Skip to main content

Overview

To use the Suki SDP APIs, you must first authenticate your users to get a Suki access token also known as sdp_suki_token. This guide explains the two main endpoints for the authentication workflow:
  • Register User: A one-time call to register a new provider/user in the Suki system.
  • Authenticate User: Call this endpoint to get a suki_token (sdp_suki_token) for a registered provider.
Not a Suki Partner?To use the Suki APIs, you must first register your organisation as a partner. To begin, please follow the Partner Onboarding guide to learn more.After you are registered, you will use a partnerToken to authenticate your API requests. The partnerToken is a JWT that you provide, and it is a required parameter when registering a provider/user. You can find more details on how to get a partnerToken in the Partner Authentication guide.

Register Provider/User Account

Use the below endpoint to register a new provider/user in the Suki platform. You only need to do this once for each new provider.
Endpoint: RegisterMethod: POST

Registration Scenarios

The Register endpoint handles three main scenarios:
  • New User Registration: If the provider does not exist in the Suki system, this call creates a new user and links them to your partner account and organization.
  • Existing User, New Partner Link: If the provider already exists but is not linked to your partner account, this call links them to your partner and their existing organization.
  • Existing User, Already Linked: If the provider is already registered and linked to your partner account, the API returns a 409 Conflict error.

Authenticate Provider/User Session

After a provider is registered, call Login endpoint to get a Suki access token (sdp_suki_token).

JWKS Endpoint

Suki provides a public JWKS (JSON Web Key Set) endpoint that you can use to verify the signature of the sdp_suki_token that our API returns.
Endpoint: /api/auth/.well-known/jwks-pub.jsonMethod: GETAuthentication: None (Public)

Use Cases

  • Token Verification: Fetch public keys to verify JWTs issued by Suki.
  • Signature Validation: Validate the signature of the sdp_suki_token.
  • Key Rotation: Automatically discover new public keys when Suki rotates our signing keys.