> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antonpayments.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an Intelligence Evaluation

> Evaluates payee, instrument, payout, merchant onboarding, or monitoring inputs through Anton Intelligence.

The request contract is strict and uses fixed enums so enterprise clients can generate SDKs safely.
Direct PII may be supplied over TLS or recovered from a vault token; Anton uses it in memory for the evaluation and persists only redacted decision evidence.

**Dual surface.** With OAuth+DPoP credentials, the evaluation is persisted under YOUR merchant account
(retrievable via the scoped reads below) and the `Idempotency-Key` header is REQUIRED. The credential
must carry the `intelligence` scope and the account the `intelligence` capability — every Anton account
has it, including AI-compliance-only merchants. Vault-token enrichment only accepts tokens owned by the
calling merchant. Without credentials, the request runs on the anonymous public TEST surface (where
enabled) under a synthetic shared merchant — public evaluations are not tied to your account.

**Asynchronous money-movement evaluations.** On the authenticated (OAuth+DPoP) surface, a
`payout_screening` evaluation runs the full AI panel and can take up to ~20 seconds, so it is accepted
asynchronously: the response is `202 Accepted` with `{evaluation_id, status: "pending"}` and a
`Location` header. Poll `GET /v1/intelligence/evaluations/{id}` (which returns the pending state until
the evaluation settles), or subscribe to the `intelligence.evaluation.completed` /
`intelligence.evaluation.failed` webhook events for push notification. All other use cases — and every
call on the anonymous test surface — respond synchronously with `200` and the full evaluation.




## OpenAPI

````yaml POST /v1/intelligence/evaluations
openapi: 3.1.0
info:
  title: Anton Payments API
  version: 1.0.0
  summary: Cross-border payout infrastructure. Fiat, stablecoin, and crypto.
  description: >
    The Anton Payments merchant API. Versioned, idempotent, cursor-paginated.


    - **Authentication**: OAuth 2.0 client_credentials with DPoP
    proof-of-possession (RFC 6749 §4.4 + RFC 9449). Programmatic clients
    exchange `(client_id, client_secret)` for a short-lived access token at
    `POST /oauth/token`, then send each request with `Authorization: DPoP
    <access_token>` plus a per-request `DPoP: <proof>` header. Static API keys
    are not accepted on v1.

    - Base URLs: `https://api.antonpayments.com` (production),
    `https://api.antonpayments.dev` (sandbox).

    - Monetary amounts are decimal strings. Never floats.

    - Timestamps are RFC 3339 UTC.

    - All mutating endpoints support the `Idempotency-Key` header.

    - Anton's OAuth public signing key is published at `GET
    /.well-known/jwks.json` (5-minute cache; RFC 8615).


    **Capabilities and scopes.** Every account carries a capability set
    (`payouts`, `intelligence`) and every

    credential carries a scope set validated against it at creation.
    AI-compliance-only accounts hold only

    `intelligence` — all payout-surface endpoints return `403
    capability_required` for them. A credential

    minted without a scope returns `403 insufficient_scope` on that surface.
    Effective access is

    `scopes ∩ capabilities`. Access tokens embed the grants as a space-delimited
    `scope` claim, echoed in the

    token response.


    See the Cross-Cutting section of the docs for idempotency, pagination, rate
    limits, errors, webhook events, and webhook signing.
  contact:
    name: Anton Payments Support
    url: https://help.antonpayments.com
  license:
    name: Proprietary
    url: https://www.antonpayments.com
servers:
  - url: https://api.antonpayments.com
    description: Production
  - url: https://api.antonpayments.dev
    description: Sandbox
security:
  - oauthDPoP: []
    dpopHeader: []
tags:
  - name: Authentication
    description: >-
      OAuth 2.0 token endpoint and JWKS publication. See the API description for
      the full DPoP-bound flow.
  - name: OAuth Clients
    description: >-
      Manage OAuth credentials (programmatic access). Portal-only — JWT auth
      required.
  - name: Reference Data
    description: Currencies, countries, and supported payment methods.
  - name: Beneficiaries
    description: Create and manage the people and businesses you pay.
  - name: Instruments
    description: >-
      Payment instruments attached to beneficiaries — bank accounts, wallets,
      cards.
  - name: Payouts
    description: Initiate and track payouts.
  - name: Batches
    description: CSV-driven bulk payout processing.
