PassEntry’s Scans API lets you validate passes at physical locations, whether for event access, membership verification, ticket validation, or loyalty program check-ins. By default, PassEntry handles validation internally, but for businesses needing more flexibility, third-party validation allows you to define your own rules and logic. You can now also manage loyalty in the same request. That means your system can update a customer’s loyalty points or stamp their card while validating their pass – all in one go.

What is Third-Party Validation?

With third-party validation, your system takes full control over how passes are validated. Instead of PassEntry checking pass validity, every scan is sent to your own endpoint, where you decide the logic.

PassEntry Internal vs. Third-Party Validation

FeaturePassEntry Default Validation 📦Third-Party Validation 🔧
Setup📦 Out-of-the-box, no setup required🛠️ Requires a custom validation endpoint
Validation Logic🔒 PassEntry validates against its own database⚙️ Your system defines all validation rules
Scan Value Format🔑 Must be pass UUID or external ID📜 Can contain any data or combination of values (e.g., customerID-promoCode)
Reader Instructions📡 Pre-defined reader instructions🎨 Full control over instructions (e.g., messages, LED colors, sounds)
Scans Logging📊 Yes📊 Yes
Support for NFC/Barcode📡 NFC & Barcode (only if barcode is configured as pass UUID)📡 NFC & Barcode
Association to the pass🔄 Yes📡 Only if passId provided by your endpoint
Current Compatibility🔗 Works with VTAP & PassEntry Reader🔗 Works with VTAP & PassEntry Reader
Loyalty Management✨ Automatically updates points or stamps, and sends notifications if included🎯 Full control – your endpoint must handle loyalty updates and send any notifications

How to Enable Third-Party Validation

To start using third-party validation, follow these simple steps:

1. Ensure You Have a Reader Set Up

Third-party validation is currently supported only on PassEntry readers. If you haven’t set up a reader yet, follow this guide to do so.

2. Update Your Reader Configuration

  1. Go to PassEntry DashboardReadersReader Configuration.
  2. Find the Validation Settings section.
  3. Change the validation type to Third-Party.
  4. Enter an HTTPS URL of your third-party validation endpoint (this is where PassEntry will send scans for validation).
  5. Include a Bearer token (this is a token that the reader will send to your endpoint to authenticate itself).
Validation Settings

3. Apply Changes & Activate Third-Party Validation

  • Once you update the settings, the PassEntry reader will log out automatically and VTAP reader’s configuration will be automatically updated.
  • On the next login/reboot, it will use the new validation settings, sending all scans to your third-party endpoint.
  • After validation, scans will still be logged in PassEntry for tracking and reporting (only on PassEntry readers).
Third-Party Logs

How It Works

  1. A pass is scanned using a PassEntry reader or VTAP reader (via NFC or barcode).
  2. Instead of PassEntry validating the pass, the scan is sent to your third-party endpoint.
  3. Your system processes the validation using custom business logic.
  4. The reader receives a response from your system and displays any necessary instructions (e.g., “Access Granted” or “Invalid Ticket”).
  5. The scan is logged in PassEntry for visibility and reporting (only on PassEntry readers).

Third-Party Endpoint Structure

Your custom validation endpoint must be able to receive scan data and respond with validation results.

Reader Request Format

PassEntry Reader

{
    "scan": {
        "scanValue": "some-scan-value",
        "readerId": "passentry_reader_id",
        "scanType": "nfc",
        "loyalty": {
            "balance": -10,
            "message": "You have redeemed 10 points"
        }
    }
}
scan
object

VTAP Reader

{
    "scan": {
        "scanValue": "some-scan-value",
        "readerId": "CC123456",
        "readerType": "VTAP",
        "scanData": {
            "IP": "Local IP of device",
            "location": "Reader Location",
            "passtype": "A",
            "payload": "d9ae223c9e6cd57e18f3f61b6198cce756de8b2b",
            "rdrparam1": "Optional Reader Info 1",
            "rdrparam2": "Optional Reader Info 2",
            "serialno": "CC123459",
            "SSID": "Connected WiFi"
        }
    }
}
scan
object

Your Endpoint Response Format

PassEntry Reader

{
    "validationResponse": {
        "status": "failed",
        "statusDetail": "Subscription expired",
        "passId": "65844fnrjkfjfkel4h4j23",
        "readerInstructions": {
            "message": "Sorry, we can't let you in"
        }
    }
}
validationResponse
object

VTAP Reader

{
    "validationResponse": {
        "status": "failed",
        "statusDetail": "Subscription expired",
        "passId": "65844fnrjkfjfkel4h4j23",
        "readerInstructions": {
            "VTAPaction": {
              "led": "?LEDR 00FF00,100,100,3",
              "beep": "?BEEPR 50,50,2",
              "message": "Sorry, we can't let you in",
              "success": false
            }
        }
    }
}
validationResponse
object
For more information on VTAP actions, see the VTAP API documentation.