Skip to main content
The Sumvin Identity Service (SIS) API uses API key authentication, separate from the Platform API’s JWT authentication.

Making Authenticated Requests

Pass your API key in the Authorization: Bearer header: 
curl https://sis.sumvin.com/v0/users/sr:us:person:safe:0x... \
  -H "Authorization: Bearer <your-api-key>"
All SIS endpoints require a valid API key. Requests without a key or with an invalid key receive a 401 Unauthorized response.

Obtaining an API Key

SIS API keys are issued during partner onboarding. Contact your account manager to obtain your API key.
Your API key is scoped to your registered external party identity and determines:
  • Which user fields you can access when looking up users by
  • Which scopes you can request when exchanging PINTs
  • Your rate limits for API calls

API Key Scopes

Depending on your partner tier, your API key grants access to different levels of user data:
TierFields ReturnedUse Case
Thinexternal_id, username, wallet addresses, account_statusBasic identity verification
PartnerThin fields + email, phone, first_name, last_namesService personalisation
FullPartner fields + sumsub_applicant_idAuthorised compliance partners

Rate Limits

API key rate limits are configured per-partner during onboarding. If you exceed your rate limit, the API returns 429 Too Many Requests. The response includes standard rate limit headers: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1739999060
Retry-After: 30

Base URL

https://sis.sumvin.com
All SIS API paths are relative to this base URL. For example, the user lookup endpoint is at https://sis.sumvin.com/v0/users/{sri}.