What the flow looks like
- A buyer (or their agent) arrives at your checkout endpoint with a JWT in the
x-sumvin-pint-tokenheader. - You verify the JWT signature against the SIS and check the
aud,exp, and scope claims. - For enhanced-tier actions (spend), you also verify the EIP-712 PINT signature using the
X-Pint-SignatureandX-Pint-Payloadheaders. - You optionally check revocation via the SIS status endpoint.
- You fulfil the order.
Which primitives back it
- PINT JWT — the SIS-issued token that carries the buyer’s identity, scopes, and purchase context. See PINT and Verify a JWT.
- PINT signature — the underlying EIP-712 signature enhanced-tier flows require. See Verify a PINT signature.
- Scopes determine which tier applies. See scopes.
- Revocation lets you check the status endpoint for tokens that have been invalidated. See revocation.
Standard vs enhanced
Identity-only flows (e.g. age gates, proof of personhood, KYC attestation) are Standard tier — JWT verification alone is sufficient. Spend authorisation requires Enhanced tier — JWT plus EIP-712 PINT signature verification. The full decision matrix lives on the verification tiers page.
Where to start
| Concern | Where to go | When |
|---|---|---|
| Orientation | Verifier overview | First — what you receive and what to verify |
| Tier choice | Verification tiers | Before writing any verification code |
| Standard flow | Verify a standard PINT | JWT-only — identity, age, KYC attestation |
| Enhanced flow | Verify an enhanced PINT | JWT plus EIP-712 signature — spend authorisation |
Related
- PINT header reference
- Accept a PINT at checkout
- Payment request links — user-originated, identity-anchored checkout shape
- SIS error codes