Bottom line
The Agent Commerce API enables autonomous agents to execute transactions that produce cryptographically signed receipts — each validated against a signed policy document before authorization is granted.
Developer Guide
Agent Commerce API
How autonomous agents execute policy-governed transactions and receive cryptographically signed proofs — designed for compliance, auditability, and machine-readable verification.
What the API Does
The Agent Commerce API is the execution layer for autonomous agent transactions. An agent calls the API to initiate a payment; the system validates the request against the agent's current signed policy, authorizes the transaction if it complies, and returns a cryptographically signed receipt as the response.
This design separates the authorization logic (defined in the policy) from the execution layer (the API), so agents can transact autonomously within defined boundaries without requiring a human approval gate on each transaction.
The receipt returned by the API is a structured JSON object that includes the policy reference, transaction metadata, and a tamper-evident signature. See how receipts work →
Core API Concepts
Policy documents
Every agent operates under a signed policy document — a structured definition of what the agent may purchase, at what value, under what conditions, and for how long. Policies are signed by an authorized operator and referenced in every receipt the agent's transactions produce.
Transaction authorization
Before a payment is processed, the API validates the transaction parameters against the agent's active policy. If the transaction falls outside policy bounds (wrong vendor, excessive value, expired authorization window), the request is rejected and no payment occurs.
Signed receipt issuance
On successful authorization, the API issues a signed receipt that includes the policy ID, transaction amount, timestamp, recipient, and a cryptographic signature. The receipt is the auditable proof of the transaction — usable by compliance systems, financial auditors, and AI governance reviews.
Idempotency and retries
API requests include idempotency keys so that network retries do not produce duplicate transactions. Each idempotency key maps to at most one issued receipt.
Integration Patterns
Agent Commerce integrates at the point where an autonomous agent decides to initiate a transaction. In practice, this means the API call happens inside the agent's decision loop — after the agent determines what to purchase but before it executes payment.
Direct agent integration
The agent SDK includes the Agent Commerce API client. The agent calls the API directly as part of its action loop. Receipts are stored by the SDK and surfaced via the compliance dashboard.
Middleware proxy
For agents that cannot directly call external APIs, a middleware layer intercepts outbound payment requests, validates them against the policy, forwards authorized ones, and attaches the signed receipt to the transaction log.
Event-driven pipeline
Agents emit payment intent events to a queue. A consumer service calls the Agent Commerce API, receives receipts, and writes them to an audit ledger. Useful for high-frequency or batch transaction patterns.
Human-in-the-loop escalation
The API can be configured to require human approval for transactions that approach policy limits. Escalation events are emitted before the policy boundary is crossed, not after.
Frequently Asked Questions
What does the Agent Commerce API do?
The Agent Commerce API lets autonomous agents execute transactions that produce cryptographically signed receipts. Each API call includes policy authorization, transaction details, and a receipt payload that is machine-readable and independently verifiable.
How does the API handle policy enforcement?
Policies are defined as signed documents that specify what an agent may purchase, at what value, under what conditions. The API validates each transaction against the agent's current policy before authorizing payment, and the policy reference is embedded in the signed receipt.
What receipt format does the API produce?
Receipts are structured JSON objects with cryptographic signatures, policy references, transaction metadata, and a timestamp chain. They are designed to be ingested by compliance systems, audit tools, and financial reconciliation pipelines.