Camera validator — DPP camera flow
Wire the Supportson agent's AI camera mode to DPP Agent's validation endpoint. A consumer points their phone at a product's DPP QR code, the agent extracts the URL, calls our endpoint, and narrates the compliance result conversationally.
This is the canonical flow for scan-to-narrate DPP audits. The same endpoint is open for tullverk, retailers, and any third-party app that needs a structured compliance report.
Endpoint
GET https://dppagent.com/api/v1/validate?url=<dpp-url>
POST https://dppagent.com/api/v1/validate
Content-Type: application/json
{ "url": "<dpp-url>" }
CORS is open (Access-Control-Allow-Origin: *). No auth required —
the endpoint only reads public DPP data.
The URL can be a bare host + path; we normalise https:// if you forget.
Both ?url= and dppUrl body keys are accepted.
Response shape
{
"url": "https://twisttango.dpp.dppagent.com/01/07332485896794",
"fetchedAt": "2026-06-15T13:42:00.000Z",
"dataAvailable": true,
"grade": "B",
"overallScore": 78,
"systemConformance": {
"score": 100,
"checks": [
{ "standard": "EN 18219 §5.2", "pass": true, "detail": "Valid GS1 Digital Link path" },
{ "standard": "EN 18216 §5", "pass": true, "detail": "Server returned JSON on Accept: application/json" },
{ "standard": "EN 18220 §5.2", "pass": true, "detail": "Resolver responded 2xx" },
{ "standard": "EN 18221 §4.5", "pass": false, "detail": "No Link rel=\"backup\" header and no backupHost field" }
]
},
"contentCoverage": {
"score": 76,
"presentCount": 13,
"totalCount": 17,
"presentFields": [ { "field": "productName", "citation": "ESPR Art. 4(2)" }, ... ],
"missingFields": [ { "field": "economicOperatorId", "citation": "EN 18219 §6 (LEI/GS1 GCP)" }, ... ]
},
"product": {
"name": "Sample Knit Sweater",
"brand": "Demo Brand",
"gtin": "07332485896794",
"category": "textile",
"economicOperator": "Demo Brand AB",
"publicUrl": "https://twisttango.dpp.dppagent.com/01/07332485896794"
},
"narrative": "Sample Knit Sweater by Demo Brand, GTIN 07332485896794. System conformance 100%, content coverage 76% (13/17 mandatory ESPR Base fields present). Top missing: economicOperatorId, carbonFootprint, recyclabilityRate. Backup-host NOT declared per EN 18221 §4.5."
}
Key shapes for the agent:
grade(A–F) +overallScore(0–100) — drop into the opening line.systemConformance.checks[]— each is a single regulator clause with pass/fail + plain-English detail. Use this when the user asks "is this compliant".contentCoverage.missingFields[]— each entry includes the regulation citation (ESPR Art. 7(2)(d)etc.) so the agent can cite what's missing.product.*— the conversational handle ("This is a Sample Knit Sweater by Demo Brand").narrative— pre-written 1–2 sentence summary. The agent is free to rewrite, but this is the floor.
When dataAvailable: false the publisher served HTML only (EN 18216 §5
non-compliant). The agent should NOT say fields are "missing" — they
may exist behind the publisher's SPA. The endpoint already signals
this in narrative; honour it.
Agent prompt
The prompt that drives the camera-validator agent is maintained by the DPP Agent team and provided to integration partners under NDA. Request access via support@dppagent.com.
Example narrations
Textile DPP, dataAvailable=true, grade=B:
This is the Sample Knit Sweater by Demo Brand. It scores B — system conformance perfect, content coverage 76%. The biggest gap is the economic-operator identifier required per EN 18219 §6, and there's no backup-host declared per EN 18221 §4.5. The brand should add an LEI or GS1 GCP-qualified operator ID and configure a backup host.
HTML-only DPP, dataAvailable=false, grade=F (URL-only):
The URL is a valid GS1 Digital Link but the publisher doesn't expose the passport data machine-readably — that's EN 18216 §5 non-compliant. I can verify the URL and that it resolves, but not the underlying field-level content. The brand should serve the DPP as JSON via content negotiation so third parties (regulators, retailers, customs) can audit it without a browser.
Don't
- Don't fabricate fields not in the response.
- Don't translate "Not detected" / "below SVHC" type substance statuses into "no SoC" without quoting the response.
- Don't cite EN 18221 §4.5 as the publisher's fault when
dataAvailable = false— when there's no JSON we can't tell if backupHost is declared in the body. Say "couldn't verify" instead.
Notes for the Supportson admin
- The camera-validator agent prompt above should sit alongside the existing agent persona. It runs only when the camera-mode detects a QR.
- Logging — fine to forward the JSON response to your analytics so we can see what kinds of DPPs people are scanning. Don't store full product payloads beyond 7 days without a privacy review.
- The endpoint is read-only; no need to wire authentication on the Supportson side.
- Status: dppagent.com status is published at https://status.dppagent.com — your reliability dashboards can poll the same endpoint we do.
Open questions
- Do we want to surface a per-category narrative (textile vs battery
vs steel)? The endpoint already returns
product.category; the agent prompt could branch on it ("For batteries, mention SOCE and Article 7 carbon footprint"). - Should the endpoint also accept a raw image (QR-decode on our side)? Currently the agent does the decode. Could centralise it if Supportson's camera SDK isn't reliable across phones.