Integration model.
TrueSign integrates as an authorization layer adjacent to the customer system of record. Implementation does not require restructuring upstream systems.
SDKs
Native iOS (Swift), Android (Kotlin), and a server SDK in TypeScript and Go. SDKs handle attestation, key generation, signing, and receipt verification.
REST and gRPC APIs
Server APIs expose authorization request creation, status polling, receipt retrieval, and audit ledger queries. Mutual TLS and signed requests required.
Webhook contracts
Signed HMAC webhooks for authorization decision, receipt issuance, policy block, and ledger event notifications. Idempotency keys are mandatory.
Deployment patterns
Single-tenant cloud, regional sovereign cloud, or customer-operated on-premise. Reference deployment for SWIFT-adjacent treasury workflows is available under NDA.
Authorization request.
An authorization is created by the originating system. The verifier returns a request identifier that may be polled or completed via webhook.
POST /v1/authorizations
Authorization: Bearer <institutional-token>
Content-Type: application/json
{
"intent": {
"type": "wire.transfer",
"amount": "2500000.00",
"currency": "USD",
"counterparty": {
"name": "BENEFICIARY GMBH",
"iban": "DE89370400440532013000"
},
"instrument": "swift.mt103",
"policy_context": "treasury.outbound",
"valid_until": "2026-05-12T18:30:00Z"
},
"actor": { "id": "u_8421", "device_id": "d_4f1a" }
}
→ 202 Accepted
{ "request_id": "req_01J...", "status": "awaiting_signature" }