Skip to main content

Internal registration

Internal registration flow: AiFi QR scanner (app only)

  1. The customer scans their QR code at the reader.
  2. AiFi checks:
    • Is the code registered?
    • Is the code expired? (Expiry can be set to never expire, giving you control)
    • Has the code been used before? (Used codes are rejected)
    • Has the code been declined? (Declined codes are rejected)
  3. AiFi sends the customer ID and QR code to the retailer for validation.
  4. The retailer approves or denies entry.
Scanning retailer QR code at AiFi scanner

Important considerations

Pre-authorization

The QR code webhook shown here is the right moment to trigger a pre-authorization for the customer. If the customer scanned the QR code, they're likely about to enter the store. Don't assume this when the customer only generated the QR code. AiFi found this flow to be more customer-friendly and understandable than other options.

Accepting QR codes of employees and testers

After the QR code validation webhook, most retailers try to look up the entry code in their database.

However, there are two exceptions:

  • An employee QR code generated by AiFi Operations App
  • A tester QR code generated by AiFi Store Certification App (Tester App).

To determine if an entry code belongs to a regular customer, an employee, or a tester, the retailer system should look up the customer.role field in the webhook payload. If the role is "employee" or "tester", we recommend that the retailer system return success code 200. The retailer can define more complex logic, but rejecting such entry codes may delay certification.

note

The manual check-in call Admin API -> stores -> manual check-in, described in the next section, will also trigger the QR code webhook if it's defined.

Internal registration flow: Retailer credit card terminal or QR scanner

Check-in the customer when the scanner is managed by the retailer
  1. The customer shows a QR code on their device to the QR reader.
  2. The retailer's system performs all necessary checks regarding their systems and the customer.
  3. The retailer's system sends the pre-registered code to OASIS API using Admin API -> stores -> verify entry code and check in by device id.
  4. The AiFi system (OASIS API) checks the customer in and responds to the retailer's system with a success or failure response.
  5. Upon success, the retailer should open the doors.v
  6. The customer enters the store.
  7. AiFi sends out the webhook Push -> Transitions -> Customer Entered a store for the customer who entered the store.
# As always, remember - this is an example call! For the most recent APIs, refer to the API docs!
CODE=${1:-code123456789}
STORE_ID=${2:-1}
ENTRY_ID=${3:-1}
CHECK_IN_DEVICE_ID=${4:-1}
TOKEN=<ask_us_for_a_dev_token>
BODY=`cat <<EOM
{
  "code": "$CODE"
}
EOM
`
curl \
  -X POST \
  -H "Content-type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "$BODY" \
  https://oasis-api.public.sandbox.oasis.aifi.com/api/admin/v2/stores/$STORE_ID/check-in/$CHECK_IN_DEVICE_ID/entry-codes/verify

Retailer - Important considerations

  1. If the app is owned by the retailer, the retailer should verify the customers' eligibility to enter the store, including payment-related checks, such as ensuring the customer has a valid credit card with sufficient funds. If the QR code webhook isn’t enabled, this is the right moment to perform the pre-authorization.
  2. After manual check-in, a webhook Push -> entry codes -> verify entry-code at external provider for entry code validation will be called if specified. It’s recommended to run your logic before calling the manual check-in and opt out from the webhook in this case to avoid unnecessary network round-trips.