  - name: Balances
    description: Merchant balance by currency.
  - name: Accounts
    description: Virtual accounts for merchant funding.
  - name: Webhooks
    description: Subscribe to event notifications.
  - name: Documents
    description: Upload and manage KYB and supporting documents.
  - name: RFIs
    description: Respond to Requests for Information raised during review.
  - name: Pricing
    description: Read merchant pricing plans and quote fees.
  - name: FX
    description: Quote, lock, and execute currency exchanges between balances.
  - name: Corridors
    description: Active cross-border corridors for your merchant.
  - name: Balance Alerts
    description: >-
      Per-currency low-balance thresholds that drive the `balance.low` webhook
      event.
  - name: Sandbox
    description: Reset and seed your sandbox environment.
  - name: Merchant
    description: Merchant profile, branding, preferences, and security posture.
  - name: API Keys
    description: Issue, list, and revoke API keys.
  - name: Users
    description: Self-service profile, MFA, and team management.
  - name: Notifications
    description: Per-user notification channels and preferences.
  - name: Velocity
    description: Merchant-scoped risk rules and what-if simulation.
  - name: Engine
    description: Glass-box view of Anton's risk intelligence.
  - name: Intelligence
    description: >-
      Normalized payee, instrument, payout, and merchant risk intelligence
      evaluations.
  - name: Onboarding
    description: Authenticated KYB onboarding draft and submission.
  - name: Public Onboarding
    description: >-
      Session-authenticated hosted onboarding flow. Not intended for SDK
      consumption.
paths:
  /v1/intelligence/evaluations:
    post:
      tags:
        - Intelligence
      summary: Create an intelligence evaluation
      description: >
        Evaluates payee, instrument, payout, merchant onboarding, or monitoring
        inputs through Anton Intelligence.


        The request contract is strict and uses fixed enums so enterprise
        clients can generate SDKs safely.

        Direct PII may be supplied over TLS or recovered from a vault token;
        Anton uses it in memory for the evaluation and persists only redacted
        decision evidence.


        **Dual surface.** With OAuth+DPoP credentials, the evaluation is
        persisted under YOUR merchant account

        (retrievable via the scoped reads below) and the `Idempotency-Key`
        header is REQUIRED. The credential

        must carry the `intelligence` scope and the account the `intelligence`
        capability — every Anton account

        has it, including AI-compliance-only merchants. Vault-token enrichment
        only accepts tokens owned by the

        calling merchant. Without credentials, the request runs on the anonymous
        public TEST surface (where

        enabled) under a synthetic shared merchant — public evaluations are not
        tied to your account.


        **Asynchronous money-movement evaluations.** On the authenticated
        (OAuth+DPoP) surface, a

        `payout_screening` evaluation runs the full AI panel and can take up to
        ~20 seconds, so it is accepted

        asynchronously: the response is `202 Accepted` with `{evaluation_id,
        status: "pending"}` and a

        `Location` header. Poll `GET /v1/intelligence/evaluations/{id}` (which
        returns the pending state until

        the evaluation settles), or subscribe to the
        `intelligence.evaluation.completed` /

        `intelligence.evaluation.failed` webhook events for push notification.
        All other use cases — and every

        call on the anonymous test surface — respond synchronously with `200`
        and the full evaluation.
      parameters:
        - in: header
          name: Idempotency-Key
          required: false
          schema:
            type: string
            maxLength: 255
          description: >-
            Recommended for enterprise retries (REQUIRED on the authenticated
            surface). If both this header and body `idempotency_key` are
            supplied, the header wins.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateIntelligenceEvaluationRequest'
            examples:
              payee_registration:
                summary: Payee registration
                value:
                  use_case: payee_registration
                  client_reference_id: payee_john_doe_001
                  entity:
                    type: person
                    reference_id: payee_john_doe
                    name: John Doe
                    country: US
                    birth_date: '1979-12-30'
              crypto_wallet:
                summary: Crypto wallet screening
                value:
                  use_case: instrument_screening
                  entity:
                    type: person
                    reference_id: payee_john_doe
                    name: John Doe
                    country: US
                  instrument:
                    type: crypto_wallet
                    country: US
                    currency: BTC
                    crypto_wallet:
                      network: bitcoin
                      address: bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
              bank_account:
                summary: Bank account screening
                value:
                  use_case: instrument_screening
                  entity:
                    type: person
                    reference_id: payee_john_doe
                    name: John Doe
                    country: US
                  instrument:
                    type: bank_account
                    country: US
                    currency: USD
                    bank_account:
                      routing_number: '021000021'
                      account_number: '000123456789'
                      account_type: checking
      responses:
        '200':
          description: Evaluation created (synchronous use cases).
