> ## Documentation Index
> Fetch the complete documentation index at: https://docs.closient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload a product image

> Upload a product image and create a scan capture with optional barcode metadata.



## OpenAPI

````yaml /openapi/openapi-scanner.json post /scanner/api/v1/captures/upload-image
openapi: 3.1.0
info:
  title: Scanner API
  version: 1.0.0
  description: >
    Barcode and product scanning with vision extraction.


    ## Authentication


    All endpoints require an API key passed via the `X-API-Key` HTTP header,
    unless otherwise noted.


    ```

    X-API-Key: csb_<body>_<checksum>

    ```


    Generate API keys in **Settings > API Keys** in your dashboard, or via the
    Account API.

    Session-based (cookie) authentication is also accepted for browser-based
    access.


    ## Rate Limits


    | Tier        | Requests / minute | Requests / day |

    |-------------|-------------------|----------------|

    | Default     | 300               | 10,000         |

    | Custom      | Contact us        | Contact us     |


    Rate-limit headers are included on every response so callers can
    self-throttle without

    hitting our 429s ("informed governor"):


    - `RateLimit-Policy` — every active window, e.g. `300;w=60, 10000;w=86400`

    - `RateLimit-Limit` — quota for the **most-restrictive** currently-active
    window

    - `RateLimit-Remaining` — requests left in that window

    - `RateLimit-Reset` — seconds until that window resets (relative; clock-skew
    safe)


    Legacy `X-RateLimit-*` aliases are also emitted for back-compat.
    `X-RateLimit-Reset`

    keeps the absolute Unix-timestamp shape to avoid breaking existing
    consumers.


    When rate-limited, you receive `429 Too Many Requests` with a
    `retry_after_seconds` field

    in the error envelope and a `Retry-After` header.


    ## Pagination


    List endpoints return paginated results in this envelope:


    ```json

    {
      "data": [...],
      "pagination": {
        "page": 1,
        "page_size": 25,
        "total_count": 342,
        "total_pages": 14,
        "has_next": true,
        "has_previous": false
      }
    }

    ```


    Use `?page=2&page_size=50` query parameters. Maximum page size is 100.


    ## Error Responses


    All errors conform to [RFC 9457 Problem
    Details](https://www.rfc-editor.org/rfc/rfc9457)

    with `Content-Type: application/problem+json`:


    ```json

    {
      "type": "https://closient.com/docs/errors/not_found",
      "title": "Not Found",
      "status": 404,
      "detail": "The requested resource was not found.",
      "error_code": "not_found",
      "retryable": false,
      "timestamp": "2026-03-31T12:00:00+00:00"
    }

    ```


    Common error codes: `unauthorized` (401), `forbidden` (403), `not_found`
    (404),

    `validation_error` (422), `rate_limited` (429), `internal_error` (500).
  termsOfService: https://www.closient.com/terms/
servers:
  - url: https://www.closient.com
security: []
tags:
  - name: Scanner Sessions
    description: Create and manage barcode scanning sessions.
  - name: Scanner Captures
    description: Record barcode scan captures within sessions.
  - name: Scanner Enrichment
    description: Enrich scanned items with product data.
  - name: Scanner Photos
    description: Manage photos attached to scan sessions.
  - name: Scanner Upload
    description: Upload scan data in bulk.
  - name: Scanner Resolve
    description: >-
      Dual-scan QR resolve: follow QR redirect chains and save the canonical URL
      as a trade-item redirect (C-503).
  - name: Scanner Freshness
    description: >-
      Resolve color-coded freshness-chip thresholds for a scanned GTIN from the
      GPC-brick category config (C-2987). Anonymous-allowed; consumed by the
      public /scan/ overlay.
externalDocs:
  description: Closient Documentation
  url: https://docs.closient.com
paths:
  /scanner/api/v1/captures/upload-image:
    post:
      tags:
        - Scanner Upload
      summary: Upload a product image
      description: >-
        Upload a product image and create a scan capture with optional barcode
        metadata.
      operationId: apps_scanner_api_upload_endpoints_upload_image
      parameters: []
      requestBody:
        content:
          multipart/form-data:
            schema:
              title: MultiPartBodyParams
              type: object
              properties:
                session_short_id:
                  description: Short ID of the active scan session.
                  title: Session Short Id
                  type: string
                capture_type:
                  allOf:
                    - description: >-
                        ``capture_type`` accepted by the multipart image-upload
                        endpoint.


                        Subset of :class:`CaptureTypeEnum` — the upload endpoint
                        only accepts

                        ``BARCODE`` (the operator detected a barcode client-side
                        and is

                        uploading the image as supporting evidence) or ``IMAGE``
                        (no barcode

                        detected; the server must run vision extraction).
                        ``MANUAL`` is not

                        accepted on the upload path because there is no image to
                        attach to a

                        manual entry.
                      enum:
                        - BARCODE
                        - IMAGE
                      title: CaptureUploadTypeEnum
                      type: string
                  default: IMAGE
                  description: >-
                    How the upload was produced. ``BARCODE`` if the client
                    detected a barcode and is uploading the image as supporting
                    evidence; ``IMAGE`` if no barcode was detected and the
                    server must run vision extraction. ``MANUAL`` is not
                    accepted on this endpoint.
