Agentic Payment Infrastructure
Agentic payments control for AI agents, merchants and payment infrastructure
AffixIO gives agents, apps, terminals and backend systems a way to request permission to perform payment-related actions. Instead of granting unrestricted spending power, you define policy, delegation rules and trust constraints. AffixIO evaluates them and returns a verifiable decision.
// Decision response { "decision_id": "dec_9f7a3c1b", "allowed": true, "action": "ALLOW_WITH_LIMITS", "reason_codes": [ "DELEGATION_VALID", "DEVICE_TRUSTED", "MERCHANT_ALLOWED" ], "max_amount": 2500, "currency": "GBP", "requires_step_up": false, "proof_id": "prf_3e6c1a8b", "expires_at": "2026-03-11T20:15:00Z" }
The challenge
The problem with unrestricted agent payment access
Agents today typically receive a full API key or payment token. Once issued, that credential carries as much spending authority as a human employee with unrestricted access to a corporate card. The agent can initiate transactions at any merchant, for any amount, at any time the credential is valid. There is no mechanism in most payment stacks for expressing that an agent should only be permitted to spend up to a given ceiling, with a specific merchant, during a defined window.
When something goes wrong with an over-permissioned agent, the post-incident situation is difficult. There is no permission boundary to point to, no machine-readable record of a decision granting authority for the specific transaction that caused the problem, and no way to show that a delegation constraint was in place that should have blocked the action. Chargebacks attributed to agent-initiated transactions are hard to dispute without that evidence layer.
PSPs, acquirers, payment gateways, merchants, and terminal vendors all face the same structural gap. Chargebacks from over-permissioned agents are difficult to contest. Fraud that originates from a compromised agent credential is hard to trace to a specific delegation scope. There is no machine-readable evidence of whether a given payment action was actually authorised under a policy that was active at the time it occurred.
The gap is not in the payment network itself. Card schemes, PSPs, and acquirers process what they receive. The missing layer is the one that should sit between the agent and the payment execution: the layer that evaluates "was this agent actually permitted to do this, at this amount, with this merchant, at this time" and returns a verifiable answer before any funds move.
AffixIO
A permission and proof layer for payment-authorised agents
AffixIO operates as a control plane that sits between payment-requesting agents and payment-executing infrastructure. It is not a bank, not a wallet, and it does not move funds. Its role is to evaluate whether a given agent is permitted to trigger a specific payment action, under the delegation and policy in force at the time of the request, and return a machine-readable decision.
Agents register with AffixIO and receive scoped credentials tied to a specific agent identity. Delegations are separate objects that express what the agent is permitted to do: which merchants it may transact with, which amount ceilings apply, which currencies are permitted, which channels are in scope, and when the delegation is valid. A single agent can hold multiple delegations with different constraints for different contexts.
When an agent wants to trigger a payment action, it calls AffixIO with a permission request containing its agent identifier, device identifier, delegation identifier, and the details of the payment intent. AffixIO evaluates whether the agent is registered, whether the device is attested and trusted, whether the delegation is active and covers the requested action, whether the merchant is on the allowlist, and whether the trust policy is satisfied. The result is a decision object containing the action code, the applicable reason codes, a proof identifier, and an expiry.
Downstream systems, whether a PSP, a merchant backend, or a terminal, read the decision. They only proceed if the action is ALLOW or ALLOW_WITH_LIMITS. A decision of DENY stops execution before any payment is initiated. A decision of REQUIRE_USER_CONFIRMATION pauses the flow for a human checkpoint before the permission request can be completed.
Decision flow
Sends agent_id, device_id, delegation_id, and payment intent to AffixIO
Checks registration status, credential validity, device attestation and trust score
Checks merchant allowlist, amount ceiling, currency, channel, and validity window
Policy-level rules can require step-up, block specific patterns, or add constraints
ALLOW ALLOW_WITH_LIMITS DENY REQUIRE_USER_CONFIRMATION
Your payment stack reads the decision and proceeds or halts accordingly
proof_id and audit_event_id included in every decision response
What AffixIO provides
Key capabilities
Agent registration
Register and manage AI agents, apps, and terminal systems. Issue scoped credentials per agent. Rotate keys without disrupting live payment flows or invalidating active delegations.
