> ## Documentation Index
> Fetch the complete documentation index at: https://docs.closient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Capture EPCIS events

> Capture one or more EPCIS 2.0 events for the authenticated organization. The request body MUST be a valid EPCISDocument with a populated ``epcisBody.eventList`` array (GS1 EPCIS 2.0 §6.2 / §8). Each event is validated, persisted, and (when its ``bizStep`` is FSMA-relevant) materialized into a CriticalTrackingEvent in the same transaction. Duplicate events — detected by the EPCIS event hash defined in §8.4 — return ``409 Conflict``. Per-event validation failures return ``400`` with the offending event's ``eventID`` (or array index) in ``detail``. Caller must hold an OWNER or MANAGER membership on the target organization.



## OpenAPI

````yaml /openapi/openapi-epcis.json post /epcis/api/2.0/capture
openapi: 3.1.0
info:
  title: EPCIS 2.0 API
  version: 2.0.0
  description: >
    GS1-conformant EPCIS 2.0 event capture and query API.


    ## Authentication


    All endpoints require an API key passed via the `X-API-Key` HTTP header,
    unless otherwise noted.


    ```

    X-API-Key: csb_<body>_<checksum>

    ```


    Generate API keys in **Settings > API Keys** in your dashboard, or via the
    Account API.

    Session-based (cookie) authentication is also accepted for browser-based
    access.


    ## Rate Limits


    | Tier        | Requests / minute | Requests / day |

    |-------------|-------------------|----------------|

    | Default     | 300               | 10,000         |

    | Custom      | Contact us        | Contact us     |


    Rate-limit headers are included on every response so callers can
    self-throttle without

    hitting our 429s ("informed governor"):


    - `RateLimit-Policy` — every active window, e.g. `300;w=60, 10000;w=86400`

    - `RateLimit-Limit` — quota for the **most-restrictive** currently-active
    window

    - `RateLimit-Remaining` — requests left in that window

    - `RateLimit-Reset` — seconds until that window resets (relative; clock-skew
    safe)


    Legacy `X-RateLimit-*` aliases are also emitted for back-compat.
    `X-RateLimit-Reset`

    keeps the absolute Unix-timestamp shape to avoid breaking existing
    consumers.


    When rate-limited, you receive `429 Too Many Requests` with a
    `retry_after_seconds` field

    in the error envelope and a `Retry-After` header.


    ## Pagination


    List endpoints return paginated results in this envelope:


    ```json

    {
      "data": [...],
      "pagination": {
        "page": 1,
        "page_size": 25,
        "total_count": 342,
        "total_pages": 14,
        "has_next": true,
        "has_previous": false
      }
    }

    ```


    Use `?page=2&page_size=50` query parameters. Maximum page size is 100.


    ## Error Responses


    All errors conform to [RFC 9457 Problem
    Details](https://www.rfc-editor.org/rfc/rfc9457)

    with `Content-Type: application/problem+json`:


    ```json

    {
      "type": "https://closient.com/docs/errors/not_found",
      "title": "Not Found",
      "status": 404,
      "detail": "The requested resource was not found.",
      "error_code": "not_found",
      "retryable": false,
      "timestamp": "2026-03-31T12:00:00+00:00"
    }

    ```


    Common error codes: `unauthorized` (401), `forbidden` (403), `not_found`
    (404),

    `validation_error` (422), `rate_limited` (429), `internal_error` (500).
  termsOfService: https://www.closient.com/terms/
servers:
  - url: https://www.closient.com
security: []
externalDocs:
  description: Closient Documentation
  url: https://docs.closient.com
paths:
  /epcis/api/2.0/capture:
    post:
      tags:
        - EPCIS 2.0
      summary: Capture EPCIS events
      description: >-
        Capture one or more EPCIS 2.0 events for the authenticated organization.
        The request body MUST be a valid EPCISDocument with a populated
        ``epcisBody.eventList`` array (GS1 EPCIS 2.0 §6.2 / §8). Each event is
        validated, persisted, and (when its ``bizStep`` is FSMA-relevant)
        materialized into a CriticalTrackingEvent in the same transaction.
        Duplicate events — detected by the EPCIS event hash defined in §8.4 —
        return ``409 Conflict``. Per-event validation failures return ``400``
        with the offending event's ``eventID`` (or array index) in ``detail``.
        Caller must hold an OWNER or MANAGER membership on the target
        organization.
      operationId: apps_epcis_api_epcis_capture
      parameters: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CaptureRequestSchema'
        required: true
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CaptureResponseSchema'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '409':
          description: Conflict
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '422':
          description: Unprocessable Content
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
        '429':
          description: Too Many Requests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorOut'
      security:
        - APIKeyHeaderAuth: []
        - OAuthTokenAuth: []
        - SessionAuth: []
components:
  schemas:
    CaptureRequestSchema:
      description: >-
        EPCIS 2.0 Capture request body (GS1 EPCIS 2.0 §6.2 — EPCISDocument).


        The wire format is a JSON-LD ``EPCISDocument`` whose ``epcisBody``
        carries

        an ``eventList`` array of one or more events. The example below is a

        minimal ``ObjectEvent`` shipping a single SGTIN — production payloads

        typically include ``bizTransactionList``, ``sourceList``,
        ``destinationList``,

        and (for FSMA 204 captures) ``ilmd`` KDEs in the ``cbvmda:`` namespace.
      examples:
        - '@context':
            - https://ref.gs1.org/standards/epcis/2.0.0/epcis-context.jsonld
