OpenPermit Docs
Concepts

Receipts and Audit

Use receipts, audit events, and webhooks to prove policy, payment, and delivery outcomes.

Receipts connect the payment intent, policy decision, seller, resource, settlement reference, and delivery state. They give buyers and sellers a durable record of what was authorized and what was delivered.

Future receipt evidence should also reference authorizationEvidence[] hashes for VI/AP2 mandates, Web Bot Auth verification, provider-issued agent credentials, seller commitments, voucher credentials, and provider settlement reports when those artifacts are present.

Use verifyReceipt when a consumer needs to validate the receipt audit hash locally:

import { verifyReceipt } from '@openpermit/sdk/primitives';

if (!verifyReceipt(receipt)) {
	throw new Error('Invalid OpenPermit receipt');
}

Audit events cover mandate lifecycle, payment authorization, execution, receipt recording, webhook delivery, and emergency actions. Webhooks let operational systems react to those events without polling.

For dispute readiness, a receipt bundle should eventually include:

  • The OpenPermit mandate and policy decision hash.
  • Any VI/AP2 intent, checkout/cart, or payment mandate evidence hash.
  • Seller/resource commitment and delivery status.
  • Payment credential or voucher hash.
  • Settlement reference, batchSettlementReference, and provider reconciliation reference when applicable.
  • settlementAssurance, such as providerGuaranteed, onchainFinality, processorBalance, batchPending, or none.

Provider-backed guarantees should be labeled as provider assurance. OpenPermit records and reconciles that assurance; it does not guarantee settlement unless OpenPermit becomes the settlement provider.

See the generated API reference for:

  • /api/v1/receipts
  • /api/v1/audit/events
  • /api/v1/webhooks

HTTP Payments

How paid HTTP resources become OpenPermit payment intents.

Auth and Organizations

How service accounts, organization context, and product roles control API access.