Delegated permissions
Define what each agent can do. Set merchant constraints, amount ceilings, currency limits, channel restrictions, and validity windows per delegation. Delegations can be revoked instantly.
Merchant allowlists
Restrict agents to specific merchants or merchant categories. An agent authorised for one merchant cannot silently route payments to another. Allowlist checks run at decision time on every request.
Spend caps
Set maximum amounts per transaction, per day, or per delegation window. Decisions enforce these caps automatically. No code change is needed at the PSP or merchant backend layer when limits are updated.
Device trust
Attest and pair devices to agents. Decisions factor in device trust scores and attestation status. An unattested device can be denied or sent for step-up without affecting other channels or agent credentials.
Payment intent controls
Create and manage payment intents separately from payment execution. AffixIO evaluates the intent before authorisation is requested. Capture only runs after a permitted decision has been returned.
Offline permission tokens
Issue short-lived permission tokens for environments without real-time connectivity. Tokens are cryptographically bound and expire. Nullifier checks prevent replay on reconnect, independently of the AffixIO server.
Cryptographic decision proofs
Every decision generates a proof. Proofs are verifiable independently of AffixIO. They constitute machine-readable evidence that a permission was granted or denied at a specific time under a specific policy.
Audit trails
Every permission request, decision, delegation change, and key rotation is logged with a hashed audit event. Audit proofs can be generated for compliance, dispute resolution, and regulatory review.
Human step-up confirmation
Configure decisions that require user confirmation before execution. Useful for high-value transactions, unusual patterns, or regulated contexts where a human checkpoint is required before an agent proceeds.
Integration
How it works
Register your agent
Call POST /v1/agents with agent metadata and public key material. Receive an agent_id. Issue credentials via POST /v1/agents/:agentId/credentials. Credentials are scoped to the agent and can be rotated without revoking active delegations.
Create a delegation
Define what the agent is allowed to do via POST /v1/delegations. Set merchant_id, max_amount, currency, validity window, and any additional merchant constraints. Multiple delegations can be active for a single agent simultaneously.
Submit a permission request
When the agent wants to trigger a payment, call POST /v1/nior/agent/permission with the agent_id, device_id, delegation_id, and payment intent details. The request does not contain card data or account credentials.
Receive a verifiable decision
AffixIO evaluates agent, device, delegation, trust policy, and merchant rules. Returns a decision with action, reason_codes, proof_id, and expires_at. The full evaluation completes in a single synchronous response.
Execute only if permitted
Your PSP or merchant backend reads the decision. If action is ALLOW or ALLOW_WITH_LIMITS, proceed to POST /v1/payment-intents/:id/authorise. If DENY, halt. Store the proof_id alongside the transaction record.
API example
# Permission request curl -X POST https://api.affix-io.com/v1/nior/agent/permission \ -H "Authorization: Bearer $AFFIXIO_KEY" \ -H "Content-Type: application/json" \ -d '{ "agent_id": "agt_5d1f9b3a", "device_id": "dev_8c2e6a4f", "delegation_id": "dlg_2b8e4a7c", "payment_intent": { "merchant_id": "mer_3c7a1b9f", "amount": 1850, "currency": "GBP", "channel": "online" } }'
// Full decision response { "decision_id": "dec_9f7a3c1b", "allowed": true, "action": "ALLOW_WITH_LIMITS", "reason_codes": ["DELEGATION_VALID", "DEVICE_TRUSTED", "MERCHANT_ALLOWED"], "policy_id": "pol_7c3a9f1b", "delegation_id": "dlg_2b8e4a7c", "agent_id": "agt_5d1f9b3a", "device_id": "dev_8c2e6a4f", "payment_intent_id": "pi_4a7b1c9e", "max_amount": 2500, "currency": "GBP", "requires_step_up": false, "proof_id": "prf_3e6c1a8b", "audit_event_id": "aud_1f4d9c2a", "expires_at": "2026-03-11T20:15:00Z" }
Applications
Use cases
AI shopping assistants
Consumer and enterprise shopping agents need bounded payment authority. Configure delegations that allow purchases up to a specific amount per day, restricted to allowlisted merchant categories. The agent cannot spend beyond what the delegation permits, and every transaction produces a verifiable proof that can be surfaced to users or retained for audits.
