Catalog Serve
The age-gated catalog read — unscored (GET) and per-member scored (POST).
/v1/catalog/serve returns your airline’s visible catalog, age-gated. It
has two verbs:
GET— the unscored read: the full visible catalog in a stable order, age-gated to a seat/member if you name one.POST— the scored serve: the same age-gated catalog ranked for one member by their bound persona and affinity.
Both apply the age-tier model and the fail-closed locator rules: an unknown or unbound member is served the most-restrictive (child-safe) catalog, never the full one, and never an error.
GET — unscored read
Airline-scoped — no
X-Session-Id. All query parameters are optional:
titleIdis an integer (see the note on ids).year: 0means an unknown year;ratingandsynopsisare omitted when unknown (the API never sends a field asnull).totalItemsis the visible-catalog size before age exclusion;ageExcludedCountis how many the gate removed — reported honestly, never papered over.ageTierAppliedis the tier the server resolved for your locator (Unknownis shown as-is and behaves asChild).
POST — scored serve
The keystone personalization read: the age-gated catalog ranked for one
member. This is session-scoped —
it requires the X-Session-Id header. Body (max 4 KiB):
Everything from the GET item, plus:
score— a deterministic 0–100 affinity score. It is code-computed, not model-generated; items are returned in descending score order.matchReason— a short deterministic explanation; omitted when the scorer has no signal (e.g. cold-start).personaBound— the honest cold-start signal.falsemeans no persona or affinity is bound for this member yet, so ordering is affinity-neutral rather than a fabricated ranking. Bind a persona with/v1/personas/generateand drive affinity with events to move it totrue.
Scoring never overrides child-safety. The age gate excludes mature titles
regardless of affinity — a high-affinity mature title is still excluded for a
Child/Tween/Unknown member, and still counted in ageExcludedCount.
Errors
Standard envelope. The GET returns 401 / 403 / 422 /
500; the POST additionally returns 400 session.unresolved when the
X-Session-Id header is missing or invalid (see
Sessions). Note that a
bad seatId is not an error on either verb — it fails closed to the
child-safe tier.