          content:
            application/json:
              schema:
                type: object
                required:
                  - data
                properties:
                  data:
                    $ref: '#/components/schemas/IntelligenceEvaluation'
        '202':
          description: >
            Evaluation accepted for asynchronous processing (`payout_screening`
            on the authenticated

            surface). Poll the `Location` URL or subscribe to
            `intelligence.evaluation.completed`.
          headers:
            Location:
              schema:
                type: string
              description: Polling URL for the accepted evaluation.
          content:
            application/json:
              schema:
                type: object
                required:
                  - data
                properties:
                  data:
                    $ref: '#/components/schemas/PendingIntelligenceEvaluation'
        '400':
          $ref: '#/components/responses/BadRequest'
        '403':
          $ref: '#/components/responses/CapabilityForbidden'
        '422':
          $ref: '#/components/responses/ValidationFailed'
        '429':
          $ref: '#/components/responses/RateLimited'
      security:
        - {}
        - oauthDPoP: []
          dpopHeader: []
components:
  schemas:
    CreateIntelligenceEvaluationRequest:
      type: object
      additionalProperties: false
      required:
        - use_case
        - entity
      properties:
        use_case:
          type: string
          enum:
            - payee_registration
            - instrument_screening
            - payout_screening
            - merchant_onboarding
            - monitoring
        client_reference_id:
          type: string
          description: >-
            Client-supplied reference for reconciliation. Not used for merchant
            scoping.
        idempotency_key:
          type: string
          description: Body fallback for testing. Prefer the `Idempotency-Key` header.
        entity:
          $ref: '#/components/schemas/IntelligenceEntity'
        instrument:
          $ref: '#/components/schemas/IntelligenceInstrument'
        payout:
          $ref: '#/components/schemas/IntelligencePayout'
        merchant:
          type: object
          description: >-
            Accepted for future compatibility but ignored on the public test
            endpoint.
        context:
          $ref: '#/components/schemas/IntelligenceContext'
    IntelligenceEvaluation:
      type: object
      required:
        - contract_version
        - evaluation_id
        - event_id
        - event_type
        - status
        - decision
        - rationale
        - scoring
        - peer_statuses
        - policy
        - audit
        - evaluated_at
        - latency_ms
      properties:
        contract_version:
          type: string
          enum:
            - intelligence-public-v1
        evaluation_id:
          type: string
        event_id:
          type: string
        event_type:
          type: string
          enum:
            - payout.create
            - payee.create
            - instrument.create
            - merchant.onboard
            - monitoring.evaluate
        status:
          type: string
          enum:
            - complete
            - partial
            - error
        decision:
          type: string
          enum:
            - approve
            - review_auto
            - review_manual
            - decline
        risk_level:
          type: string
          enum:
            - low
            - medium
            - high
            - critical
        rationale:
          type: string
        next_action:
          type: string
          enum:
            - none
            - request_more_information
            - manual_review
            - decline
        summary:
          $ref: '#/components/schemas/IntelligenceEvaluationSummary'
        scoring:
          $ref: '#/components/schemas/IntelligenceScoring'
        missing_disambiguators:
          type: array
          items:
            type: string
        peer_statuses:
          type: array
          items:
            $ref: '#/components/schemas/IntelligencePeerStatus'
        policy:
          $ref: '#/components/schemas/IntelligencePolicy'
        audit:
          $ref: '#/components/schemas/IntelligenceAudit'
        evaluated_at:
          $ref: '#/components/schemas/Timestamp'
        latency_ms:
          type: integer
          format: int64
    PendingIntelligenceEvaluation:
      type: object
      description: |
        The pending state of a 202-accepted asynchronous evaluation. `GET
        /v1/intelligence/evaluations/{id}` returns this shape until the
        evaluation settles, then the full IntelligenceEvaluation.
      required:
        - contract_version
        - evaluation_id
        - status
        - use_case
        - created_at
      properties:
        contract_version:
          type: string
        evaluation_id:
          type: string
        status:
          type: string
          enum:
            - pending
            - processing
            - completed
            - failed
        use_case:
          type: string
        created_at:
          type: string
          format: date-time
        failure_reason:
          type: string
          description: Present only when status is failed.
