Agent Commerce · Core Concept

Agent payment authorization

The decision that governs every payment

Authorization is the upstream gate for every agent payment. Before money moves, every spend request is evaluated against a structured policy. The result determines what happens next.

Machine-readable summary (for agents and systems)

Machine-readable summary

{
  "term": "Agent payment authorization",
  "slug": "authorization",
  "category": "agent-commerce",
  "type": "authorization-surface",
  "short_definition": "The policy evaluation step that determines whether an AI agent is allowed to spend money.",
  "schema_version": "authorization_log_entry.v1",
  "canonical_url": "https://certifieddata.io/agent-commerce/authorization",
  "decision_outcomes": [
    "authorized",
    "blocked",
    "needs_review"
  ],
  "proof_surfaces": [
    "GET /transparency",
    "/agent-commerce/policy-engine"
  ],
  "related_terms": [
    "Agent Commerce receipt",
    "Payment policy engine",
    "Spend governance"
  ],
  "sdk_typescript": "npm install @certifieddata/payments",
  "sdk_python": "pip install certifieddata-agent-commerce",
  "repos": [
    "https://github.com/certifieddata/certifieddata-agent-commerce-public"
  ]
}

The three decision outcomes

authorized

The request passed all policy checks. The payment is dispatched to the rail. A signed receipt is issued on execution.

blocked

The request violated policy. No payment executes. The blocked decision and reason are recorded.

needs_review

The request is above the human review threshold. The payment is held until a human explicitly approves or rejects it.

What gets evaluated

Rail allowlist

Is the requested rail permitted for this agent?

Currency allowlist

Is the currency permitted by the agent's policy?

Merchant allowlist

Is the merchant in the approved vendor list?

Spend limit

Does the amount exceed the per-transaction ceiling?

Daily limit

Does this push cumulative spend over the daily cap?

Purpose tag

Is the purpose tag in the allowed category list?

Human review threshold

Does the amount cross the escalation threshold?

Authorization field reference

All fields in the authorization_log_entry.v1 schema.

authorization_log_entry.v1 — authorization response fields
Field	Type	Required	Meaning
authorization_id	string	yes	Unique authorization identifier — auth_{hex}
decision	string	yes	authorized \| blocked \| needs_review
policy_id	string	yes	Policy evaluated to produce this decision
policy_hash	string	yes	SHA-256 hash of the policy at evaluation time
rail	string	yes	Requested execution rail
currency	string	yes	Requested currency
amount	integer	yes	Requested amount in smallest currency unit
purpose_tag	string	yes	Requested purpose tag
reason_code	string	no	Reason code explaining a blocked or needs_review decision
created_at	string	yes	ISO-8601 UTC timestamp of the authorization decision

Authorization in the payment lifecycle

Authorization request← you are here

Agent submits spend request. Policy evaluates.

Decision recorded

Outcome, reason codes, policy version written to lineage.

Payment execution

Authorized requests dispatched to the rail.

Receipt issued

Ed25519-signed receipt generated.

Independent verification

Receipt verifiable by any third party.

Machine pointers

canonical_url: https://certifieddata.io/agent-commerce/authorization
concept_type: authorization-surface
related_concepts: Agent Commerce receipt · Payment policy engine · Spend governance
verification_surface: GET /transparency · /agent-commerce/policy-engine
protocol_category: authorization_events

Policy engine Spend governance Receipts Policy-gated transactions Agent Commerce overview