> ## Documentation Index
> Fetch the complete documentation index at: https://docs.passlet.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Record scans in bulk

> Checks in many passes at once from an operator selection. Each pass is validated and recorded independently through the single-scan pipeline (its own redemption gates), so a denied or already-redeemed pass never blocks the rest. Always returns `200` with a per-pass `results[]` (`accepted` / `duplicate` / `denied` / …, or `result: null` on an unexpected error) plus `totalAccepted` / `totalRejected` / `totalFailed`. Send an `idempotencyKey` so re-submitting the same selection replays instead of double-recording.

Requires the `scans:write` scope on the access token.



## OpenAPI

````yaml /api-reference/openapi.json post /v1/scans/batch
openapi: 3.1.0
info:
  title: Passlet API (Public)
  version: 0.1.0
  description: >-
    Public integration API for Passlet — every route callable with a `plt_*`
    access token. Each operation lists the required access-token scope.
  license:
    name: UNLICENSED
    identifier: UNLICENSED
servers:
  - url: https://api.passlet.io
    description: Production
security: []
paths:
  /v1/scans/batch:
    post:
      tags:
        - scans
      summary: Record scans in bulk
      description: >-
        Checks in many passes at once from an operator selection. Each pass is
        validated and recorded independently through the single-scan pipeline
        (its own redemption gates), so a denied or already-redeemed pass never
        blocks the rest. Always returns `200` with a per-pass `results[]`
        (`accepted` / `duplicate` / `denied` / …, or `result: null` on an
        unexpected error) plus `totalAccepted` / `totalRejected` /
        `totalFailed`. Send an `idempotencyKey` so re-submitting the same
        selection replays instead of double-recording.


        Requires the `scans:write` scope on the access token.
      operationId: postV1ScansBatch
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BatchRecordScanRequest'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BatchRecordScanResponse'
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '404':
          description: Not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '409':
          description: Conflict
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '429':
          description: Rate limited
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '503':
          description: Service unavailable
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
      security:
        - bearerAuth: []
components:
  schemas:
    BatchRecordScanRequest:
      $schema: https://json-schema.org/draft/2020-12/schema
      type: object
      properties:
        passIds:
          minItems: 1
          maxItems: 200
          type: array
          items:
            type: string
            format: uuid
            pattern: >-
              ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
            description: Pass identifier
          description: Pass IDs to check in (max 200)
        projectId:
          anyOf:
            - type: string
              format: uuid
              pattern: >-
                ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
            - type: 'null'
        scanContextKey:
          type: string
          minLength: 1
          maxLength: 128
        validityDate:
          type: string
          pattern: ^\d{4}-\d{2}-\d{2}$
        context:
          type: object
          properties:
            gate:
              type: string
              maxLength: 64
            lane:
              type: string
              maxLength: 64
            location:
              type: string
              maxLength: 255
            sessionId:
              type: string
              maxLength: 255
            note:
              type: string
              maxLength: 500
          additionalProperties: {}
        idempotencyKey:
          type: string
          minLength: 1
          maxLength: 200
      required:
        - passIds
    BatchRecordScanResponse:
      $schema: https://json-schema.org/draft/2020-12/schema
      type: object
      properties:
        totalRequested:
          type: integer
          minimum: 0
          maximum: 9007199254740991
        totalAccepted:
          type: integer
          minimum: 0
          maximum: 9007199254740991
        totalRejected:
          type: integer
          minimum: 0
          maximum: 9007199254740991
        totalFailed:
          type: integer
          minimum: 0
          maximum: 9007199254740991
        results:
          type: array
          items:
            type: object
            properties:
              passId:
                type: string
                format: uuid
                pattern: >-
                  ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                description: Pass identifier
              result:
                anyOf:
                  - type: string
                    enum:
                      - accepted
                      - duplicate
                      - unknown
                      - ambiguous
                      - denied
                      - reversal
                  - type: 'null'
              reasonCode:
                anyOf:
                  - type: string
                    enum:
                      - valid
                      - stale_identifier
                      - already_scanned
                      - not_active
                      - expired
                      - revoked
                      - wrong_scope
                      - not_valid_context
                      - out_of_window
                      - quota_exhausted
                      - cooldown
                      - no_match
                      - multiple_matches
                  - type: 'null'
              message:
                type: string
            required:
              - passId
              - result
              - reasonCode
              - message
            additionalProperties: false
      required:
        - totalRequested
        - totalAccepted
        - totalRejected
        - totalFailed
        - results
      additionalProperties: false
    ApiError:
      $schema: https://json-schema.org/draft/2020-12/schema
      type: object
      properties:
        errorCode:
          type: string
          enum:
            - UNAUTHORIZED
            - FORBIDDEN
            - TOKEN_EXPIRED
            - TOKEN_INVALID
            - CSRF_TOKEN_INVALID
            - TENANT_EXPIRED
            - TENANT_NOT_FOUND
            - ORGANIZATION_REQUIRED
            - TENANT_SUSPENDED
            - VALIDATION_ERROR
            - INVALID_INPUT
            - MISSING_REQUIRED_FIELD
            - INVALID_FORMAT
            - NOT_FOUND
            - PASS_NOT_FOUND
            - TEMPLATE_NOT_FOUND
            - WEBHOOK_NOT_FOUND
            - NOTIFICATION_NOT_FOUND
            - CONFLICT
            - VERSION_CONFLICT
            - DUPLICATE_PASS
            - IDEMPOTENCY_CONFLICT
            - TEMPLATE_VERSION_NOT_NEWER
            - SCAN_REVERSAL_WINDOW_EXPIRED
            - WEBHOOK_MANAGED_EXTERNALLY
            - PASS_ALREADY_ISSUED
            - PASS_ALREADY_VOIDED
            - PASS_NOT_ISSUED
            - PASS_ISSUING_FAILED
            - APPLE_SIGNING_FAILED
            - APPLE_APNS_FAILED
            - GOOGLE_API_FAILED
            - GOOGLE_JWT_FAILED
            - PROVIDER_UNAVAILABLE
            - LINK_EXPIRED
            - LINK_REVOKED
            - LINK_INVALID
            - TOKEN_SIGNATURE_INVALID
            - TOKEN_CLOCK_SKEW
            - RATE_LIMITED
            - TOO_MANY_REQUESTS
            - INTERNAL_ERROR
            - SERVICE_UNAVAILABLE
            - JOB_FAILED
          description: Machine-readable error code
        message:
          type: string
          description: Human-readable error message
        correlationId:
          type: string
          description: Request correlation ID for debugging
        details:
          description: Additional error details
          type: object
          propertyNames:
            type: string
          additionalProperties: {}
      required:
        - errorCode
        - message
        - correlationId
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: plt_<secret>
      description: >-
        Passlet access token (`plt_*`) sent as `Authorization: Bearer <token>`
        or `X-API-Key`. Authorized scopes are listed per operation under
        `x-required-scopes`.

````