Agent Commerce · Core Concept
Agent Commerce receipt
A verifiable record of what actually happened
When an AI agent makes a payment, the most important question is not just "did it go through?" It's: what exactly was paid for, under what conditions, and can this be verified later?
An Agent Commerce receipt answers those questions.
Machine-readable summary (for agents and systems)
Machine-readable summary
{
"term": "Agent Commerce receipt",
"slug": "receipt",
"category": "agent-commerce",
"type": "payment-proof-artifact",
"short_definition": "A machine-readable, Ed25519-signed proof record for an AI-initiated payment.",
"schema_version": "payment_receipt.v1",
"canonical_endpoint": "GET /api/payments/verify/:receiptId",
"canonical_url": "https://certifieddata.io/agent-commerce/receipt",
"signing_algorithm": "Ed25519",
"hash_algorithm": "SHA-256 (RFC 8785 canonicalized)",
"proof_surfaces": [
"GET /api/payments/verify/:receiptId",
"GET /.well-known/certifieddata.json"
],
"related_terms": [
"Payment authorization",
"Payment verification",
"Transparency log"
],
"sdk_typescript": "npm install @certifieddata/payments",
"sdk_python": "pip install certifieddata-agent-commerce",
"repos": [
"https://github.com/certifieddata/certifieddata-agent-commerce-public"
]
}What is an Agent Commerce receipt?
An Agent Commerce receipt is a machine-readable, Ed25519-signed record of a completed payment. It captures the amount and currency, the payment rail used, the service or resource purchased, the time of execution, the policy version that governed the authorization, and cryptographic verification signals.
Unlike a traditional receipt, it is designed to be:
- ✓Readable by systems — not just humans
- ✓Linked to the original authorization and policy version
- ✓Independently verifiable by any third party
Cryptographic structure
Every receipt is Ed25519-signed over an RFC 8785-canonicalized JSON payload. The signature is verifiable against CertifiedData's published public key at /.well-known/certifieddata-public-key.pem — no account required.
Ed25519 signature
Asymmetric signature over the canonicalized receipt payload. Proves the receipt was issued by Agent Commerce and has not been altered.
RFC 8785 canonicalization
Deterministic JSON serialization before signing ensures the same payload always produces the same hash — regardless of key ordering or whitespace.
SHA-256 receipt hash
The hash of the canonical payload is stored and returned with the receipt. Any third party can recompute and compare.
Receipt ID
A unique identifier for each receipt. Used to retrieve the receipt and verify it against the transparency log.
Receipt field reference
All fields in the payment_receipt.v1 schema.
| Field | Type | Required | Meaning |
|---|---|---|---|
| receipt_id | string | yes | Unique payment receipt identifier — rcpt_{hex} |
| schema_version | string | yes | Schema version — currently payment_receipt.v1 |
| timestamp | string | yes | ISO-8601 UTC timestamp of receipt issuance |
| agent_id | string | yes | Identity of the AI agent that initiated the payment |
| merchant_id | string | yes | Identity of the payee or merchant |
| rail | string | yes | Execution rail — stripe | usdc_base | usdc_ethereum | eth_ethereum |
| currency | string | yes | ISO 4217 currency code, lowercased (e.g. usd) |
| amount | integer | yes | Amount in smallest currency unit (e.g. cents) |
| purpose | string | yes | Human-readable description of payment purpose |
| purpose_tag | string | yes | Machine tag — data_access | api_call | saas_renewal | procurement |
| policy_id | string | yes | Identifier of the policy that authorized this payment |
| policy_hash | string | yes | SHA-256 hash of the policy JSON at evaluation time — proves policy version |
| authorization_id | string | yes | Reference to the payment_authorizations record |
| transaction_id | string | yes | Reference to the payment_transactions record |
| external_reference | string | no | Stripe payment intent or session ID |
| artifact_hash | string | no | SHA-256 hash of the receipt payload — used for signature verification |
| status | string | yes | submitted | succeeded |
Why receipts matter for AI systems
Human payments rely on trust and manual review. AI systems require something stronger.
Auditability
You need a clean record of what the agent actually did — linked to the policy that governed it.
Traceability
Receipts link back to the original authorization decision, policy version, and actor identity.
Verification
Other systems can confirm the receipt is valid without trusting the platform that issued it.
Without this, you cannot safely allow agents to spend money at scale.
How it fits into the payment lifecycle
Execution
The payment is made.
Receipt← you are here
A signed record is generated.
From receipts to verifiable payments
Receipts are the foundation of verifiable payments. They turn a payment from a one-time event into a persistent, inspectable record. This enables audits, compliance checks, automated reconciliation, and cross-system trust.
Machine pointers
- canonical_url
- https://certifieddata.io/agent-commerce/receipt
- concept_type
- payment-proof-artifact
- related_concepts
- Payment authorization · Payment verification · Transparency log
- verification_surface
- GET /api/payments/verify/:receiptId · GET /.well-known/certifieddata-public-key.pem
- protocol_category
- receipt_events