Skip to main content
When you exchange a signed PINT via the token service, the SIS returns a JWT (JSON Web Token) that third-party services can independently verify. This page documents the JWT’s claims and structure.

Claims

{
  "iss": "https://sis.sumvin.com",
  "sub": "sr:us:person:safe:0xE23c9A70BC749EBddd8c78a864fd911D04E9e992",
  "aud": "partner-x.example.com",
  "jti": "jwt-001-abc-def",
  "iat": 1739999000,
  "exp": 1740000000,
  "wallet": "0xE23c9A70BC749EBddd8c78a864fd911D04E9e992",
  "kyc_status": "verified",
  "scopes": ["sr:us:pint:identity:proof_of_personhood", "sr:us:pint:personalization:read"],
  "pint_uri": "sr:us:pint:abc123",
  "signer_type": "user",
  "verification_tier": "standard"
}

Standard JWT Claims

ClaimDescription
issIssuer. Always "https://sis.sumvin.com"
subSubject. The user’s SRI
audAudience. The registered identifier of the target third-party service. Verifiers must confirm this matches their own identifier
jtiJWT ID. Unique identifier for this specific token. Used for per-JWT revocation tracking
iatIssued At. Unix timestamp of when the JWT was created
expExpiration. Unix timestamp after which the JWT is invalid. Mirrors the source PINT’s expiresAt

Sumvin-Specific Claims

ClaimDescription
walletThe user’s Safe Smart Account address
kyc_statusUser’s KYC verification status (e.g., "verified")
scopesArray of authorised scopes
pint_uriSRI of the source PINT
signer_typeWho signed the PINT: "user" or "agent"
verification_tier"standard" or "enhanced" — determines how the verifier must validate the credential

Enhanced Tier Claims

When the verification tier is "enhanced" (triggered by sr:us:pint:spend:execute scope), the JWT includes an additional claim:
ClaimDescription
pint_signatureThe original EIP-712 signature from the PINT. Signals that the verifier must also have received the PINT signature and payload as separate HTTP headers

Signing Algorithm

SIS signs JWTs using ES256 (ECDSA with P-256 curve). The public keys for signature verification are published at the endpoint.

Key Design Points

Audience scoping. Each JWT is bound to a specific audience. A single PINT can produce multiple JWTs with different aud values — one per service provider in a purchase flow. Verifiers must always check that aud matches their own registered identifier. Expiry mirrors the PINT. The JWT’s exp always equals the source PINT’s expiresAt. A JWT cannot outlive its source PINT. Active revocation. Even if a JWT hasn’t expired, the source PINT may have been revoked. Verifiers should call the revocation check endpoint to confirm the PINT is still valid. Per-JWT tracking. The jti claim uniquely identifies each issued JWT. When a PINT is revoked, all JWTs issued against it are invalidated.

Verifying a JWT

If you are a merchant or service provider receiving this JWT, see the Verifier Guide for step-by-step verification instructions.