Authentication & Session Management
Is it mandatory to use the session generated by /api/authenticate?
Yes. It is mandatory to use the session generated by the /api/authenticate endpoint. Inspections will not process correctly if a custom/generated session ID is used.
The session key is:
- Single-use
- Valid for one inspection only
- Expired once consumed
A new session must be generated for every new inspection.
Should /api/authenticate be called before every inspection?
Yes. A new authentication session must be generated before each inspection.
Reusing the same session across multiple inspections may result in duplicate session errors.
What is the expiration time of access_token and refresh_token?
The authentication tokens expire after:
15 minutesWhich token should be used as the Bearer token for API/Upload requests?
Note: For the API/Upload endpoint, the roles of theaccess_tokenandrefresh_tokenare reversed. Please use therefresh_tokenas the Bearer token while making API/upload requests. The token validity duration is 15 minutes.
Example:
Authorization: Bearer <refresh_token>Does case_id support non-numeric values?
Yes. The case_id field supports:
- Numeric values
- Alphabets
- Hyphens
- Alphanumeric strings
Example:
{
"case_id":"CASE-12345"
}There is no restriction requiring case_id to be numeric only.
If inspections remain in Processing state, the issue is usually related to incorrect or reused session keys rather than the case_id format.
What is the minimum number of images required for an inspection?
The system can technically process even a single image.
However, for accurate inspection results, all sides/angles of the vehicle should be covered.
Recommended coverage includes:
- Front
- Rear
- Left side
- Right side
- Corner angles
What happens if oversized images are uploaded?
Oversized images are automatically resized internally by the system before processing.
Clients are not required to manually resize images before upload.
Webhook & Callback