Getting started

This is the step by step actions (intended for developers and integrators) required to start using the API and hold an event at a facility.

1. Get a tenant provisioned by Veridas, either in the sandbox or production environment.

2. Veridas Customer Success will submit you a Postman environment with the following data:

   * baseUrl for API calls.

   * iamUrl for Auth 2.0 JWT token generation.

   * client and secret for Auth 2.0 Client Credentials Flow for JWT token generation.

   * x-dasgate-tenant-id: the name of the tenant provisioned.

   * x-api-key

3. Veridas will create facilities for you, and give you the ids. Example:

   * some facility: TENANT_ID:ar-b:estadiomonumental

4. Implement a way to obtain your JWT token and add it as an Authorization Bearer header in your API requests.

5. Enroll your users by submitting, for each of them, a selfie in base64 and the acs_id. For each user:

   * Send POST /singles request

   * Make sure you save the relation acs_id and user_id, so you can later add users as attendees.

   POST /api/public/singles HTTP/1.1
   Content-Type: application/json
   x-dasgate-tenant-id: TENANT_ID
   Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
   content-length: XX
   
   {
       "acs_id": "member-123456",
       "acs_id_schema": "string64",
       "portrayal_type": "selfie",
       "selfie": "data:image/jpeg;base64,/9j/4AAQ...",
       "deliver_by_email": false
   }
   

   And the expected response HTTP 201

   {
       "onboarding_id": "79027c7f-ef3d-4d25-a08e-9f08ab544042",
       "acs_id": "member-123456",
       "user_id": "2c9aa737-2e8d-472a-b06f-594e709a0317",
       "status": "finished",
       "result": {
           "outcome": "accepted",
           "reason": null
       }
   }
   

6. Create an event for a future time range, providing the facility Veridas has provided as zone_id.

   * Send POST /events

   * Save the event_id so you can later add attendees.

   POST /api/public/events HTTP/1.1
   Content-Type: application/json
   x-dasgate-tenant-id: TENANT_ID
   Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
   content-length: XX
   
   {
       "name": "My event",
       "zone_id": "TENANT_ID:ar-b:estadiomonumental",
       "starts_at": "2025-06-07T10:00",
       "ends_at": "2025-06-07T23:00"
   }
   

   And the expected response HTTP 201. Notice that the response contains starts_at and ends_at instead of date.

   {
       "event_id": "d92deefb-764e-462c-a0ef-fe9598b6572e",
       "name": "My event",
       "zone_id": "TENANT_ID:ar-b:estadiomonumental",
       "starts_at": "2025-06-07T10:00:00-03:00",
       "ends_at": "2025-06-07T23:00:00-03:00"
   }
   

7. Add enrolled users as attendees to the event. This will enable credentials distribution to access points. For each enrolled user that is attending to the event:

   * Send POST /attendees with the following attributes in the payload:

   * event_id: obtained in the response when creating the event.

   * user_id: obtained in the response when enrolling a new user

   POST /api/public/attendees HTTP/1.1
   Content-Type: application/json
   x-dasgate-tenant-id: TENANT_ID
   Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
   content-length: XX
   
   {
       "event_id": "d92deefb-764e-462c-a0ef-fe9598b6572e",
       "user_id": "2c9aa737-2e8d-472a-b06f-594e709a0317"
   }
   

   And the expected response HTTP 201

   {
       "event_id": "d92deefb-764e-462c-a0ef-fe9598b6572e",
       "user_id": "2c9aa737-2e8d-472a-b06f-594e709a0317",
       "acs_id": "member-123456",  
       "attendee_id": "d92deefb-764e-462c-a0ef-fe9598b6572e_2c9aa737-2e8d-472a-b06f-594e709a0317",       
       "credential_types": [
           "face"
       ]
   }
   

8. For each attendee added to the event, credentials will be distributed to those access points that belong to event's facility.

About event datetimes and duration

The current version of the API and credential distribution protocol have some restrictions on event duration:

• Event time range (determined by starts_at and ends_at) is used to create distributable collections that are published so access points can replicate them. These datetimes are naive and converted server-side to the timezone of the facility holding the event.

• Prefer starts_at and ends_at in requests. If date is provided, the API infers a same-day event.

• Datetime format follows ISO 8601. We store datetimes as UTC internally in our system, taking into account the facility's timezone.

• Currently only one event at a time can exist per facility. Events can be created for the same facility as long as they don't overlap, and access points will know when to replicate and delete collections, according to starts_at and ends_at datetimes.