Policy-governed agent transactions

AI agents quote, policy-evaluate, authorize, execute, and receive Ed25519-signed receipts for every transaction. Every step produces a machine-readable proof artifact — independently verifiable, no platform dependency required.

Run a sandbox transaction →Product overview Example receipt

Transaction flow

QuotePOST /v1/receipts/quote

Describe the transaction — amount, rail, counterparty, purpose. Returns a quote with policy preview.

EvaluatePolicy engine

Runtime policy evaluation against your configured controls: spend limits, counterparty allow-lists, purpose restrictions, rate limits.

AuthorizePOST /v1/receipts/authorize

Authorize the quote. Generates a signed authorization record. Blocked if policy evaluation fails — no bypass.

ExecutePOST /v1/receipts/execute

Execute the authorized transaction over the configured rail. Sandbox: fake settlement. Production: live Stripe or future rails.

ReceiptResponse

Ed25519-signed receipt returned. Contains: amount, rail, counterparty, policy result, timestamp, signature, key ID, and verify URL.

VerifyGET /api/payments/verify/:id

Any party can verify the receipt signature against the public key without contacting CertifiedData.

Signed receipt structure

receipt shape · Ed25519-signed

{
  "receipt_id": "rcpt_xxxx",
  "amount": 49.00,
  "currency": "usd",
  "rail": "stripe",
  "counterparty": "vendor:synthetic-data-co",
  "purpose": "dataset_purchase",
  "status": "settled",
  "policy_result": "approved",
  "policy_version": "spend-limit-v2",
  "signed_at": "2026-04-21T12:00:00Z",
  "key_id": "key_xxx",
  "signature_alg": "Ed25519",
  "signature": "...",
  "verify_url": "https://certifieddata.io/api/payments/verify/rcpt_xxxx"
}

API examples

Get sandbox key (no account)

# Get a sandbox API key (3/24h · no account)
curl -X POST https://certifieddata.io/api/sandbox/agent-key \
  -H "Content-Type: application/json" \
  -d '{"purpose":"demo"}'

Quote a transaction (authenticated)

curl -X POST https://certifieddata.io/v1/receipts/quote \
  -H "Authorization: Bearer $CERTIFIEDDATA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 49.00,
    "currency": "usd",
    "rail": "stripe",
    "counterparty": "vendor:synthetic-data-co",
    "purpose": "dataset_purchase",
    "metadata": {
      "dataset_cert_id": "cert_abc123",
      "agent_id": "agent:procurement-v2"
    }
  }'

Verify receipt + signing key

# Verify a receipt
curl "https://certifieddata.io/api/payments/verify/rcpt_xxxx"

# Signing public key
curl "https://certifieddata.io/.well-known/certifieddata-public-key.pem"

Payment rails

Rail	Status	Notes
Stripe	Active (Phase 1)	Live card and bank payments. Receipts signed on settlement.
USDC on Base	Phase 2 — planned	Stablecoin settlement on Base L2. Same signing model.
ETH	Phase 2 — planned	Ethereum native. Same receipt contract.

Capability matrix

Action	Anonymous	Authenticated	Production	Public Proof
Get sandbox key	✓ 3 keys / 24h	✓ unlimited	✓	—
Quote a transaction	✓ sandbox only	✓	✓	—
Policy evaluation	✓ sandbox rules	✓ custom	✓ custom	✓ on receipt
Authorize transaction	✓ sandbox	✓	✓	—
Execute transaction	✓ sandbox (fake settle)	✓ sandbox	✓ live rails	—
Receive signed receipt	✓ sandbox receipt	✓	✓	✓ verify URL
Verify receipt	✓ no limit	✓	✓	✓ public endpoint
Live Stripe rail	✗	✗ Build+	✓ Build+	✓ receipt
Dashboard approvals	✗	✓	✓	—
Spend governance policies	✗	✓ Build+	✓ Build+	✓ policy on receipt

Agent Commerce overview Receipt structure Policy engine Example receipt Stripe rail Verify receipts