Skip to content
StraventaDocs

Verify a candidate PIN for the caller

Story 4 AC-4.5. Compares a candidate PIN against the stored Argon2id hash. After 5 consecutive wrong attempts the user is locked out for 15 minutes (state lives in `pos_cashier_pins.failed_attempts` + `locked_until`); the next call returns 423 until the lock expires. A successful verify resets `failed_attempts` and clears `locked_until`. On the transition into a fresh lockout window, emits one `audit_log` row with action `pos.pin.locked`. Gated by `pos.pin.verify` permission.

POST
/api/pos/v1/pin/verify

Story 4 AC-4.5. Compares a candidate PIN against the stored Argon2id hash. After 5 consecutive wrong attempts the user is locked out for 15 minutes (state lives in pos_cashier_pins.failed_attempts + locked_until); the next call returns 423 until the lock expires. A successful verify resets failed_attempts and clears locked_until. On the transition into a fresh lockout window, emits one audit_log row with action pos.pin.locked. Gated by pos.pin.verify permission.

Authorization

bearerAuth
AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

application/json

application/json

application/json

curl -X POST "https://example.com/api/pos/v1/pin/verify" \  -H "Content-Type: application/json" \  -d '{    "pin": "1234"  }'
{
  "verified": true
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}
{
  "error": "string",
  "message": "string",
  "request_id": "string"
}

Was this page helpful?