Merchant-side reorder agents
Inventory agents that automatically reorder stock need purchase permissions scoped to approved suppliers and pre-agreed price ranges. AffixIO enforces both. If a supplier attempts an invoice above the delegation ceiling, the agent's permission request returns DENY before any payment is initiated. The delegation record constitutes evidence that the control was in place.
POS and terminal-triggered approvals
Physical payment terminals operating in offline or intermittently connected environments can request pre-approved permission tokens. The token is cryptographically bound to a specific amount and merchant. On reconnect, the nullifier check ensures it cannot be replayed. This is distinct from blind floor-limit approval: the permission logic runs before the transaction, not after.
Delegated business purchasing
Corporate card programs traditionally give employees broad spending authority. AffixIO enables fine-grained delegation: an employee's payment agent can be authorised for specific categories, specific amounts, and specific suppliers. Delegations can be revoked instantly without waiting for a card network to process a block, and each decision is logged with a verifiable proof.
Offline permission flows
Field services, logistics crews, and remote payment environments need payment capability without a live connection. AffixIO issues short-lived offline permission tokens with a defined ceiling and expiry. When connectivity returns, the token is reconciled and the nullifier prevents double use. The audit record is created when reconciliation occurs.
Machine-to-machine payments
Automated systems orchestrating procurement, energy balancing, or logistics settlement need payment permissioning that operates at machine speed. AffixIO handles sub-second permission decisions at scale, with no session state, no database lock contention, and a cryptographic proof for every decision. The proof constitutes the authorisation record for the automated transaction.
Stack position
Where AffixIO sits in your stack
AffixIO is not in the money flow. It does not settle funds, hold balances, or replace your PSP, acquirer, or issuer. Adding AffixIO to your stack does not change how payments are processed, settled, or reconciled. It adds a decision layer upstream of your existing payment execution path.
It sits between the agent or system requesting a payment action and the payment infrastructure that executes it. The agent calls AffixIO with a permission request. AffixIO evaluates that request against the current state of the agent's registration, device attestation, active delegations, trust policy, and merchant rules. It returns a machine-readable decision object. Your payment infrastructure reads that object and acts accordingly.
Because the permission check happens upstream of payment execution, your existing PSP, acquirer, and merchant backend code changes are limited to reading the decision response and branching on the action code. The funds routing path stays unchanged. AffixIO proofs are stored alongside transaction records rather than in the payment data flow.
This architecture means AffixIO can be integrated with any payment stack that supports a pre-authorisation hook or middleware layer, without rerouting funds and without adding to PCI cardholder data environment scope.
Get started
Start in minutes
Get API credentials
Contact hello@affix-io.com or submit a request via the contact page to receive your API key and onboarding documentation.
Register your first agent
Call POST /v1/agents with your agent metadata and public key. Issue credentials via POST /v1/agents/:agentId/credentials. Create a delegation via POST /v1/delegations.
Make a permission request
Call POST /v1/nior/agent/permission with your agent, device, delegation, and payment intent. Read the action field in the response and wire your payment execution path accordingly.
Compliance and privacy
Security and compliance design
Privacy-first, proof-based decisions
AffixIO does not need raw card data, account numbers, or customer PII to make a permission decision. It evaluates agent credentials, delegation status, device trust, and payment intent metadata. Decisions are based on what the agent is permitted to do, not on the contents of a payment transaction. Sensitive payment data stays inside your existing payment stack at all times.
