What Makes an AI Agent Verified Before Conducting Transactions
Before an AI agent can make a payment or take action on behalf of a user, it must pass a set of verification checks. Here is what 'verified' actually means.
In This Guide
Verification Requirements · Identity Binding · Consent Scope · Constraint Enforcement · Continuous Verification
Trust Signals & Evidence
Author: AffixIO (Kris & Becca Richens). See What is AffixIO.
Method: “Verified” is defined as an implementation-anchored checklist: identity binding, consent scope/constraints, expiry, and anti-replay enforcement are evaluated for each transaction.
Privacy: Stateless verification by design; no PII stored. See Privacy Policy.
Last updated: March 18, 2026
Further reading: W3C Verifiable Credentials, NIST Digital Identity, OWASP API Security.
Agent Verification Checklist (Per Transaction)
Use this checklist to determine whether an agent is “verified” for a specific transaction request:
- Identity binding — The agent’s credential/public key is registered and not revoked.
- Consent evidence — A valid consent receipt is present, signed, and unexpired.
- Consent scope match — The requested action is allowed by
consent_scope. - Constraint satisfaction — Amount, merchant/category, currency, time window, and geography are within bounds.
- Policy compliance — Issuer authorization rules approve the transaction for this agent + merchant + context.
- Anti-replay — The receipt nonce has not been used for prior approvals.
- Continuous verification — Verification runs every time (no “verified forever” shortcut).
If any check fails, return a binary YES/NO with a reason code so the agent and merchant can remediate safely.
Verified Agent Graph (Per Transaction)
This diagram shows the criteria that define whether an agent is verified for a specific transaction:
Verified Agent Failure Modes
| Failure mode | Which requirement fails | Typical reason |
|---|---|---|
| Identity not verifiable | Identity binding | IDENTITY_UNVERIFIED |
| Consent receipt invalid or unexpired check fails | Valid consent receipt | INVALID_OR_EXPIRED_RECEIPT |
| Action outside consent scope | Scope match | SCOPE_NOT_ALLOWED |
| Transaction outside constraints | Constraint enforcement | CONSTRAINT_VIOLATION |
| Receipt replay detected | Anti-replay | REPLAY_DETECTED |
| Policy compliance fails | Issuer authorization rules | POLICY_REJECTED |
Verification Requirements
A verified agent satisfies all of the following:
- Identity binding — The agent has a cryptographic identity (public key or credential) that is registered and not revoked
- Valid consent — The agent holds a consent receipt issued by the delegating user, with matching scope and unexpired
- Policy compliance — The proposed transaction satisfies the issuer's authorization policy
- Constraint satisfaction — Amount, merchant, currency, time window, and geographic restrictions are all within bounds
- Non-replayed — The consent receipt nonce has not been used before
Identity Binding
Agent identity must be stable and verifiable. The agent's public key is registered with the verification layer. At each transaction, the verifier checks the key against the registry. If the key is unknown, revoked, or expired, the agent is not verified.
See authentication mechanisms for credential types.
Consent Scope
The consent receipt defines what the agent is allowed to do. Scope is an array of actions (e.g., ["pay", "book"]). If the agent tries to perform an action not in scope (e.g., "cancel"), the transaction is rejected.
Constraint Enforcement
Constraints are hard limits encoded in the consent receipt:
Amount Limit
max_amount: 500 — Transaction cannot exceed this value.
Merchant Restriction
merchant_id: "merchant_456" — Payment only to this merchant.
Time Window
time_window_start / end — Transaction must occur within this window.
Geographic Restriction
geographic_restriction: "GB" — Transaction must originate from this region.
Continuous Verification
Verification is not a one-time check. Every transaction triggers a full verification pipeline. An agent that was verified for one transaction is not automatically verified for the next. This prevents scope creep and ensures consent is re-evaluated for each action.
Ready to implement?
Explore the reference architecture or request a technical walkthrough.
Frequently Asked Questions
An agent is verified when it passes identity, consent, policy, constraint, and replay checks for a specific transaction.
No. Every transaction triggers full verification. An agent verified for one transaction is not automatically verified for the next.
The transaction is rejected with a specific failure reason. The agent can inspect the reason and take corrective action.