Agent Commerce · Core Concept

Agent payment verification

Confirming that a payment is real, valid, and untampered

When an AI agent makes a payment, it is not enough to record what happened. You also need to answer: is this receipt authentic, has it been altered, and does it match what was authorized?

Agent payment verification provides those answers.

Machine-readable summary (for agents and systems)

Machine-readable summary

{
  "term": "Agent payment verification",
  "slug": "payment-verification",
  "category": "agent-commerce",
  "type": "verification-surface",
  "short_definition": "The process of checking that an agent payment receipt is authentic, intact, and matches its cryptographic proof.",
  "schema_version": "verification_check_entry.v1",
  "canonical_url": "https://certifieddata.io/agent-commerce/payment-verification",
  "canonical_endpoint": "GET /api/payments/verify/:receiptId",
  "auth_required": false,
  "verification_checks": [
    "sha256_hash_match",
    "ed25519_signature_valid",
    "overall_valid"
  ],
  "proof_surfaces": [
    "GET /api/payments/verify/:receiptId",
    "GET /.well-known/signing-keys.json"
  ],
  "related_terms": [
    "Agent Commerce receipt",
    "Payment authorization",
    "Transparency log"
  ],
  "sdk_typescript": "npm install @certifieddata/payments",
  "sdk_python": "pip install certifieddata-agent-commerce",
  "repos": [
    "https://github.com/certifieddata/certifieddata-agent-commerce-public"
  ]
}

What is payment verification?

Payment verification is the process of confirming that an Agent Commerce receipt is valid and trustworthy. It ensures the receipt corresponds to a real transaction, the data has not been modified after signing, the payment aligns with its authorization, and the record can be trusted by external systems.

This turns payments into verifiable events — not just internal logs.

How verification works

Any party with a receipt ID can verify the receipt against Agent Commerce's published public key at /.well-known/signing-keys.json. No account required. The verification process:

Retrieve the receipt

Call GET /api/payments/verify/:receiptId with the receipt ID.

Recompute the hash

Canonicalize the payload using RFC 8785. Compute SHA-256. Compare with the stored receipt hash.

Verify the signature

Validate the Ed25519 signature against the published public key at /.well-known/signing-keys.json. If it verifies, the receipt was issued by Agent Commerce and has not been altered.

Check the certificate link

If the receipt contains a certificate_id, call GET /api/manifest/certificate/:id and confirm the certificate is valid and active.

Cross-check artifact hash

SHA-256 the downloaded file. Compare with receipt.artifact_hash and the datasetHash in the certificate. All three must match.

Why verification matters

AI systems rely on machine-to-machine trust. Without verification, receipts can be forged or altered, systems cannot safely rely on external payment data, audits become unreliable, and automation breaks down.

Verification allows independent systems to confidently accept and act on payment data — without needing to trust the platform that issued it.

Verification should outlast the transaction

Public verification surfaces are designed to remain useful long after a purchase, vendor relationship, or internal workflow changes. No account required. The verification endpoint is open — readable by any auditor, counterparty, or compliance system, now or years from now.

No account required

Anyone with a receipt ID can verify. No login, no vendor call.

Durable proof

The signed receipt and public key remain verifiable independently of internal systems.

Audit-ready

Finance, legal, and compliance teams can verify receipts during review without accessing internal tooling.

Verification response field reference

All fields in the verification_check_entry.v1 schema.

verification_check_entry.v1 — verification response fields
Field	Type	Required	Meaning
verification_id	string	yes	Unique verification check identifier — ver_{hex}
receipt_id	string	yes	Receipt that was verified
result	string	yes	valid \| invalid
hash_valid	boolean	yes	Whether the SHA-256 hash recomputed correctly
signature_valid	boolean	yes	Whether the Ed25519 signature verified against the public key at /.well-known/signing-keys.json
certificate_valid	boolean	no	Whether the certificate_id in the receipt links to a valid, active CertifiedData certificate
artifact_hash_valid	boolean	no	Whether the artifact_hash in the receipt matches the sha256 recorded in the referenced certificate
checked_at	string	yes	ISO-8601 UTC timestamp of the verification check

What gets verified

Integrity

Has the receipt been changed since it was signed? Hash comparison catches any modification.

Authenticity

Was the receipt issued by Agent Commerce? Ed25519 signature verification against the public key at /.well-known/signing-keys.json confirms the issuer.

Consistency

Does the receipt match the original authorization and execution? The policy version and authorization decision are embedded in the receipt payload.

Completeness

Are all required fields present? The schema registry defines what a valid receipt must contain.

Artifact binding

If the receipt references an artifact_hash and certificate_id, verify the downloaded file matches the hash and the certificate is valid. Prevents receipt replay against a different artifact.

Verification in the payment lifecycle

Authorization

Define allowed actions.

Learn about authorization →

Execution

Payment occurs.

Receipt

Signed record is created.

Learn about receipt →

Verification← you are here

Receipt is validated.

From trust assumptions to trust guarantees

Traditional systems rely on implicit trust — internal logs, platform guarantees, manual reconciliation. AI systems require independent validation, machine-readable checks, and consistent verification logic.

Verification provides that foundation.

Agent Commerce · Signed receipts for autonomous agents

Every agent transaction, cryptographically receipted.

Agent Commerce issues Ed25519-signed receipts for every autonomous payment. Policy-gated authorization, tamper-evident records, and public verification — no vendor contact required.

1
Authorize via policy
Define spend rules. Agents operate within them.
2
Receive a signed receipt
Ed25519-signed proof for every transaction.
3
Verify publicly
Any party can verify the receipt without contacting you.

View Agent Commerce pricing →Try the sandbox Talk to sales

Machine pointers

canonical_url: https://certifieddata.io/agent-commerce/payment-verification
concept_type: verification-surface
related_concepts: Agent Commerce receipt · Payment authorization · Transparency log
verification_surface: GET /api/payments/verify/:receiptId · GET /.well-known/signing-keys.json
protocol_category: verification_events

Agent Commerce receipt Event taxonomy Schema registry Verifiable agent transactions Agent Commerce overview AI transaction audit log