AffixIOAFFIXIO
Contact

UCP verification

Universal Commerce Protocol merchant verification

Universal Commerce Protocol (UCP) standardises how agents and merchants exchange commerce messages. Verification still belongs at the boundary: can this agent act for this buyer under policy at this merchant? AffixIO returns signed allow or deny beside UCP traffic, with spent-proof where a credential must not authorise twice.

Category Agentic payments Updated 17 July 2026 Reading ~10 min
UCPMERCHANT GATEALLOW/DENYML-DSA-65AGENTIC COMMERCEMERKLE

Definition

UCP merchant verification is independent signed confirmation that an agent or buyer meets merchant policy at the Universal Commerce Protocol boundary.

Field note. UCP merchant verify should run before order confirmation, not as a post-settlement audit step.

Verification beside UCP orchestration

Keep UCP for catalogue, basket, and checkout messaging. Insert AffixIO verify when the merchant accepts an agent-led order or before payment capture. Issue proofs upstream when consent is granted. Present at the merchant edge. Gate on allow or deny.

Noir ZK circuits can prove programme membership or spend limits without exporting underlying attributes. ML-DSA-65 signs results. Verifiers learn outcomes and audit metadata, not identity files.

Multi-protocol agentic commerce stacks

Teams often run UCP beside AP2 and card checkout. One AffixIO permission layer can serve each edge with policy tuned per channel. REST, SDK, and MCP connector patterns document how orchestrators call verify.

Start with the highest-value merchant categories where agent-led orders carry AML or fraud scrutiny. Expand once deny handling and audit retrieval are operational.

Verifier placement for UCP merchant verification

Map UCP merchant verification to a single verify endpoint even if multiple protocols feed the same checkout or tool surface. One permission layer reduces drift between AP2, UCP, and direct REST integrations.

Review deny rates weekly during pilot. Spikes often trace to policy drift or clock skew on expiry, not fraud.

Split-arch flaw

Commerce messages without eligibility proof

UCP improves interoperability. It does not automatically produce auditor-grade evidence that policy was enforced before an order is accepted.

Self-asserted buyer status

Agents can forward claims about buyer eligibility that merchants cannot independently verify.

Cross-merchant replay

A permission artefact minted for one UCP session may be replayed at another merchant without spent-proof.

Fragmented consent records

Each merchant stores its own copy of consent signals instead of verifying a signed outcome.

Settlement disputes

Without Merkle-anchored refs, chargeback review lacks a re-checkable decision artefact.

Checkout wiring

UCP merchant verification at the protocol boundary

Universal Commerce Protocol checkout without merchant-side verify lets agent orders clear before permission is proven. AffixIO checks proofs at the UCP boundary with Merkle evidence on the order.

  1. Identify UCP acceptance points

    Map where agent orders become binding before payment.

  2. Issue merchant-scoped proofs

    Bind credentials to merchant class, buyer policy, and expiry.

  3. Verify before order commit

    Gate on signed allow or deny at the merchant boundary.

  4. Retain Merkle refs with orders

    Attach audit pointers to order records for finance review.

Evidence checklist

Readiness checks for UCP merchant verification

  • Document UCP paths that reach payment authorisation.
  • Configure spent-proof for single-use checkout permissions.
  • Confirm zero PII at verifier by default.
  • Align deny codes with merchant support playbooks.
  • Prove flows in sandbox before production traffic.

Audit FAQ

Questions on UCP merchant verification

Does AffixIO implement UCP?

No. AffixIO verifies eligibility and permission beside UCP messaging.

Can one proof cover multiple merchants?

Policy decides. Circuits can encode merchant class scopes. Spent-proof prevents unwanted replay.

Where is identity stored?

With issuers upstream. Verifiers receive signed outcomes, not document copies by default.

How do we test UCP paths?

Use sandbox circuits, then wire verify into your UCP orchestrator before go-live.

Tooling links

Pages that support UCP merchant verification

Test UCP merchant verification

Run verify on UCP sandbox flows, then attach the same endpoint to production merchant checkout.