Skip to main content

Agent Verification for Ecommerce

User-authorized agents, not anonymous bots.

One signal. No infrastructure changes. Verified agentic commerce.

See 120 agents shopping ↓
PayClaw Agentic Intent Declaration
Agent-issued declaration
Agent Type: Authorized Actor
User: a7f28c91...3e2d (verified)
Scope: Shopping → Instacart
Declared At: 2026-03-01T14:23:07Z
Status: DECLARED
Token: pc_v1_8f3a**
Under the hood ↓
How PayClaw Works
  1. 01

    Configure

    A single prompt in your site config signals agents are welcome — with verification

  2. 02

    Verify

    One API call confirms user authorization behind every agent session

  3. 03

    Accept

    Let verified agents through — on your terms, not theirs

  4. 04

    Validate

    Every interaction logged in your data for clear, authorized agentic visibility

The Evidence

Watch what happens when real agents try to buy from real merchants.

30 years of building walls against bots. 4 years until agents are 20% of eCommerce.1

Ready to discuss agentic commerce?

Leave your name and email. Let's start a conversation.

Or email us directly: merchants@payclaw.io

1 Morgan Stanley

Our Trust Philosophy

What we do

We publish open source identity extensions. Merchants who install it signal that declared agents are welcome. Agents present a cryptographic token at checkout. We verify it.

The token proves three things: a real human authorized this agent, the agent declared its intent, and the session is traceable to an accountable principal. The token carries a cryptographic commitment, not a name or email.

What we don't do

  • Share user PII with merchants
  • Charge for the identity extension - it's open source for adoption
  • Replace your bot systems — we are a signal provider, not cybersecurity
  • Force agent compliance or enable workarounds — we set the signal; you get to decide what it means for your business
Economics
Add the UCP extension
$0
Verify at checkout
$0
[See how →]

Identity verification is free. It will stay free. We believe in open source standards. OAuth does not charge per login. PayClaw does not charge per declaration.

How we sustain this

Paying Users: When an agent completes a purchase, PayClaw provides a single-use virtual Visa. We charge Spend users a “refill fee” of 1.5% when they reload their wallet. You pay nothing extra as a merchant. The transaction routes at normal Visa rates.

Paying Merchants: We intend to build enterprise-grade verification features and insights. These will be add-on services for merchants who need them. The identity standard remains free.

If our model changes materially, we will say so publicly.

Ready to Discuss?

Everything technical and integration starts here.

How It Works
/.well-known/ucp[GitHub]
{
  "name": "io.payclaw.common.identity",
  "version": "2026-01-11",
  "extends": "dev.ucp.shopping.checkout",
  "spec": "https://payclaw.io/ucp/spec/identity",
  "schema": "https://payclaw.io/ucp/schemas/identity.json",
  "config": { "required": false }
}

The UCP Extension

io.payclaw.common.identity is an extension to UCP's checkout capability. Any UCP merchant can add it to their /.well-known/ucp manifest at any time.

Shopify one-click is coming soon. For early access or non-Shopify integration support, merchants@payclaw.io.

config.required: false means checkout never breaks for agents without PayClaw. When a merchant sets this to true, agents that cannot satisfy the identity check receive requires_escalation — forcing a user handoff through PayClaw's OAuth flow.

/.well-known/ucp
{
  "name": "io.payclaw.common.identity",
  "version": "2026-01-11",
  "extends": "dev.ucp.shopping.checkout",
  "spec": "https://payclaw.io/ucp/spec/identity",
  "schema": "https://payclaw.io/ucp/schemas/identity.json",
  "config": {
    "required": false
  }
}

What Agents See

When an agent without PayClaw queries a UCP merchant, it reads the manifest and surfaces a prompt to the user:

“This store verifies user-authorized agents. Run npx -y @payclaw/mcp-server to authorize me to continue.”

This happens automatically. Not because of a custom integration — because the capability is in the manifest and agents are built to read it.

What Agents Present at Checkout

A declared agent includes this payload in its UCP checkout request.

badge_status: declared means this agent presented a valid PayClaw consent key. A verified human principal authorized this session via Google or Apple sign-in. The principal's identity is cryptographically committed to the token — we never share PII with merchants.

checkout-request.json
{
  "identity_declaration": {
    "credential_provider":
      "io.payclaw.common.identity",
    "badge_status": "declared"
  }
}

Programmatic Verification

Standard verification uses OAuth 2.0 token introspection (RFC 7662). One HTTP call. No PayClaw account required. Non-blocking. Target latency under 50ms.

Merchants discover this endpoint automatically via /.well-known/oauth-authorization-server (RFC 8414). See Trust Architecture for full details.

POST /api/oauth/introspect
POST /api/oauth/introspect
Authorization: Bearer {token}
{active: true}
Valid token
{active: false}
Invalid / expired
Get Started
Non-Shopify

Manual integration

See Dev JSON & Readme at [Git - UCP]

Simple UCP extension — add and configure anytime

Shopify

Coming Soon

Install PayClaw KYA from the Shopify App Store. One-click install. No coding. No configuration.

For beta or non-Shopify integration, merchants@payclaw.io

Ready to Discuss?

Source code

The io.payclaw.common.identity extension is open source under the MIT license.

[GitHub][Schema][OAuth Metadata][UCP Spec]

Agent-side implementation: [badge-server]