Agentic Checkout Protocol
The self-describing Veto Checkout wire protocol agents talk to — every endpoint, status code, and error shape. All bodies are JSON; status codes are used semantically.
The Veto Checkout wire protocol is what a merchant mounts under their own domain so any AI agent can discover products, create a checkout, and settle autonomously.
The protocol is self-describing.
Agents can't read docs at runtime. So every response carries machine-actionable
reason_codes, every error carries an error_human line, and every "you must do something
next" response carries the literal next call in its next field.
Conventions
- All bodies are JSON.
- Status codes are semantic — see the status table on each endpoint.
- Every error body has the shape:
{ "reason_codes": ["SCREAMING_SNAKE_CASE", "..."], "error_human": "one-line explanation" }Endpoints
| Method & path | Purpose |
|---|---|
GET /.well-known/agentic-checkout.json | Manifest — the discovery anchor. |
GET /agent/catalog | The product list. |
POST /agent/checkout | Create a session; returns a self-describing payment_required. |
POST /agent/checkout/{id}/settle | Run the acceptance gate, then settle. |
GET /agent/checkout/{id} | Poll the full session state. |
GET /.well-known/jwks.json | The merchant receipt public key (verify receipts offline). |
The complete rejection vocabulary lives in Reason codes.
Going to production
Swap the in-memory store for durable storage, pick a policy posture, validate before publishing, and harden the deployment.
GET /.well-known/agentic-checkout.json
The discovery anchor. The single URL an agent needs to bootstrap everything — catalog URL, checkout URL, supported rails, receiving destinations, accepted mandates, and a policy summary.