          creationDate: '2026-05-03T12:00:00.000Z'
          epcisBody:
            eventList:
              - action: OBSERVE
                bizLocation:
                  id: urn:epc:id:sgln:0614141.00777.0
                bizStep: urn:epcglobal:cbv:bizstep:shipping
                bizTransactionList:
                  - bizTransaction: urn:epcglobal:cbv:bt:0614141:1234
                    type: urn:epcglobal:cbv:btt:po
                disposition: urn:epcglobal:cbv:disp:in_transit
                epcList:
                  - https://id.gs1.org/01/00614141123452/10/LOT-A1/21/SERIAL-001
                eventTime: '2026-05-03T10:00:00.000Z'
                eventTimeZoneOffset: '-05:00'
                readPoint:
                  id: urn:epc:id:sgln:0614141.00777.0
                type: ObjectEvent
          schemaVersion: '2.0'
          type: EPCISDocument
      properties:
        epcisBody:
          additionalProperties: true
          description: >-
            EPCIS 2.0 document body containing an ``eventList`` array of one or
            more events (per GS1 EPCIS 2.0 §6.2). At least one event is
            required. Each event must include ``type``, ``eventTime``,
            ``eventTimeZoneOffset``, and the per-type required fields specified
            in §7.3.
          title: Epcisbody
          type: object
      required:
        - epcisBody
      title: CaptureRequestSchema
      type: object
    CaptureResponseSchema:
      description: Response returned after a successful capture (HTTP 201).
      examples:
        - captureID: f47ac10b-58cc-4372-a567-0e02b2c3d479
          createdEvents: 1
      properties:
        captureID:
          description: >-
            Unique identifier for this capture batch (UUIDv4). Mirrors the
            ``captureID`` concept from GS1 EPCIS 2.0 §8.2.1 — useful for
            client-side correlation and idempotency tracking, though
            duplicate-event rejection uses the per-event hash from §8.4 rather
            than this batch ID.
          title: Captureid
          type: string
        createdEvents:
          description: >-
            Number of events successfully created. Returned only on the
            all-or-nothing ``201`` path; equals the length of the submitted
            ``eventList``. If any event fails validation or hits the
            duplicate-hash guard, the endpoint returns the appropriate ``400`` /
            ``409`` error instead — note that events earlier in the batch may
            already be committed (each event captures in its own atomic
            transaction).
          minimum: 1
          title: Createdevents
          type: integer
      required:
        - captureID
        - createdEvents
      title: CaptureResponseSchema
      type: object
    ErrorOut:
      description: |-
        RFC 9457 Problem Details response.

        All API errors are returned in this format with Content-Type:
        application/problem+json.
      examples:
        - detail: The requested resource was not found.
          error_code: not_found
          retryable: false
          status: 404
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Not Found
          type: https://closient.com/docs/errors/not_found
        - detail: Validation error.
          details:
            - loc:
                - body
                - name
              msg: Field required
              type: missing
          error_code: validation_error
          retryable: false
          status: 422
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Validation Error
          type: https://closient.com/docs/errors/validation_error
        - detail: Rate limit exceeded. Please try again later.
          error_code: rate_limited
          retry_after: 31
          retryable: true
          status: 429
          timestamp: '2026-03-31T12:00:00+00:00'
          title: Rate Limited
          type: https://closient.com/docs/errors/rate_limited
      properties:
        type:
          description: URI reference identifying the error type.
          title: Type
          type: string
        title:
          description: Short human-readable summary of the error.
          title: Title
          type: string
        status:
          description: HTTP status code.
          title: Status
          type: integer
        detail:
          description: Human-readable explanation of this specific occurrence.
          title: Detail
          type: string
        error_code:
          description: Machine-readable error code (e.g. not_found, unauthorized).
          title: Error Code
          type: string
        retryable:
          default: false
          description: Whether retrying the same request can succeed.
          title: Retryable
          type: boolean
        timestamp:
          description: ISO 8601 timestamp of when the error occurred.
          title: Timestamp
          type: string
        retry_after:
          anyOf:
            - type: integer
            - type: 'null'
          description: Seconds to wait before retrying (when applicable).
          title: Retry After
        owner_action_required:
          anyOf:
            - type: boolean
            - type: 'null'
          description: Whether the error requires account owner intervention.
          title: Owner Action Required
        details:
          description: Additional context (validation errors, etc.).
          title: Details
      required:
        - type
        - title
        - status
        - detail
        - error_code
        - timestamp
      title: ErrorOut
      type: object
  securitySchemes:
    APIKeyHeaderAuth:
      type: apiKey
      in: header
      name: X-API-Key
    OAuthTokenAuth:
      type: http
      scheme: bearer
    SessionAuth:
      type: apiKey
      in: cookie
      name: sessionid

````