About Sumsub API

With the Sumsub API, you can send and receive the applicant data and documents for verification through simple RESTful APIs.

We provide you with two modes. Both modes are available via api.sumsub.com. API access is regulated through the use of the X-App-Token authorization header.



If you use JS in your backend deployment, make sure to always pass the Content-Type: application/json header unless otherwise specified, even if the actual JSON body payload is empty.


Mind the following:

  • To provide you with access to Production mode, we must first test your integration to make sure everything works as expected.
  • All incompatible changes made to the API will be versioned and will not affect the existing endpoints. However, we may add additional fields to the JSON responses without any notice or API versioning. So it is not a good idea to rely on object mappers in your integration code that will fail on unknown properties.
  • The header names are not case-sensitive and may vary depending on your ways of implementation at both your requests and our responses.
  • The API responds with a JSON payload unless otherwise specified.

Try API with Postman

You can download, import, and run the Sumsub API Postman collection.

In your Postman environment, you will need to define the app-token and secret-key variables.



The collection includes a pre-script that throws an error every time form-data is used. For example, the client will not be able to add the ID document image in that case.