Agent Commerce · Core Concept
Agent payment verification
Confirming that a payment is real, valid, and untampered
When an AI agent makes a payment, it is not enough to record what happened. You also need to answer: is this receipt authentic, has it been altered, and does it match what was authorized?
Agent payment verification provides those answers.
Machine-readable summary (for agents and systems)
Machine-readable summary
{
"term": "Agent payment verification",
"slug": "payment-verification",
"category": "agent-commerce",
"type": "verification-surface",
"short_definition": "The process of checking that an agent payment receipt is authentic, intact, and matches its cryptographic proof.",
"schema_version": "verification_check_entry.v1",
"canonical_url": "https://certifieddata.io/agent-commerce/payment-verification",
"canonical_endpoint": "GET /api/payments/verify/:receiptId",
"auth_required": false,
"verification_checks": [
"sha256_hash_match",
"ed25519_signature_valid",
"overall_valid"
],
"proof_surfaces": [
"GET /api/payments/verify/:receiptId",
"GET /.well-known/certifieddata.json"
],
"related_terms": [
"Agent Commerce receipt",
"Payment authorization",
"Transparency log"
],
"sdk_typescript": "npm install @certifieddata/payments",
"sdk_python": "pip install certifieddata-agent-commerce",
"repos": [
"https://github.com/certifieddata/certifieddata-agent-commerce-public"
]
}What is payment verification?
Payment verification is the process of confirming that an Agent Commerce receipt is valid and trustworthy. It ensures the receipt corresponds to a real transaction, the data has not been modified after signing, the payment aligns with its authorization, and the record can be trusted by external systems.
This turns payments into verifiable events — not just internal logs.
How verification works
Any party with a receipt ID can verify the receipt against Agent Commerce's published public key at /.well-known/certifieddata-public-key.pem. No account required. The verification process:
Retrieve the receipt
Call GET /api/payments/verify/:receiptId with the receipt ID.
Recompute the hash
Canonicalize the payload using RFC 8785. Compute SHA-256. Compare with the stored receipt hash.
Verify the signature
Validate the Ed25519 signature against the published public key. If it verifies, the receipt was issued by Agent Commerce and has not been altered.
Why verification matters
AI systems rely on machine-to-machine trust. Without verification, receipts can be forged or altered, systems cannot safely rely on external payment data, audits become unreliable, and automation breaks down.
Verification allows independent systems to confidently accept and act on payment data — without needing to trust the platform that issued it.
Verification response field reference
All fields in the verification_check_entry.v1 schema.
| Field | Type | Required | Meaning |
|---|---|---|---|
| verification_id | string | yes | Unique verification check identifier — ver_{hex} |
| receipt_id | string | yes | Receipt that was verified |
| result | string | yes | valid | invalid |
| hash_valid | boolean | yes | Whether the SHA-256 hash recomputed correctly |
| signature_valid | boolean | yes | Whether the Ed25519 signature verified against the public key |
| checked_at | string | yes | ISO-8601 UTC timestamp of the verification check |
What gets verified
Integrity
Has the receipt been changed since it was signed? Hash comparison catches any modification.
Authenticity
Was the receipt issued by Agent Commerce? Ed25519 signature verification against the published public key confirms the issuer.
Consistency
Does the receipt match the original authorization and execution? The policy version and authorization decision are embedded in the receipt payload.
Completeness
Are all required fields present? The schema registry defines what a valid receipt must contain.
Verification in the payment lifecycle
Execution
Payment occurs.
Verification← you are here
Receipt is validated.
From trust assumptions to trust guarantees
Traditional systems rely on implicit trust — internal logs, platform guarantees, manual reconciliation. AI systems require independent validation, machine-readable checks, and consistent verification logic.
Verification provides that foundation.
Machine pointers
- canonical_url
- https://certifieddata.io/agent-commerce/payment-verification
- concept_type
- verification-surface
- related_concepts
- Agent Commerce receipt · Payment authorization · Transparency log
- verification_surface
- GET /api/payments/verify/:receiptId · GET /.well-known/certifieddata-public-key.pem
- protocol_category
- verification_events