                raw_value:
                  default: ''
                  description: Raw barcode value detected client-side, if any.
                  title: Raw Value
                  type: string
                gtin:
                  default: ''
                  description: Normalized GTIN-14 extracted from client-side detection.
                  title: Gtin
                  type: string
                image:
                  description: Product image file (JPEG, PNG, WebP).
                  format: binary
                  title: Image
                  type: string
              required:
                - session_short_id
                - image
        required: true
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CaptureResponseSchema'
      security:
        - APIKeyHeaderAuth: []
        - OAuthTokenAuth: []
        - SessionAuth: []
components:
  schemas:
    CaptureResponseSchema:
      description: Scan capture with processing status and matched product data.
      examples:
        - capture_type: BARCODE
          created: '2025-08-15T14:05:00Z'
          error_message: ''
          gtin: '00012345600012'
          metadata:
            order_id: '6735'
          processed_at: '2025-08-15T14:05:02Z'
          product_name: Trail Mix 12oz
          product_short_id: trail-mix-12oz
          raw_value: '00012345600012'
          status: matched
      properties:
        metadata:
          additionalProperties:
            type: string
          description: >-
            Developer-attached key/value data attached to this object. Up to 50
            keys; key max 40 chars, value max 500 chars.
          title: Metadata
          type: object
        status:
          $ref: '#/components/schemas/CaptureStatusEnum'
          description: >-
            Processing status of this capture. Captures progress ``PENDING →
            LOOKING_UP → ENRICHING → RESOLVING → COMPLETED``; ``FAILED`` is set
            on any unrecoverable error (see ``error_message``) and ``NOT_FOUND``
            is set when the GTIN does not match a known product after lookup.
        capture_type:
          $ref: '#/components/schemas/CaptureTypeEnum'
          description: >-
            How the capture was produced. ``BARCODE`` for client-side detection,
            ``IMAGE`` for an uploaded image awaiting vision extraction,
            ``MANUAL`` for an operator-typed identifier.
        raw_value:
          description: Raw value as detected.
          title: Raw Value
          type: string
        gtin:
          description: Normalized GTIN-14.
          title: Gtin
          type: string
        gs1_dl_data:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          description: Application Identifiers from GS1 DL.
          title: Gs1 Dl Data
        product_short_id:
          anyOf:
            - type: string
            - type: 'null'
          description: Slug of the matched product.
          title: Product Short Id
        product_name:
          anyOf:
            - type: string
            - type: 'null'
          description: Name of the matched product.
          title: Product Name
        error_message:
          description: Error message if processing failed.
          title: Error Message
          type: string
        created:
          description: Timestamp when the capture was created.
          format: date-time
          title: Created
          type: string
        processed_at:
          anyOf:
            - format: date-time
              type: string
            - type: 'null'
          description: Timestamp when processing completed.
          title: Processed At
        uploaded_image_key:
          anyOf:
            - type: string
            - type: 'null'
          description: Storage key of the uploaded image file.
          title: Uploaded Image Key
        qr_analysis:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          description: >-
            QR-redirect-chain analysis result populated by the background
            pipeline when ``raw_value`` is an HTTP(S) URL. Keys:
            ``initial_url``, ``final_url``, ``hops`` (list of ``{url,
            status_code, headers}``), ``hop_count``, ``resolver_domain``,
            ``resolver_type`` (``CLOSIENT`` / ``GS1_DL`` / ``URL_SHORTENER`` /
            ``DIRECT`` / ``UNKNOWN``), ``is_closient_resolver``,
            ``extracted_gtin``, ``error_message``. ``None`` until the analyzer
            task has run or when the capture has no URL to analyze.
          title: Qr Analysis
      required:
        - status
        - capture_type
        - raw_value
        - gtin
        - error_message
        - created
      title: CaptureResponseSchema
      type: object
    CaptureStatusEnum:
      description: |-
        Processing status of an individual scan capture.

        Mirrors :class:`apps.scanner.models.ScanCapture.Status`. Captures move
        ``PENDING → LOOKING_UP → ENRICHING → RESOLVING → COMPLETED``;
        ``FAILED`` is set on any unrecoverable error and ``NOT_FOUND`` is set
        when the GTIN does not match a known product after lookup.
      enum:
        - PENDING
        - LOOKING_UP
        - ENRICHING
        - RESOLVING
        - COMPLETED
        - FAILED
        - NOT_FOUND
      title: CaptureStatusEnum
      type: string
    CaptureTypeEnum:
      description: |-
        How a capture was produced.

        Mirrors :class:`apps.scanner.models.ScanCapture.CaptureType`.
        ``BARCODE`` is a client-side barcode/QR detection; ``IMAGE`` is a
        server-side image upload that will be analyzed by the vision pipeline;
        ``MANUAL`` is an operator-typed identifier with no scan or upload
        backing it.
      enum:
        - BARCODE
        - IMAGE
        - MANUAL
      title: CaptureTypeEnum
      type: string
  securitySchemes:
    APIKeyHeaderAuth:
      type: apiKey
      in: header
      name: X-API-Key
    OAuthTokenAuth:
      type: http
      scheme: bearer
    SessionAuth:
      type: apiKey
      in: cookie
      name: sessionid

````