GET https://api.veriko.mx/v1/validations/{id}/image

Get the receipt image

Audience
public
Auth
API key
Permission
validations:read
How-to guide →

Returns the receipt image attached to an OCR validation. Available for both image (base64) and image_url submissions. Images are served without EXIF/XMP/ICC metadata (already sanitized at upload time). Only available when has_image: true on the Validation object.

Parameters
Parameter In Type Required Description
id * path string (uuid) required

Validation UUID.

Request
curl -X GET 'https://api.veriko.mx/v1/validations/{id}/image' \
  -H 'Authorization: Bearer mxcep_••••'

Python example — coming soon.

JavaScript example — coming soon.

PHP example — coming soon.

Response status codes GET /v1/validations/{id}/image
Status Class Description Body
200 2xx Receipt image. `Content-Type` reflects the original format derived from the on-disk MIME (`image/png`, `image/jpeg`, `image/webp`). If the MIME is not in the whitelist it is served as `application/octet-stream`. No body
401 4xx Authentication is required or the provided credentials are invalid. ErrorResponse
403 4xx Permisos insuficientes ErrorResponse
404 4xx Validation not found (`not_found`) or has no associated image (`image_not_available`). The latter is also returned if the on-disk file fails the realpath check (defense-in-depth against symlinks outside the storage directory). ErrorResponse
422 4xx Invalid UUID in path (`invalid_uuid`). ErrorResponse
Response headers 200
Header Type Description
Cache-Control string Privately cacheable for 1 hour.
Content-Disposition string Inline serving; filename derived from the validation_id and the MIME extension.
Cross-Origin-Resource-Policy string Prevents cross-origin exfiltration via `<img>`.
X-Content-Type-Options string Defense against MIME-sniffing.
Errors from GET /v1/validations/{id}/image
Status Code Detail
401 unauthorized

Invalid or missing authentication credentials.

Envelope
meta.request_id
c4d5e6f7a8b9
403 forbidden

You do not have permission to access this resource.

Envelope
meta.request_id
d5e6f7a8b9c0