
/api/verification/passSubmit pass data read from NFC or QR. The server verifies signature, expiry, and age threshold, then records a transaction. Both pass and fail outcomes return HTTP 200 — HTTP error codes indicate request-level failures only.
Headers
| Name | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Required | DPoP <access_token> (device) or Bearer <access_token> (service client) |
| DPoP | string | Optional | Required for device callers using DPoP tokens; omit for Bearer service-client calls |
| Content-Type | string | Required | application/json |
AuthorizationstringRequiredDPoP <access_token> (device) or Bearer <access_token> (service client)
DPoPstringOptionalRequired for device callers using DPoP tokens; omit for Bearer service-client calls
Content-TypestringRequiredapplication/json
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| passData | string | Required | Base64-encoded 64-byte pass (legacy 64-char Latin-1 value also accepted) |
| requiredAge | number | Required | Minimum age threshold to verify (for example, 18) |
passDatastringRequiredBase64-encoded 64-byte pass (legacy 64-char Latin-1 value also accepted)
requiredAgenumberRequiredMinimum age threshold to verify (for example, 18)
Examples
cURL
curl -X POST https://abyrgverslun.is/api/verification/pass \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"passData": "<base64-or-latin1-pass>",
"requiredAge": 18
}'JavaScript
const response = await fetch('https://abyrgverslun.is/api/verification/pass', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN',
'Content-Type': 'application/json',
},
body: JSON.stringify({
passData: '<base64-or-latin1-pass>',
requiredAge: 18,
}),
});
const data = await response.json();
// data.result === 'pass' | 'fail'
// data.transactionId === 'j57b2mNkR4e9...'Response
// Verification passed
{
"result": "pass",
"transactionId": "j57b2mNkR4e9..."
}
// Verification failed (invalid or expired pass, age check failed)
{
"result": "fail",
"transactionId": "j57b2mNkR4e9..."
}