Platform API vs SIS
Sumvin is four products — (verified identity), (agent tasking), (the money agent), and (payments) — reached through two distinct API surfaces. This page is about which surface you call, not which product you build. The Platform API is what a consumer app calls on behalf of a user to build with those products — create a user (Sigil), run KYC, manage wallets and cards (Atomic Money), kick off an Errand. The SIS API (Sumvin Identity Service) is the issuer side of the identity layer — it exchanges a signed for a JWT, publishes the JWKS verifiers use, answers revocation checks, and looks up user data by SRI. A verifier receiving a credential validates the JWT locally against the cached JWKS — no per-request SIS call — and only calls the SIS API when it opts into a fresh revocation check or needs to exchange a Stamped Mandate. You pick the surface by the job you’re doing, not by the user you’re acting for.What each surface owns
| Surface | Owns | Typical caller |
|---|---|---|
| Platform API | Users, onboarding state, KYC (Sigil), wallets (EOA + Safe), Errands, cards, strategies, transactions (Atomic Money) | Partner backend acting on behalf of an authenticated user |
| SIS API | Stamped Mandate exchange, JWT issuance, JWKS, revocation, SRI-to-user lookup, dashboard auth config | Partner backend doing token exchange; verifier backend for optional revocation/lookup |
Where they meet
A user created via the Platform API is identified system-wide by their SRI — the wire identity behind Sigil. Their signed Stamped Mandates (PINTs on the wire) are exchanged for JWTs at the SIS API. The JWT’ssub claim is the same SRI the Platform API uses — the two surfaces are joined at the identity layer, not at the transport layer.
Which one am I calling
- Building a consumer app that onboards and authenticates its own users → Platform API.
- Verifying inbound credentials → validate the JWT locally against the SIS JWKS; call the SIS API only for token exchange or optional revocation. See the Verifier guide.
- Federating your own auth provider (Dynamic, Privy, SIWE) into Sumvin’s identity graph → SIS Dashboard.
x-juno-jwt from your auth provider; the SIS API uses a partner-issued API key. See Auth model for the full matrix.
See also
- Platform map — the visual version of this split
- Sumvin Identity overview — why SIS exists
- Auth model — which credential goes where