API docs

Make the trust layer programmable.

SigID is API-first. Here you will find the OpenAPI specification, SDKs, webhook reference and conceptual docs in a single hub.

Create an API key Learn more

Three ways into the SigID API

The primary documentation lives at docs.sigid.de (Mintlify, from Phase 1). On the marketing site you get the quick overview plus deep links to the OpenAPI specification, SDK repositories and webhook reference.

Jump straight to the source

OpenAPI 3.1 specification
The canonical API definition lives versioned in the SigID repository and is updated with every release. It is the single source of truth for all SDK and tooling generation.
Open the spec View on GitHub
SDKs
We maintain generated clients for TypeScript, Python, Go and Java with tested idempotency behaviour, retry policy and webhook verification. Packages are on npm, PyPI, Go modules and Maven Central.
View all SDKs Contribute on GitHub
Webhook reference
Every domain event (verification.completed, audit.event.created, challenge.signed) is available as a webhook. We deliver signed payloads with idempotency key and retry-capable delivery.
View webhook events Signature example
Scopes and API keys
Scopes follow the principle of least privilege. API keys can be split per environment (sandbox, staging, production) and carry explicit scopes — read, write, webhook configuration.
Scopes overview Quickstart

Three guiding principles

Idempotency by default
Every write endpoint expects an idempotency key. Duplicate calls return identical responses.
Signed webhooks
We sign every webhook with Ed25519. Verify the signature before any side-effect action in your system.
Critical actions via Trust App
No silent API release for IBAN changes, new admin roles or webhook destinations. These actions require a challenge with dynamic linking.

Ready for the first API call?

Create a sandbox API key in under two minutes — no credit card needed.

Create an API key Read the quickstart

Jump straight to the source

OpenAPI 3.1 specification

The canonical API definition lives versioned in the SigID repository and is updated with every release. It is the single source of truth for all SDK and tooling generation.

Open the spec View on GitHub

SDKs

We maintain generated clients for TypeScript, Python, Go and Java with tested idempotency behaviour, retry policy and webhook verification. Packages are on npm, PyPI, Go modules and Maven Central.

View all SDKs Contribute on GitHub

Webhook reference

Every domain event (verification.completed, audit.event.created, challenge.signed) is available as a webhook. We deliver signed payloads with idempotency key and retry-capable delivery.

View webhook events Signature example

Scopes and API keys

Scopes follow the principle of least privilege. API keys can be split per environment (sandbox, staging, production) and carry explicit scopes — read, write, webhook configuration.

Scopes overview Quickstart

Three guiding principles

Idempotency by default

Every write endpoint expects an idempotency key. Duplicate calls return identical responses.

Signed webhooks

We sign every webhook with Ed25519. Verify the signature before any side-effect action in your system.

Critical actions via Trust App

No silent API release for IBAN changes, new admin roles or webhook destinations. These actions require a challenge with dynamic linking.