← All docs

GuardGate

Agent authorization firewall. Verifies agent trust level before granting capabilities like payment initiation, data write, or admin actions. Designed for the Mastercard Agent Pay, Visa TAP, and Stripe ACP ecosystem.

Endpoint

POST /api/v2/agent/guardgate
curl -X POST https://www.merchantguard.ai/api/v2/agent/guardgate \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "agt_xyz",
    "requestedAction": "payment_initiate",
    "amount_cents": 4999,
    "currency": "usd"
  }'

Response

{
  "verdict": "ALLOW",
  "capability": "PAYMENT_INITIATE",
  "trust_score": 87,
  "tier": "gold",
  "audit_chain_head": "sha256:..."
}

Capability tiers

  • READ_ONLY — passive intelligence, no state changes
  • DATA_WRITE — persists data on the merchant side
  • PAYMENT_INITIATE — proposes a payment for human review
  • PAYMENT_EXECUTE — executes a payment without further review

Verdicts

  • ALLOW — agent meets the threshold for the requested capability
  • DENY — trust below threshold, capability not granted
  • ENHANCED_SCREENING — additional verification required
  • HONEYPOT — externally indistinguishable from ALLOW; internally routed for behavioral signal
Nothing on this page is legal advice. Trademarks pending: MerchantGuard™ (Serial 99051215), GuardScore™ (Serial 99030125), AgentGuard™ (Serial 99462472). Patents 63/983,615 / 63/983,621 / 63/983,843 / 63/984,626 (provisional, filed Feb 17 2026). See LEGAL.md, PATENTS.md, DISCLAIMER.md.