> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flexslot.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Resolve card identifiers

> Resolves a list of partner-supplied card identifiers to canonical Flexslot cards. Used by partners to validate references before submitting deck imports. Strict mode (``?strict=true`` query string OR ``"strict": true`` body flag) returns 422 if any identifiers are unresolved.



## OpenAPI

````yaml /openapi.json post /api/public/v1/games/{game}/cards/resolve
openapi: 3.0.3
info:
  title: Flexslot API
  version: 1.0.0
  description: API documentation for Flexslot decks application
servers:
  - url: https://api.flexslot.gg
    description: Production
  - url: https://api-dev.flexslot.gg
    description: Development
security: []
paths:
  /api/public/v1/games/{game}/cards/resolve:
    post:
      tags:
        - Cards
      summary: Resolve card identifiers
      description: >-
        Resolves a list of partner-supplied card identifiers to canonical
        Flexslot cards. Used by partners to validate references before
        submitting deck imports. Strict mode (``?strict=true`` query string OR
        ``"strict": true`` body flag) returns 422 if any identifiers are
        unresolved.
      operationId: games_cards_resolve
      parameters:
        - in: path
          name: game
          schema:
            type: string
          required: true
        - in: query
          name: strict
          schema:
            type: boolean
          description: >-
            When true, return 422 FLEXSLOT_CARD_RESOLUTION_FAILED if any
            submitted identifier cannot be resolved.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CardResolveRequestRequest'
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/CardResolveRequestRequest'
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/CardResolveRequestRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CardResolveResponse'
          description: ''
      security:
        - PartnerHmac: []
          PartnerSlug: []
          PersonalAccessToken: []
        - PartnerHmac: []
          PartnerSlug: []
        - ApiKey: []
        - PersonalAccessToken: []
        - OAuth2DPoP: []
          OAuth2DPoPProof: []
        - OAuth2Bearer: []
components:
  schemas:
    CardResolveRequestRequest:
      type: object
      properties:
        identifiers:
          type: array
          items:
            $ref: '#/components/schemas/CardIdentifierInputRequest'
        format:
          type: string
          nullable: true
        strict:
          type: boolean
          default: false
      required:
        - identifiers
    CardResolveResponse:
      type: object
      properties:
        resolved:
          type: array
          items:
            type: object
        unresolved:
          type: array
          items:
            type: object
      required:
        - resolved
        - unresolved
    CardIdentifierInputRequest:
      type: object
      properties:
        scryfall_id:
          type: string
        mtgjson_id:
          type: string
        tcgplayer_id:
          type: string
        cardId:
          type: string
        variantId:
          type: string
        name:
          type: string
        set:
          type: string
        collector_number:
          type: string
  securitySchemes:
    PartnerHmac:
      type: apiKey
      in: header
      name: X-Signature
      description: >-
        HMAC-SHA256 over canonical request string. Format:
        v1.<unix_seconds>.<hex_hmac_sha256>.
    PartnerSlug:
      type: apiKey
      in: header
      name: X-Partner-Id
      description: Partner identifier slug. Required alongside X-Signature for HMAC auth.
    PersonalAccessToken:
      type: http
      scheme: bearer
      bearerFormat: flx_pat_...
      description: 'User-issued personal access token (format: flx_pat_<token>).'
    ApiKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: >-
        Partner API key (format: ak_<token>). Alternative to HMAC for simpler
        integrations.
    OAuth2DPoP:
      type: http
      scheme: DPoP
      description: >-
        DPoP-bound OAuth2 access token (RFC 9449). Issued by the /oauth/token
        endpoint when the client is registered with
        dpop_bound_access_tokens=true. Each protected request must include a
        fresh DPoP proof JWT in the DPoP header. Token format: flx_at_<token>.
    OAuth2DPoPProof:
      type: apiKey
      in: header
      name: DPoP
      description: >-
        RFC 9449 DPoP proof JWT. Required on every request that presents
        Authorization: DPoP <access_token>. Must carry fresh iat, jti, htm
        matching the request method, htu matching the request URL, and ath
        matching SHA-256 of the access token.
    OAuth2Bearer:
      type: http
      scheme: bearer
      bearerFormat: flx_at_...
      description: >-
        OAuth2 access token issued via the authorization-code + PKCE flow
        (format: flx_at_<token>). Grants the partner user-scoped access to act
        on behalf of the consenting end-user.

````