Scopes and verification tiers
A scope is an -format capability string carried on a signed PINT. A verification tier is how much work the verifier has to do to trust the resulting credential. The scopes on the PINT drive the tier.Two tiers, one rule
| Tier | What the verifier checks | When |
|---|---|---|
| Standard | SIS-issued JWT only — signature, audience, expiry | The PINT carries only Standard-tier scopes |
| Enhanced | JWT plus the original PINT’s EIP-712 signature against the user’s Safe | Any Enhanced-tier scope is present |
What triggers Enhanced
In the MVP catalog, exactly one scope triggers Enhanced:sr:us:pint:spend:execute. That scope authorises on-chain movement of value on behalf of the user — the tier exists so that a merchant accepting a spend-authorising PINT can verify it without trusting SIS as a single point of failure.
All other scopes (identity attestations, account reads, transaction reads, card reads, perpetual search, ramp) are Standard.
Why a verifier should care
- Standard is a one-call check. Fetch JWKS once, cache it, verify JWTs locally. No per-request call to Sumvin.
- Enhanced is a two-piece check. You additionally fetch the original PINT payload from
X-Pint-Payload, the signature fromX-Pint-Signature, and verify the EIP-712 hash against the user’s Safe via EIP-1271. The JWT alone is not sufficient for an Enhanced credential.
See also
- Scopes reference — full 14-scope catalog with tier mapping
- Verification tiers — the verifier-side handbook
- Purchase Intents — what a scope sits on top of