    IntelligenceEntity:
      type: object
      additionalProperties: false
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - person
            - business
        reference_id:
          type: string
        name:
          type: string
        country:
          $ref: '#/components/schemas/CountryCode'
        birth_date:
          type: string
          format: date
        address:
          $ref: '#/components/schemas/IntelligenceAddress'
        email:
          type: string
          format: email
        phone:
          type: string
        nationality:
          type: array
          items:
            $ref: '#/components/schemas/CountryCode'
        document:
          $ref: '#/components/schemas/IntelligenceDocument'
        vault_token_id:
          type: string
          description: Vault token containing PII to detokenize in memory.
    IntelligenceInstrument:
      type: object
      additionalProperties: false
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - bank_account
            - crypto_wallet
            - card
            - iban
        reference_id:
          type: string
        country:
          $ref: '#/components/schemas/CountryCode'
        currency:
          $ref: '#/components/schemas/CurrencyCode'
        bank_account:
          $ref: '#/components/schemas/IntelligenceBankAccount'
        crypto_wallet:
          $ref: '#/components/schemas/IntelligenceCryptoWallet'
        card:
          $ref: '#/components/schemas/IntelligenceCard'
        iban:
          $ref: '#/components/schemas/IntelligenceIBAN'
        vault_token_id:
          type: string
    IntelligencePayout:
      type: object
      additionalProperties: false
      required:
        - amount
        - source_country
        - destination_country
      properties:
        reference_id:
          type: string
        amount:
          $ref: '#/components/schemas/IntelligenceMoney'
        source_country:
          $ref: '#/components/schemas/CountryCode'
        destination_country:
          $ref: '#/components/schemas/CountryCode'
        rail:
          type: string
          enum:
            - bank
            - card
            - crypto
            - wallet
            - internal
            - other
    IntelligenceContext:
      type: object
      additionalProperties: false
      properties:
        velocity:
          type: object
          additionalProperties: true
        fingerprints:
          type: object
          additionalProperties: true
        history:
          type: object
          additionalProperties: true
        industry:
          type: object
          additionalProperties: true
        metadata:
          type: object
          additionalProperties: true
    IntelligenceEvaluationSummary:
      type: object
      additionalProperties: false
      properties:
        screened:
          type: array
          items:
            type: string
            enum:
              - entity
              - instrument
              - payout
              - context
        use_case:
          type: string
          enum:
            - payee_registration
            - instrument_screening
            - payout_screening
            - merchant_onboarding
            - monitoring
        instrument_type:
          type: string
          enum:
            - bank_account
            - crypto_wallet
            - card
            - iban
        payout_rail:
          type: string
          enum:
            - bank
            - card
            - crypto
            - wallet
            - internal
            - other
        findings_count:
          type: integer
        highest_severity:
          type: string
          enum:
            - low
            - medium
            - high
            - critical
        identity_confidence:
          type: string
          enum:
            - none
            - possible
            - likely
            - confirmed
        missing_fields:
          type: array
          items:
            type: string
    IntelligenceScoring:
      type: object
      required:
        - model
        - scale
        - overall_score
        - risk_level
        - dimensions
      additionalProperties: false
      properties:
        model:
          type: string
          enum:
            - anton-scoring-v1
        scale:
          $ref: '#/components/schemas/IntelligenceScoringScale'
        overall_score:
          type: integer
          minimum: 0
          maximum: 1000
        risk_level:
          type: string
          enum:
            - low
            - medium
            - high
            - critical
        dimensions:
          type: array
          minItems: 5
          maxItems: 5
          items:
            $ref: '#/components/schemas/IntelligenceScoringDimension'
    IntelligencePeerStatus:
      type: object
      required:
        - peer
        - status
        - found
      properties:
        peer:
          type: string
          enum:
            - sentinel
            - engine
            - brain
        status:
          type: string
          enum:
            - complete
            - partial
            - error
            - timeout
            - not_configured
            - skipped
        found:
          type: boolean
    IntelligencePolicy:
      type: object
      required:
        - version
        - rule_fired
      properties:
        version:
          type: string
          example: triad-policy-v2
        rule_fired:
          type: string
        reasons:
          type: array
          items:
            type: string
    IntelligenceAudit:
      type: object
      required:
        - hash
        - persisted
      properties:
        hash:
          type: string
        persisted:
          type: boolean
    Timestamp:
      type: string
      format: date-time
      description: RFC 3339 / ISO 8601 timestamp in UTC.
