DPP Agent docs

Camera validator — DPP camera flow

Wire the Supportson agent's AI camera mode to DPP Agent's validation endpoint. A consumer points their phone at a product's DPP QR code, the agent extracts the URL, calls our endpoint, and narrates the compliance result conversationally.

This is the canonical flow for scan-to-narrate DPP audits. The same endpoint is open for tullverk, retailers, and any third-party app that needs a structured compliance report.

Endpoint

GET  https://dppagent.com/api/v1/validate?url=<dpp-url>
POST https://dppagent.com/api/v1/validate
     Content-Type: application/json
     { "url": "<dpp-url>" }

CORS is open (Access-Control-Allow-Origin: *). No auth required — the endpoint only reads public DPP data.

The URL can be a bare host + path; we normalise https:// if you forget. Both ?url= and dppUrl body keys are accepted.

Response shape

{
  "url": "https://twisttango.dpp.dppagent.com/01/07332485896794",
  "fetchedAt": "2026-06-15T13:42:00.000Z",
  "dataAvailable": true,
  "grade": "B",
  "overallScore": 78,
  "systemConformance": {
    "score": 100,
    "checks": [
      { "standard": "EN 18219 §5.2", "pass": true,  "detail": "Valid GS1 Digital Link path" },
      { "standard": "EN 18216 §5",   "pass": true,  "detail": "Server returned JSON on Accept: application/json" },
      { "standard": "EN 18220 §5.2", "pass": true,  "detail": "Resolver responded 2xx" },
      { "standard": "EN 18221 §4.5", "pass": false, "detail": "No Link rel=\"backup\" header and no backupHost field" }
    ]
  },
  "contentCoverage": {
    "score": 76,
    "presentCount": 13,
    "totalCount": 17,
    "presentFields": [ { "field": "productName", "citation": "ESPR Art. 4(2)" }, ... ],
    "missingFields":  [ { "field": "economicOperatorId", "citation": "EN 18219 §6 (LEI/GS1 GCP)" }, ... ]
  },
  "product": {
    "name": "Sample Knit Sweater",
    "brand": "Demo Brand",
    "gtin": "07332485896794",
    "category": "textile",
    "economicOperator": "Demo Brand AB",
    "publicUrl": "https://twisttango.dpp.dppagent.com/01/07332485896794"
  },
  "narrative": "Sample Knit Sweater by Demo Brand, GTIN 07332485896794. System conformance 100%, content coverage 76% (13/17 mandatory ESPR Base fields present). Top missing: economicOperatorId, carbonFootprint, recyclabilityRate. Backup-host NOT declared per EN 18221 §4.5."
}

Key shapes for the agent:

  • grade (A–F) + overallScore (0–100) — drop into the opening line.
  • systemConformance.checks[] — each is a single regulator clause with pass/fail + plain-English detail. Use this when the user asks "is this compliant".
  • contentCoverage.missingFields[] — each entry includes the regulation citation (ESPR Art. 7(2)(d) etc.) so the agent can cite what's missing.
  • product.* — the conversational handle ("This is a Sample Knit Sweater by Demo Brand").
  • narrative — pre-written 1–2 sentence summary. The agent is free to rewrite, but this is the floor.

When dataAvailable: false the publisher served HTML only (EN 18216 §5 non-compliant). The agent should NOT say fields are "missing" — they may exist behind the publisher's SPA. The endpoint already signals this in narrative; honour it.

Agent prompt

The prompt that drives the camera-validator agent is maintained by the DPP Agent team and provided to integration partners under NDA. Request access via support@dppagent.com.

Example narrations

Textile DPP, dataAvailable=true, grade=B:

This is the Sample Knit Sweater by Demo Brand. It scores B — system conformance perfect, content coverage 76%. The biggest gap is the economic-operator identifier required per EN 18219 §6, and there's no backup-host declared per EN 18221 §4.5. The brand should add an LEI or GS1 GCP-qualified operator ID and configure a backup host.

HTML-only DPP, dataAvailable=false, grade=F (URL-only):

The URL is a valid GS1 Digital Link but the publisher doesn't expose the passport data machine-readably — that's EN 18216 §5 non-compliant. I can verify the URL and that it resolves, but not the underlying field-level content. The brand should serve the DPP as JSON via content negotiation so third parties (regulators, retailers, customs) can audit it without a browser.

Don't

  • Don't fabricate fields not in the response.
  • Don't translate "Not detected" / "below SVHC" type substance statuses into "no SoC" without quoting the response.
  • Don't cite EN 18221 §4.5 as the publisher's fault when dataAvailable = false — when there's no JSON we can't tell if backupHost is declared in the body. Say "couldn't verify" instead.

Notes for the Supportson admin

  • The camera-validator agent prompt above should sit alongside the existing agent persona. It runs only when the camera-mode detects a QR.
  • Logging — fine to forward the JSON response to your analytics so we can see what kinds of DPPs people are scanning. Don't store full product payloads beyond 7 days without a privacy review.
  • The endpoint is read-only; no need to wire authentication on the Supportson side.
  • Status: dppagent.com status is published at https://status.dppagent.com — your reliability dashboards can poll the same endpoint we do.

Open questions

  • Do we want to surface a per-category narrative (textile vs battery vs steel)? The endpoint already returns product.category; the agent prompt could branch on it ("For batteries, mention SOCE and Article 7 carbon footprint").
  • Should the endpoint also accept a raw image (QR-decode on our side)? Currently the agent does the decode. Could centralise it if Supportson's camera SDK isn't reliable across phones.