The registry handshake behind every PayFine scan.
A single authenticated RPC returns the driver, vehicle, and live policy state for a windshield code — typically in under 400 ms. This page documents the contract partner systems implement.
{
"code": "BB-7HK-2RJ",
"status": "valid",
"driver": "Andrea M. Phillips",
"vehicle": "2022 Toyota Yaris",
"plate": "B-44291",
"policy": "Comprehensive Insurance",
"expires": "2026-08-14"
}Five outcomes. Every scan, accounted for.
validActive policy, within grace window. Authenticated callers receive full owner details.
expired_graceExpired within the last 7 days. Renewal still possible — warden discretion.
expiredPolicy has lapsed beyond grace. Owner contact returned for follow-up.
revokedCode revoked by issuer or insurer flagged as suspended. Treat as uninsured.
not_foundNo matching record. Returned with empty owner/vehicle payload.
unauthenticatedPublic callers receive vehicle + status only. Owner PII gated behind warden sign-in.
One RPC. Two authentication tiers.
verify_windshield_code_public(_code)- ·
result - ·
insurer_name - ·
jurisdiction - ·
license_plate - ·
make / model / year / color - ·
end_date - ·
days_until_expiry
verify_windshield_code(_code)- ·
everything above - ·
policy_number, coverage_type, start_date - ·
owner_name, owner_nrn - ·
owner_phone, owner_email, owner_address - ·
owner_license - ·
scan_count_last_hour (abuse signal)
Both RPCs are SECURITY DEFINER on the Postgres registry. Owner PII is only released to authenticated callers carrying a valid bearer token for a warden, insurer staff, or platform admin account.
Built for roadside conditions.
The registry runs in-region with replicated reads, and the PayFine warden client holds an offline cache for the last 24 hours of issued codes.