      example: '2026-04-15T14:30:00Z'
    ErrorEnvelope:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - message
          properties:
            message:
              type: string
              description: Human-readable description of what went wrong.
            code:
              type: string
              description: Machine-readable error code. Branch on this, not on `message`.
              example: insufficient_balance
      example:
        error:
          message: insufficient funds for this payout
          code: insufficient_balance
    ValidationErrorEnvelope:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - message
            - code
          properties:
            message:
              type: string
              example: request failed validation
            code:
              type: string
              enum:
                - validation_error
            details:
              type: array
              description: Field-level validation errors.
              items:
                type: object
                required:
                  - field
                  - message
                properties:
                  field:
                    type: string
                    description: Dotted JSON path to the offending field.
                    example: individual.date_of_birth
                  message:
                    type: string
                    example: must be in YYYY-MM-DD format
      example:
        error:
          message: request failed validation
          code: validation_error
          details:
            - field: individual.first_name
              message: is required
            - field: country
              message: must be a valid ISO-3166 alpha-2 country code
    CountryCode:
      type: string
      description: ISO 3166-1 alpha-2 country code.
      pattern: ^[A-Z]{2}$
      example: US
    IntelligenceAddress:
      type: object
      additionalProperties: false
      properties:
        line_1:
          type: string
        line_2:
          type: string
        city:
          type: string
        state:
          type: string
        postal_code:
          type: string
        country:
          $ref: '#/components/schemas/CountryCode'
    IntelligenceDocument:
      type: object
      additionalProperties: false
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - passport
            - national_id
            - drivers_license
            - tax_id
            - business_registration
            - other
        country:
          $ref: '#/components/schemas/CountryCode'
        number:
          type: string
    CurrencyCode:
      type: string
      description: ISO 4217 three-letter currency code.
      pattern: ^[A-Z]{3}$
      example: USD
    IntelligenceBankAccount:
      type: object
      additionalProperties: false
      properties:
        routing_number:
          type: string
        account_number:
          type: string
        account_type:
          type: string
          enum:
            - checking
            - savings
            - business_checking
            - other
    IntelligenceCryptoWallet:
      type: object
      additionalProperties: false
      properties:
        network:
          type: string
          enum:
            - bitcoin
            - ethereum
            - solana
            - polygon
            - tron
            - other
        address:
          type: string
    IntelligenceCard:
      type: object
      additionalProperties: false
      properties:
        fingerprint:
          type: string
        bin:
          type: string
        last4:
          type: string
    IntelligenceIBAN:
      type: object
      additionalProperties: false
      properties:
        iban:
          type: string
        bic:
          type: string
    IntelligenceMoney:
      type: object
      additionalProperties: false
      required:
        - value
        - currency
      properties:
        value:
          $ref: '#/components/schemas/Money'
        currency:
          $ref: '#/components/schemas/IntelligenceCurrencyOrAssetCode'
    IntelligenceScoringScale:
      type: object
      required:
        - min
        - max
      additionalProperties: false
      properties:
        min:
          type: integer
          enum:
            - 0
        max:
          type: integer
          enum:
            - 1000
    IntelligenceScoringDimension:
      type: object
      required:
        - code
        - name
        - score
        - risk_level
        - status
      additionalProperties: false
      properties:
        code:
          type: string
          enum:
            - TRS
            - ORS
            - TM
            - AD
            - GI
        name:
          type: string
          enum:
            - Transaction Risk
            - Onboarding Risk
            - Transaction Monitoring
            - Anomaly Detection
            - Graph Intelligence
        score:
          type: integer
          minimum: 0
          maximum: 1000
        risk_level:
          type: string
          enum:
            - low
            - medium
            - high
            - critical
        status:
          type: string
          enum:
            - complete
            - not_applicable
            - not_configured
            - partial
            - error
        signals:
          type: array
          items:
            type: string
    Money:
      type: string
      description: Decimal amount as a string, never a float. Up to 12 whole digits.
      pattern: ^-?\d{1,12}(\.\d+)?$
      example: '1234.56'
    IntelligenceCurrencyOrAssetCode:
      type: string
      description: Uppercase supported fiat currency or crypto asset code.
      pattern: ^[A-Z]{3,5}$
      examples:
        - USD
        - BTC
        - USDC
  responses:
    BadRequest:
      description: The request body could not be parsed or contains unknown fields.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
    CapabilityForbidden:
      description: >
        The account capability or credential scope required by this endpoint is
        missing.

