# Face Verification API

## Endpoint
**POST** `/api/face/verify`

Proxies face verification requests to the Python face service.

## Authentication
Requires API key via `X-API-KEY` header.

## Request

**Headers:**
```
X-API-KEY: face_vsPYSuwIQ7iDvZHCK60cB9Ui5tbw1NPwpk2zhnoW
Content-Type: application/json
```

**Body:**
```json
{
  "reference_id": "user_12345",
  "image": "base64_encoded_image_string"
}
```

## Response
Returns the Python service response as-is (no modification).

**Success Example:**
```json
{
  "success": true,
  "match": true,
  "confidence": 0.95
}
```

**Error Example:**
```json
{
  "success": false,
  "error": "Face not detected"
}
```

## Configuration

Add to `.env` (never expose these to clients):
```env
FACE_ENGINE_URL=http://127.0.0.1:8000
FACE_ENGINE_API_KEY=your_internal_service_key
```

## Flow
1. Client sends request with API key
2. Laravel validates API key (middleware)
3. Laravel validates request payload
4. Laravel forwards to Python service with internal key
5. Python service processes face verification
6. Laravel returns Python response unchanged

## Testing

```bash
# Create client and get API key
curl -X POST http://localhost:8000/api/admin/clients \
  -H "Content-Type: application/json" \
  -d '{"name":"Test Client"}'

# Use API key to verify face
curl -X POST http://localhost:8000/api/face/verify \
  -H "X-API-KEY: face_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "reference_id": "user_123",
    "image": "base64_image_data"
  }'
```

## Error Responses

**401 Unauthorized** - Invalid/missing API key
```json
{
  "error": "API key required"
}
```

**422 Validation Error** - Missing required fields
```json
{
  "message": "The reference_id field is required.",
  "errors": {
    "reference_id": ["The reference_id field is required."]
  }
}
```