Audit-ready decision records
Every permission request and decision is recorded as a hashed audit event. Audit proofs can be generated for compliance reviews, internal investigations, and dispute resolution. The hashed audit trail gives you independently verifiable evidence of every decision without exposing sensitive payload data to the audit log.
PCI scope considerations
Because AffixIO does not process, store, or transmit card data, it does not introduce PCI DSS scope by itself. The permission layer operates on identifiers and policy metadata, not on payment credentials. Integrating AffixIO does not increase your cardholder data environment footprint, and the permission request payload contains no card data by design.
Cryptographic proofs for every decision
Decisions are accompanied by a proof_id. Proofs are verifiable independently of AffixIO. If a decision is disputed, the proof constitutes cryptographic evidence of what was decided, when, and under what policy. This is materially stronger than a log entry that can be altered and does not require AffixIO to still be accessible to verify.
Common questions
Frequently asked questions
Agentic payments are payment actions initiated or triggered by software agents, autonomous systems, or AI-powered apps rather than directly by a human. Examples include a shopping agent completing a purchase on behalf of a user, an inventory system reordering supplies, or a POS terminal authorising a transaction without a human cashier. AffixIO provides the permission and control layer for these flows: it decides whether an agent is authorised to trigger a payment action, enforces delegation constraints, and returns a verifiable decision.
No. AffixIO is a permission and proof layer, not a payment processor, bank, or wallet. It does not hold funds, settle transactions, or interface with card networks as a participant. It sits between the agent requesting a payment action and the PSP or acquirer that executes it. Your existing payment infrastructure handles settlement; AffixIO handles the authorisation decision.
Yes. AffixIO integrates as a middleware layer. Your PSP, acquirer, or merchant backend reads the AffixIO decision response and executes accordingly. No changes to your payment stack are required other than adding a permission check before payment initiation. AffixIO is compatible with any payment infrastructure that can consume a JSON API response.
Yes. Delegations define exactly what an agent is permitted to do. You can restrict an agent to specific merchant IDs or merchant categories, set a ceiling on individual transaction amounts, set a daily or period aggregate limit, and restrict the channels (online, in-person, recurring) through which the agent can act. AffixIO enforces these constraints at decision time. An agent that exceeds its delegation ceiling receives a DENY or ALLOW_WITH_LIMITS response.
Yes. AffixIO can issue short-lived offline permission tokens that are cryptographically bound to a specific amount, merchant, and time window. A terminal or agent operating without connectivity can validate the token locally. When connectivity returns, the token is reconciled against the server and a nullifier check prevents it from being used again. This is the same nullifier model used in AffixIO's offline payment SDK.
Yes. If a permission request meets a rule that requires human confirmation, AffixIO returns REQUIRE_USER_CONFIRMATION in the action field. Your application surfaces a confirmation prompt to the user. Once confirmed, the application resubmits the permission request with a confirmation token, and AffixIO can return ALLOW or ALLOW_WITH_LIMITS for the now-confirmed transaction.
Every decision returns a proof_id. The associated proof is a cryptographically bound record of the decision: what was asked, what was decided, which policy and delegation applied, when it occurred, and which agent and device were involved. The proof can be verified independently without querying AffixIO again. In a dispute, the proof constitutes machine-readable evidence that is stronger than a server log.
Yes. AffixIO makes decisions on policy metadata and agent credentials, not on card numbers, account details, or customer PII. Payment payload data stays in your existing payment stack. By moving the authorisation decision out of the payment flow and into a separate permission layer, you reduce the surface area where sensitive data needs to be present during a decision process.
Get started
Ready to add permission controls to your payment stack?
Talk to AffixIO about integrating agentic payment permission into your agent flows, merchant systems, or terminal infrastructure.