The three surfaces
| Surface | What it does | Who uses it | Entry page |
|---|---|---|---|
| Platform API | Creates users, manages wallets, runs onboarding and KYC, triggers in-product actions (IPAs), and issues Purchase Intents. | Partners building consumer apps on Sumvin. | Platform API introduction |
| SIS API | Exchanges signed PINTs for verifiable JWTs, serves , and reports revocation state. Consumed in two modes: partners building on Sumvin use it to exchange tokens; verifiers accepting Sumvin credentials use it to validate them. | App developers (token exchange) and merchants/verifiers (validation). | Identity overview for builders; Verifier overview for acceptors. |
| SIS Dashboard | Configures your organisation, environments, auth providers (Dynamic, Privy), CORS origins, API keys, and members. | Engineering teams operating a federated identity integration on Sumvin. | SIS Dashboard introduction |
How they relate
App developers use the Platform API to bring a user online — creating the user’s Sumvin identity, wallet, and Safe smart account, and running them through onboarding and KYC. Once the user exists, they sign a Purchase Intent (PINT) — an EIP-712 message declaring the scope of an authorised action. In an agent flow, an AI agent signs on the user’s behalf. The signed PINT is exchanged with the SIS API for a JWT, which travels asx-sumvin-pint-token on outbound requests. Merchants and verifiers receive that header, check the signature against the SIS JWKS, and — for enhanced-tier actions like spend execution — also verify the underlying EIP-712 signature.
App developers configure the integration through the SIS Dashboard: which auth provider SIS should trust for their users, which origins may call SIS from the browser, and which API keys grant server-to-server access. Each dashboard environment holds its own auth provider credentials and CORS origin list, so development, staging, and production stay isolated at the request-authentication and browser-origin boundary. API keys, by contrast, are organisation-scoped — the same key authenticates server-to-server calls regardless of environment.
Pick a surface
The three surfaces don’t compete. They compose — one identity, three shapes of access.Platform API
Build a consumer app on Sumvin — users, wallets, IPAs
Identity & PINTs
Create PINTs and exchange them for JWTs
Verifier Guide
Accept Sumvin credentials at your request boundary
SIS Dashboard
Configure auth providers, API keys, and environments
Payment surfaces
Alongside the three API surfaces above, every Sumvin identity also ships payment primitives. Both are PINT-backed and x402-addressable:- Payment request links — ad-hoc, identity-anchored request URLs any x402 wallet or agent can settle.
- Global x402 acceptance — a persistent, SRI-resolvable acceptance endpoint on every identity.