Skip to main content
At the end of this page, you will have a configured SIS organisation, an environment with a live auth provider, a minted API key, and a real call to: GET /v0/sis/pint/{id}/status — Returns 200 OK, proof that your verifier is wired up and ready to receive production traffic.

Prerequisites

  • A dashboard account at dash.sis.sumvin.com.
  • Credentials for an auth provider — either Dynamic or Privy. See the auth providers guide for where to find these in each console.
  • A test environment you can use for local development.
1

Create your organisation

Sign in at dash.sis.sumvin.com and complete the onboarding wizard. Enter your organisation name and contact email. Your organisation_id is auto-assigned and visible under Organisation → Settings — you will use it as a path parameter in SIS API calls.
2

Create an environment

Go to the Environments page and click New environment. Give it a machine-readable name (for example development) and a display label (for example Dev). Each environment gets its own environment_id and a separate set of SDK credentials — keep these scoped to the matching entry in your auth provider’s console.
3

Configure an auth provider

Select your new environment, then open the Authentication tab. Choose Dynamic or Privy and paste the provider credentials for this environment. See the auth provider setup guide for where to find the right values.Once saved and activated, SIS validates JWTs issued by this provider for all requests scoped to this environment.
4

Add allowed origins

Open the CORS tab on any environment. Add the origins your app runs on — for example http://localhost:3000 for local development or https://app.yourco.com for production.
CORS origins apply across all environments in your organisation. An origin added for local development is also permitted in production. See the CORS guide for configuration advice.
5

Mint an API key

Go to the API Keys page and click New API key. Give it a recognisable name and copy it when the dashboard shows it — the full key is displayed once, then only a prefix. Store it somewhere safe (a secret manager, not source control). See the API keys guide.
Treat the API key like a password. Anyone with it can call SIS on your organisation’s behalf.
6

Run your first verifier call

Use the API key to hit the SIS revocation-status endpoint. This is the working artefact — a live, authenticated call against the SIS production API.
curl "https://sis.sumvin.com/v0/sis/pint/sr%3Aus%3Apint%3Atest/status" \
  -H "Authorization: Bearer <your-sis-api-key>"
You will see one of two responses, both of which confirm your key authenticated successfully:If the PINT URI exists: 200 OK
{ "valid": true, "reason": null }
If it does not: 404 Not Found with an RFC 7807 error body. This is expected for the placeholder URI above — what matters is that SIS accepted your key and processed the request.
Your verifier is wired up. Replace the placeholder URI with a real incoming PINT URI in production and you are ready to check revocations.

What’s next

NextWhereWhen
Standard verificationVerify a standard PINTFive-minute end-to-end verifier quickstart
Verifier orientationVerifier overviewWhat credentials you receive and what you need to verify
Core conceptsOrganisationsThe auth model — organisations, environments, and how they relate
Configuration depthAuth providersProviders, CORS origins, and API key management