GET
https://api.veriko.mx/v1/validations/{id}/image Get the receipt image
How-to guide →Returns the receipt image attached to an OCR validation. Available for both image (base64) and image_url submissions. Images are served without EXIF/XMP/ICC metadata (already sanitized at upload time). Only available when has_image: true on the Validation object.
| Parameter | In | Type | Required | Description |
|---|---|---|---|---|
id * | path | string (uuid) | required | Validation UUID. |
curl -X GET 'https://api.veriko.mx/v1/validations/{id}/image' \
-H 'Authorization: Bearer mxcep_••••'
Python example — coming soon.
JavaScript example — coming soon.
PHP example — coming soon.
| Status | Class | Description | Body |
|---|---|---|---|
| 200 | 2xx | Receipt image. `Content-Type` reflects the original format derived from the on-disk MIME (`image/png`, `image/jpeg`, `image/webp`). If the MIME is not in the whitelist it is served as `application/octet-stream`. | No body |
| 401 | 4xx | Authentication is required or the provided credentials are invalid. | ErrorResponse |
| 403 | 4xx | Permisos insuficientes | ErrorResponse |
| 404 | 4xx | Validation not found (`not_found`) or has no associated image (`image_not_available`). The latter is also returned if the on-disk file fails the realpath check (defense-in-depth against symlinks outside the storage directory). | ErrorResponse |
| 422 | 4xx | Invalid UUID in path (`invalid_uuid`). | ErrorResponse |
| Header | Type | Description |
|---|---|---|
Cache-Control | string | Privately cacheable for 1 hour. |
Content-Disposition | string | Inline serving; filename derived from the validation_id and the MIME extension. |
Cross-Origin-Resource-Policy | string | Prevents cross-origin exfiltration via `<img>`. |
X-Content-Type-Options | string | Defense against MIME-sniffing. |
| Status | Code | Detail |
|---|---|---|
| 401 | unauthorized | Invalid or missing authentication credentials. Envelope
|
| 403 | forbidden | You do not have permission to access this resource. Envelope
|