AffixIOAFFIXIO
Contact

Spent-proof

Double spend prevention for credentials

A valid credential presented twice is a classic failure mode for tickets, payments, and agent permissions. AffixIO spent-proof patterns mark a presentation consumed so a second use fails verify.

Category Infrastructure Updated 17 July 2026 Reading ~10 min
SPENT-PROOFANTI-REPLAYTICKETSPAYMENTSAGENTSML-DSA-65

Definition

Double spend prevention for credentials ensures a presented proof cannot authorise a second time once it has been marked spent at the verifier.

Field note. Double-spend on credentials shows up as duplicate charges or entry fraud after offline windows close.

Spent-proof mechanics

At present and verify, the verifier records that this proof presentation is consumed under policy. A second present returns deny. Online and offline designs differ in how spent state is stored, but the rule is the same.

See double-spend prevention pages for ticket and payment examples.

Where to require it

Single-entry tickets, single-use payment permissions, and one-shot agent delegations. Not every credential must be single-use. Long-lived membership proofs may allow multiple presents with different anti-replay controls.

Choose spent-proof when the business rule is one authorisation per artefact.

Production wiring for credential double-spend prevention

Place issue at consent or policy satisfaction, then verify at the first external boundary. Deny should return a stable code for support. Allow should attach Merkle metadata to the record your finance or ops team already stores.

When WAN is unreliable, run local verify with cached keys and sync Merkle inclusion later. Offline QR and edge agents use the same spent-proof rules as online gates.

Chargeback gap

Valid twice is still fraud

Signature validity alone does not stop replay. Without spent-proof, a photographed QR or captured token works again.

Photographed tickets

Screenshots admit a second entry.

Captured agent tokens

Replay authorises a second payment or tool call.

Shared links

Bearer URLs circulate beyond the intended subject.

Offline ambiguity

Edge scanners need local spent state, not only cloud flags.

Spent-proof rule

Spent-proof credentials that block double redemption

Reusable credentials without spent-proof rules let the same proof pay twice or enter twice after a sync delay. AffixIO marks proofs spent at first successful verify.

  1. Mark single-use credentials

    Tickets, one-shot pays, delegations.

  2. Enable spent-proof

    At issue and verify.

  3. Test double present

    Expect deny on second use.

  4. Monitor spent-state health

    Especially on offline scanners.

Pilot gates

Readiness checks for credential double-spend prevention

  • Inventory credentials that must be single-use.
  • Enable spent-proof on those issue paths.
  • Train door staff on second-scan deny.
  • Include spent-proof in sandbox test plans.
  • Review offline spent-state sync.

Common questions

Questions on credential double-spend prevention

Is spent-proof only for payments?

No. Tickets, access, and agent permissions use the same idea.

What about refunds and re-entry?

Re-issue a new credential. Do not reuse a spent presentation.

Offline scanners?

Local spent-state with later sync. See offline gate docs.

Where is the product page?

/double-spend-prevention/

Product links

Pages that support credential double-spend prevention

Test credential spent-proof rules

Run double-present scenarios in sandbox, then confirm verify rejects replayed proofs at your boundary.