        `capability_required` — the merchant account does not hold the required
        capability

        (e.g. an AI-compliance-only account calling a payout endpoint).
        `insufficient_scope` —

        the account holds it, but this credential was created without the
        matching scope.

        Effective access is always `scopes ∩ capabilities`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          examples:
            capability_required:
              summary: Account lacks the capability
              value:
                error:
                  code: capability_required
                  message: this endpoint requires the "payouts" account capability
            insufficient_scope:
              summary: Credential lacks the scope
              value:
                error:
                  code: insufficient_scope
                  message: this endpoint requires a credential with the "payouts" scope
    ValidationFailed:
      description: The request body failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ValidationErrorEnvelope'
    RateLimited:
      description: >-
        Rate limit exceeded. See `Retry-After`. The `X-RateLimit-*` headers are
        present on every API response, not only on 429s — they are documented
        here because this is where clients act on them.
      headers:
        Retry-After:
          $ref: '#/components/headers/Retry-After'
        X-RateLimit-Limit:
          $ref: '#/components/headers/X-RateLimit-Limit'
        X-RateLimit-Remaining:
          $ref: '#/components/headers/X-RateLimit-Remaining'
        X-RateLimit-Reset:
          $ref: '#/components/headers/X-RateLimit-Reset'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          examples:
            rate_limit_exceeded:
              summary: Retry after the limiter resets
              value:
                error:
                  code: rate_limit_exceeded
                  message: rate limit exceeded, retry after 60 seconds
  headers:
    Retry-After:
      description: Seconds to wait before retrying. Included on 429 responses.
      schema:
        type: integer
    X-RateLimit-Limit:
      description: Maximum requests permitted in the current window.
      schema:
        type: integer
    X-RateLimit-Remaining:
      description: Requests remaining in the current window.
      schema:
        type: integer
    X-RateLimit-Reset:
      description: Unix timestamp when the current window resets.
      schema:
        type: integer
  securitySchemes:
    oauthDPoP:
      type: oauth2
      description: >
        OAuth 2.0 client_credentials grant (RFC 6749 §4.4) bound to a DPoP
        keypair (RFC 9449).


        **Flow** (every authenticated `/v1` call requires both an access token
        AND a fresh per-request DPoP proof):


        1. Register a credential via the merchant portal. Anton issues a
        `client_id` (`ant_oc_<env>_<32hex>`) and a `client_secret`
        (`ant_ocs_<env>_<48hex>`, shown ONCE). The portal generates an ES256 or
        Ed25519 DPoP keypair in your browser; you store the private half.

        2. Mint an access token: `POST /oauth/token` with `Authorization: Basic
        <client_id:client_secret>` and `Content-Type:
        application/x-www-form-urlencoded`. Body:
        `grant_type=client_credentials`. A `DPoP` header carrying a proof signed
        for the token endpoint is required (no `ath` claim on this proof).

        3. Use the token: send `Authorization: DPoP <access_token>` plus a fresh
        `DPoP: <proof>` header on every `/v1` request. The proof JWT MUST carry
        `htm` (request method), `htu` (request URL, no query/fragment), `iat`
        (within ±60s), `jti` (unique within 5 min), and `ath` (SHA-256 of the
        access token, base64url).


        Tokens expire in **1 hour** in production / staging and **8 hours** in
        sandbox. There are no refresh tokens — call `/oauth/token` again with
        your secret. Anton's public signing key is published at
        `/.well-known/jwks.json`.


        OpenAPI 3.0 has no native DPoP scheme; this declaration plus
        `dpopHeader` together convey both the access-token Authorization and the
        per-request proof header.
      flows:
        clientCredentials:
          tokenUrl: /oauth/token
          scopes:
            payouts: >-
              Money movement — payouts, batches, beneficiaries, instruments,
              balances, funding, FX.
            intelligence: Anton Intelligence — screening evaluations and evidence.
    dpopHeader:
      type: apiKey
      in: header
      name: DPoP
      description: >
        Per-request DPoP proof JWT (RFC 9449). MUST accompany the
        `Authorization: DPoP <access_token>` header on every protected
        operation. The proof is signed by the merchant's private DPoP key and
        carries `htm`, `htu`, `iat`, `jti`, and `ath` claims.

````