Skip to main content

Authentication

All API requests require a valid JWT passed in a custom header. The API supports multiple authentication providers — your platform administrator will configure which provider to use.

Making Authenticated Requests

Pass the JWT from your auth provider in the x-juno-jwt header: 
curl https://api.sumvin.com/v0/user/me \
  -H "x-juno-jwt: <your-jwt-token>"
The API uses x-juno-jwt, not the standard Authorization: Bearer header.

Supported Auth Providers

ProviderDescription
Dynamic LabsWeb3-native auth with wallet and email login
ClerkTraditional auth with email, phone, and social login
Your platform is configured with one provider. The token issuance flow depends on which provider is active — refer to your provider’s SDK documentation for how to obtain JWTs.

Token Requirements

The JWT must include these standard claims:
ClaimRequiredDescription
subYesUser’s unique identifier from the auth provider
expYesToken expiration time (Unix timestamp)
The API validates the token against the configured provider’s JWKS endpoint. Expired or tampered tokens are rejected.

User Identity

The API resolves user identity from the JWT — you never pass user_id in URLs or request bodies. All endpoints scoped to “the current user” use GET /v0/user/me, POST /v0/user/me/onboarding/submit, etc. On first request, if no user exists for the JWT’s sub claim, you must create one: 
curl -X POST https://api.sumvin.com/v0/user/ \
  -H "x-juno-jwt: <your-jwt-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "primary_eoa_address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD78",
    "chain_id": 8453
  }'
Subsequent requests with the same JWT will resolve to this user.

Error Responses

Authentication failures return RFC 7807 Problem Details: 
{
  "type": "https://api.sumvin.com/errors/usr-401-001",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Missing or invalid authentication token",
  "error_code": "USR-401-001"
}
StatusMeaning
401 UnauthorizedMissing, expired, or invalid JWT
403 ForbiddenToken is valid but the user lacks required permissions
404 Not FoundToken is valid but no user account exists (call POST /v0/user/ first)

Request Headers

HeaderRequiredDescription
x-juno-jwtYesJWT from your configured auth provider
Content-TypeFor POST/PUT/PATCHapplication/json
X-Timestamp-FormatNoSet to iso8601 for ISO 8601 timestamps instead of epoch milliseconds