Bottom line
A verifiable payment receipt is a cryptographically signed record of an agent transaction that proves both that the payment occurred and that it was authorized under a specific, unmodified policy — independently verifiable by any auditor with the public key.
Trust & Verification
Verifiable Payment Receipts
Cryptographically signed, machine-readable proof of every agent transaction — auditable by compliance teams, financial auditors, and AI governance reviews long after the payment completes.
Why Receipts Must Be Verifiable
When a human approves a payment, the audit trail is implicit — there is a person who made a decision, a record of that decision, and typically a signature on an approval document. When an autonomous AI agent initiates a payment, none of those things exist unless the infrastructure explicitly creates them.
A standard payment confirmation tells you a transaction cleared. It does not tell you which policy authorized the agent to make that purchase, whether the policy was in force at the time, or whether the transaction parameters matched the policy's constraints.
Verifiable receipts solve this by embedding the policy reference in the receipt and signing the entire record. Any auditor can verify: (1) the transaction occurred, (2) it was authorized under policy X, (3) policy X has not been modified since it was signed. See how the API issues receipts →
What a Receipt Contains
Transaction ID
A unique, deterministic identifier for the transaction — derived from the transaction parameters, not assigned sequentially.
Policy reference
The ID and hash of the signed policy document that authorized this transaction. Verifiers can confirm the policy has not changed since it was signed.
Agent identity
A verifiable identifier for the agent that initiated the transaction — tied to the agent's signing key, not just a name or label.
Transaction details
Amount, currency, recipient, purpose, and any constraints specified by the policy for this transaction class.
Timestamp
An RFC 3339 timestamp of when the authorization was granted. The timestamp is included in the signed payload, preventing backdating.
Cryptographic signature
An Ed25519 signature over the canonical JSON representation of all receipt fields. The signature is verifiable against the issuer's published public key.
Verification and Auditability
Because every receipt is signed, verification requires only the issuer's public key — no call to a live API, no dependency on the issuing system's availability. Receipts can be verified offline, in bulk, and by parties who were not involved in the original transaction.
This is the property that makes verifiable receipts suitable for regulatory compliance. An auditor reviewing agent transactions six months after they occurred can verify each receipt's authenticity without querying a live system — satisfying record-keeping requirements under the EU AI Act and standard financial audit frameworks.
The policy reference in each receipt creates a second verification dimension: auditors can confirm not just that a transaction occurred, but that it was authorized under a policy that was itself reviewed and signed by an authorized human operator. See AI audit trail patterns →
Frequently Asked Questions
What is a verifiable payment receipt?
A verifiable payment receipt is a cryptographically signed record of an agent transaction that includes the policy authorization used, the transaction details, and a signature that makes the record tamper-evident and independently verifiable.
How are receipts verified?
Receipts carry a signature from the issuing system that any verifier can validate against a public key. Because the receipt includes a hash of the authorizing policy, verifiers can confirm both that the payment occurred and that it was authorized under a specific, unmodified policy.
How long should verifiable receipts be retained?
Retention depends on the regulatory context. For AI systems subject to the EU AI Act, a minimum of 6 months of records is required for high-risk system logs. For financial compliance, standard record-keeping obligations apply. Verifiable receipts are designed to be efficiently stored and retrieved at scale.