- Remove POST /api/scan/verify (redundant with /api/scan)
- POST /api/scan now returns state: "accepted" or "refused" with reason
- Refused reasons: already_scanned, invalid, expired, exit_definitive, wrong_event
- Accepted response includes details object (for future additional data)
- Template: render extra section (refusal reasons table in red)
- Only 2 POST routes remain: /api/auth/login + /api/scan (all others are GET)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
9981121638