Manifest & JWKS serving
The public, agent-facing discovery surface served in hosted mode — the manifest, the receipt JWKS, and a path-form catalog mirror, with ETag caching and open CORS.
In hosted mode, Veto serves the merchant's public discovery surface — the same
/.well-known/* files a self-hosted merchant would mount. These endpoints are public (no
API key) and CORS-open, because they're what any agent reads to bootstrap a checkout.
Tenant resolution
Two equivalent forms resolve the same merchant and serve the same relative-path manifest:
| Form | URL | Resolves by |
|---|---|---|
| Host | https://<slug>.veto-checkout.com/.well-known/agentic-checkout.json | slug (prefers the live merchant) |
| Path | https://api.veto-ai.com/m/<slug-or-mrch_id>/.well-known/agentic-checkout.json | slug or mrch_ id |
GET /.well-known/agentic-checkout.json
The discovery anchor — catalog URL, checkout URL, rails, pay_to, accepted mandates, and a
policy summary. Built from the published config and cached per merchant.
| Auth | Public |
|---|---|
| Path-form | GET /m/:tenant/.well-known/agentic-checkout.json |
Caching & headers
| Header | Value |
|---|---|
ETag | "<sha256(manifest)>" |
Cache-Control | public, max-age=60 |
Access-Control-Allow-Origin | * |
Send If-None-Match: "<etag>" to get a 304 Not Modified when the manifest is unchanged.
| Status | Meaning |
|---|---|
200 | The manifest JSON. |
304 | Not modified (your If-None-Match matched the current ETag). |
404 | NOT_FOUND — no merchant for that host/tenant. |
curl https://acme.veto-checkout.com/.well-known/agentic-checkout.json
# or the path form:
curl https://api.veto-ai.com/m/acme/.well-known/agentic-checkout.jsonSee the wire-protocol manifest page for the full body shape.
GET /.well-known/jwks.json
The merchant's receipt public key — the canonical (R4) location a buyer fetches to verify
a receipt offline. Same key as /v1/merchants/:id/jwks.
| Auth | Public |
|---|---|
| Path-form | GET /m/:tenant/.well-known/jwks.json |
| Headers | Cache-Control: public, max-age=300, Access-Control-Allow-Origin: * |
{ "keys": [ { "kty": "OKP", "crv": "Ed25519", "x": "…", "kid": "mrch_01J…-receipts-v1" } ] }GET /m/:tenant/agent/catalog
A path-form mirror of the agent catalog for discovery tooling that prefers a single host.
Public, CORS-open, Cache-Control: public, max-age=60.
{ "items": [ /* CatalogItem[] */ ] }curl https://api.veto-ai.com/m/acme/agent/catalogCache invalidation
Every catalog / receiving / policy write — and every publish — invalidates the per-merchant manifest cache, so the next serve rebuilds from the published inputs.