Agentic Payments Consent Framework
Consent is the foundation of verified agent payments. This framework defines how consent is captured, encoded, verified, and revoked for AI agent transactions.
In This Guide
Consent Model · Consent Receipt Structure · Scope Design · Constraint Design · Revocation Model
Trust Signals & Evidence
Author: AffixIO (Kris & Becca Richens). See What is AffixIO.
Method: We treat consent as a cryptographic artifact (a signed receipt) that is validated at transaction time: scope/constraints, nonce-based replay protection, and revocation/expiry all determine whether a request is eligible.
Privacy: Stateless verification by design; no PII stored. See Privacy Policy.
Last updated: March 18, 2026
Further reading: W3C Verifiable Credentials, NIST Digital Identity, consent receipts.
Consent Receipt Checklist (What to Issue)
When you generate a consent receipt for agentic payments, validate these design properties so verifiers can safely produce a binary YES/NO:
- Delegation — The receipt clearly binds an agent_id to a delegator_id.
- Scoped consent — consent_scope includes only allowed actions (narrow > broad).
- Hard constraints — amount, currency, merchant/category, geography, and time window are encoded as limits.
- Nonce uniqueness — nonce is unique per receipt so anti-replay can be enforced.
- Expiry — issued_at/expiry defines a validity window (including offline freshness policy).
- Revocation hooks — specify how explicit revocation lists are applied (or confirm expiry/TTL as primary controls).
- Signature — receipt is signed with an issuer key verifiable by all participants.
For a worked example and interactive demo, see ACRRV prototype.
Consent Framework Graph
This diagram shows how the receipt design decisions connect into transaction-time eligibility verification:
For canonical field names and receipt format, see consent receipt spec.
Consent Design Failure Modes
| Receipt design gap | What breaks | Fix |
|---|---|---|
| Scope is too broad | Increased blast radius if an agent is compromised | Use narrow actions for consent scope |
| Constraints not encoded as hard limits | Verifier cannot enforce transaction-time bounds | Include amount/currency/merchant/category/time window constraints |
| Nonce uniqueness missing | Replays and double-spend attempts become feasible | Include a nonce and enforce anti-replay with verifier state or freshness policy |
| Expiry/validity window missing | Stale consent can be reused longer than intended | Add explicit expiry semantics and enforce at verification time |
| Revocation model unclear | Invalidated permissions remain usable | Define revocation list or TTL policy and ensure verifiers can check it |
Consent Model
The consent framework follows a delegation model: the user (delegator) issues a consent receipt to an agent, granting scoped permission to act within constraints. The receipt is the evidence of consent.
Delegation
User grants agent permission via consent receipt.
Verification
Receipt checked at each transaction (signature, scope, constraints, replay).
Revocation
Consent expires or is explicitly revoked by the user.
Consent Receipt Structure
A consent receipt contains:
delegator_id— Pseudonymous user identifieragent_id— Agent receiving permissionconsent_scope— Array of allowed actionsconstraints— Amount, merchant, time, geography limitsnonce— 256-bit unique value for replay protectionissued_at/expiry— Validity windowsignature— Ed25519 signature by issueroffline_policy— Whether offline verification is allowed
See consent receipts for the full specification. Try the interactive demo.
Scope Design
Scope should be as narrow as possible. Instead of granting broad "transact" permission, use specific actions:
["pay"]— Agent can make payments only["pay", "book"]— Agent can pay and book["pay", "book", "cancel"]— Full lifecycle
Narrow scope reduces the blast radius if an agent is compromised.
Constraint Design
Constraints are hard limits that cannot be exceeded. They are checked at every transaction:
| Constraint | Purpose | Example |
|---|---|---|
max_amount | Limit transaction value | 500 (max $500 per transaction) |
currency | Restrict currency | "GBP" |
merchant_id | Restrict to specific merchant | "merchant_456" |
time_window | Limit validity period | Start/end ISO 8601 timestamps |
transaction_count_limit | Limit number of uses | 5 (max 5 transactions) |
Revocation Model
Consent can be revoked through three mechanisms:
- Expiry — Built-in expiry timestamp. No action needed; receipt fails verification after expiry.
- Explicit revocation — User or issuer adds receipt ID to a revocation list. Verifier checks the list.
- Short TTL — Issue receipts with short time-to-live (e.g., 1 hour). Limits exposure window.
Ready to implement?
Explore the reference architecture or request a technical walkthrough.
Frequently Asked Questions
A delegation model where the user issues a signed consent receipt to an agent, granting scoped permission within constraints. The receipt is verified at each transaction.
Through expiry, explicit revocation lists, or short TTLs. Once revoked or expired, the receipt fails verification.
As narrow as possible. Use specific actions (pay, book, cancel) rather than broad permissions. This limits the impact of compromised agents.