> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enneo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Dry-run customer legitimation check

> Evaluates the configured legitimation rules (`customerLegitimationRuleAsyncChannels` /
`customerLegitimationRuleSyncChannels`) against a synthetic ticket built from the supplied
fields. No data is written. Useful for testing legitimation settings without a real ticket.




## OpenAPI

````yaml https://dev.enneo.dev/api/mind/docs/open-api post /contract/legitimation/preview
openapi: 3.0.0
info:
  version: '1'
  title: enneo.MIND API
  description: This describes the API of enneo Mind, the main ticketing backend
  contact:
    name: enneo GmbH
    email: richard@enneo.ai
  license:
    name: Proprietary software
    url: https://enneo.ai
servers:
  - url: https://demo.enneo.ai/api/mind
    description: Production server, demo client
  - url: https://main.enneo.dev/api/mind
    description: Development main branch
  - url: http://localhost:8005/api/mind
    description: Local development server
security:
  - bearerAuth:
      - api
  - cookieAuth:
      - api
paths:
  /contract/legitimation/preview:
    post:
      tags:
        - Contract
      summary: Dry-run customer legitimation check
      description: >
        Evaluates the configured legitimation rules
        (`customerLegitimationRuleAsyncChannels` /

        `customerLegitimationRuleSyncChannels`) against a synthetic ticket built
        from the supplied

        fields. No data is written. Useful for testing legitimation settings
        without a real ticket.
      operationId: contractLegitimationPreview
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - channel
              properties:
                channel:
                  type: string
                  description: >-
                    Ticket channel. Determines which rule set is used (sync:
                    chat/phone, async: all others).
                  example: email
                contractId:
                  type: string
                  description: >-
                    Optional. If provided, the real contract is loaded from the
                    ERP and used for criteria evaluation.
                  example: '715559'
                customerId:
                  type: string
                  description: >-
                    Optional override for the customer ID on the loaded
                    contract.
                  example: C-987
                from:
                  type: string
                  description: Sender address (email or phone number).
                  example: kunde@example.com
                subject:
                  type: string
                  description: Ticket subject line.
                  example: Question about my contract
                bodyPlain:
                  type: string
                  description: Plain-text ticket body.
                  example: >-
                    My contract number is 715559 and I'd like to change my
                    address.
                rawData:
                  type: object
                  description: >-
                    Synthetic ticket.rawData JSON object — same shape as the raw
                    payload Mind writes to the ticket table on incoming tickets.
                  additionalProperties: true
                subchannelId:
                  type: string
                  description: >-
                    Optional subchannel ID. If the subchannel has
                    `assistantAuthenticationInstructions`, the deprecated path
                    is used.
                  example: '3'
      responses:
        '200':
          description: Legitimation check result
          content:
            application/json:
              schema:
                type: object
                properties:
                  legitimationLevel:
                    type: integer
                    description: >-
                      0=no customer, 10=identified but not legitimized,
                      20=legitimized
                    example: 10
                  legitimationMessage:
                    type: string
                    nullable: true
                    description: >-
                      Human-readable explanation of why legitimation failed.
                      null on level 0 and 20.
                    example: '<b>Group 1</b>: needed 2, got 1 criteria.'
                  detectionLog:
                    type: array
                    items:
                      type: string
                    description: Step-by-step evaluation log for debugging.
        '400':
          description: Missing required field
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          description: Unauthorized
        '404':
          description: Contract not found
components:
  schemas:
    Error:
      type: object
      description: Data format of Enneo error messages
      properties:
        error:
          type: string
          example: Contract 121 could not be processed
          description: Readable error message that should be shown to the user
        details:
          type: string
          example: >-
            Uncatched null point exception in testFunction() in
            /app/src/file:212
          description: Not easily readable error message that is for the developer
        txId:
          type: string
          example: c916167c94
          description: >-
            Internal transaction id. Useful for debugging. Corresponds to the
            OpenTelemetry trace ID.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: JWT-based authentication
      x-scopes:
        api: Full access to the API
    cookieAuth:
      type: apiKey
      in: cookie
      name: connect.sid
      description: Cookie-based authentication
      x-scopes:
        api: Full access to the API

````