Special Category Passengers
Taxi & Private Hire › Products › Customer › Special Category Passengers
Generally available
SCPs are passengers who travel under another customer's account — typically children on school runs, dependents in medical transport, or any "named rider" who is not the booking customer. Each SCP has a display name, date of birth, and a flag indicating whether driver handoff verification is required (e.g. PIN-based confirmation at pickup). SCPs link to one or more Customer guardians via SpecialCategoryPassengerCustomer. Soft-delete preserves audit history.
Example request
POST /client/{clientId}/scp
{
"displayName": "<string>",
"dateOfBirth": 0,
"requiresHandoffVerification": false,
"notes": "<text>",
"customerLinks": [
{
"id": "<id>"
}
],
"driverApprovals": [
{
"id": "<id>"
}
]
}
Example shape, derived from the SpecialCategoryPassenger fields — indicative,
not the authoritative schema (that arrives with the API reference).
Endpoints
| Method | Path | |
|---|---|---|
GET | /client/{clientId}/customer/{customerId}/scp | |
POST | /client/{clientId}/scp · primary | |
DELETE | /client/{clientId}/scp/{scpId} | |
GET | /client/{clientId}/scp/{scpId} | |
GET | /client/{clientId}/scp | |
POST | /client/{clientId}/scp/{scpId} |
Full request/response schemas and an interactive explorer will live in the API reference (coming soon).
Use cases
Operator flows that exercise this feature.
config risk: low
Register a special-category (school) passenger and link them to a guardian customer.
POST/client/{clientId}/scpPOST/client/{clientId}/scpcustomer
Related
Fields
| Field | Type | Description |
|---|---|---|
displayName | string | Human-readable name shown to operators + drivers ("Eoin (Mary's son)", "Mrs Doyle for Dr Smith"). Surfaced in the driver app at pickup so the driver knows who they're collecting; queryable by `queryFields()`. |
dateOfBirth | int | Optional date of birth (Unix). Held in `protected` group — never surfaced to drivers — and used for age-banded SCP categories (child seat sizing, accompanied-minor rules). The SCP Safety Envelope work will read this to gate tighter health checks. |
requiresHandoffVerification | boolean | When true, a 6-digit dropoff PIN is generated per TripSegment booked for this SCP and verified at dropoff completion. Stub in PR4; behaviour wires up in PR5b (driver-side PIN entry). Default false on existing SCPs to preserve current handoff flow. |
notes | text | Free-text operator notes about the passenger (allergies, mobility constraints, behavioural cues). Held in `protected` group — visible to operators + support, hidden from drivers — and never auto-surfaced to the customer-facing booking flow. |
customerLinks | Collection | Guardian relationships — SCP-to-Customer join rows with relationship type (parent, guardian, carer, etc.). An SCP must have at least one customer link at creation time; the link table is the source for "which customer accounts may book this SCP". |
driverApprovals | Collection | Approved / preferred drivers for this passenger — DriverScp join rows. HARD entries restrict dispatch to these drivers; SOFT entries prefer them within a window. Managed here on the SCP record. |
deletedAt | integer | |
deletedBy | bigint | |
clientId | bigint | Tenant scope. Every tenant-aware entity carries this; `ClientFilter` enforces row-level isolation on read; the multi-tenancy routing layer (`/client/{clientId}`) sets it at create time. Surfaced only under `admin` / `tripLog` groups — never to end users. |
internalKey | string | Optional client-supplied external reference / idempotency key. When present, lets external systems correlate platform-side records back to their own source-of-truth ids. Not persisted to a column — populated by the request handler when the caller sets it. |
__objectType | string | Discriminator string (entity class short-name) emitted alongside the id in serialized output. Resolved at read time by `getObjectType()`; lets the FE dispatch entity-specific rendering without inspecting the URL. |
id | bigint | Snowflake-style primary key (unsigned BIGINT). Generated by `IdFactory` at create time; surfaced to the FE / API as a `G`-prefixed string and stripped back to plain bigint server-side before Doctrine lookup. |
createdDate | integer | Unix timestamp the row was first persisted. Set in the entity's PrePersist hook; never rewritten on subsequent updates. |
updatedDate | integer | Unix timestamp the row was last touched. Bumped on every commit that hits the Doctrine UoW for this entity; drives FE invalidation + the listing change cursor. |
passiveUpdatedDate | int | Read-through alias for `updatedDate` exposed under different serializer groups. Lets the FE distinguish "real edit" from "background touch" projections without changing the underlying column. |
listingUpdatedDate | int | Listing-projection timestamp surfaced only under the `listMode` group. Driven by `TripCache` and other listing-shape refreshers separately from `updatedDate` so a listing rebuild doesn't trigger detail-page invalidation. |