Pre-payment policy for autonomous agents

Agent Payment Preflight API

Before an agent signs an x402 payment payload, Ontario can answer whether the endpoint is ready enough to pay under an explicit policy. This is point-in-time readiness evidence and report history — not a safety guarantee.

Trust boundary: The preflight decision is based on observed signals (HTTP 402/payment challenge behavior, manifests, OpenAPI metadata, signed report integrity, and freshness). Ontario does not guarantee endpoint safety, merchant honesty, or future behavior. See what Ontario checks and what Ontario does not check.

Endpoint

POST	`/api/agent/can-pay` returns `allow`, `review`, or `deny` for an endpoint under an agent policy.
GET	`/api/agent/can-pay?endpoint=...` supports the same inputs as query params.

Inputs

`endpoint`	Required. Alias: `target_url` or `url`.
`agent_policy`	Optional: `strict` (default), `standard`, `permissive`.
`max_usdc`	Optional. Deny if declared price exceeds this limit. Strict mode also denies when the manifest does not declare price.
`verify_live`	Optional (default true). When true, Ontario may run a live readiness probe and store a fresh signed report before deciding.
`mode`/`sandbox`	Optional. Use `mode=sandbox` or `sandbox=true` for deterministic no-money fixtures.

Strict policy examples

Strict mode is the default. It is designed for autonomous wallets that should fail closed unless readiness evidence is present, fresh, and priced within policy.

curl -X POST https://ontarioprotocol.com/api/agent/can-pay \
  -H "Content-Type: application/json" \
  -d '{
    "endpoint": "https://service.example/x402/task",
    "agent_policy": "strict",
    "max_usdc": 0.05,
    "verify_live": true
  }'

curl -G https://ontarioprotocol.com/api/agent/can-pay \
  --data-urlencode "endpoint=https://service.example/x402/task" \
  --data-urlencode "agent_policy=strict" \
  --data-urlencode "max_usdc=0.05" \
  --data-urlencode "verify_live=false"

Policy modes (summary)

`strict`	Fails closed when OpenAPI is missing, price is not declared, or the latest report is stale (> 168h), in addition to required readiness signals.
`standard`	Still requires key readiness signals, but tolerates unknown price and stale reports. Missing OpenAPI remains a deny.
`permissive`	Allows warnings instead of denials for some missing metadata (e.g., OpenAPI). If the latest grade is `close`, Ontario can return `review` instead of deny.

Sandbox mode (no money)

Use sandbox mode to rehearse allow/review/deny handling without touching live rails. Sandbox results are fixtures, not production certification.

curl -X POST https://ontarioprotocol.com/api/agent/can-pay \
  -H "Content-Type: application/json" \
  -d '{
    "endpoint": "https://sandbox.ontarioprotocol.com/x402/allow",
    "mode": "sandbox",
    "agent_policy": "strict",
    "max_usdc": 0.05
  }'

Response contract

Responses follow schema ontario.can-pay.v1. Use decision for gating and keep reasons for auditability.

{
  "decision_schema_version": "ontario.can-pay.v1",
  "decision": "allow",
  "decision_code": "ready_verified",
  "agent_policy": "strict",
  "endpoint": "https://service.example/x402/task",
  "max_usdc": 0.05,
  "declared_price_usdc": 0.01,
  "verification_age_hours": 2.4,
  "report_integrity_ok": true,
  "report": {
    "report_id": "rpt_...",
    "report_url": "https://ontarioprotocol.com/verify/report/rpt_...",
    "grade": "ready",
    "readiness_score": 92,
    "verified_at": "2026-05-21T10:00:00+00:00",
    "target_url": "https://service.example/x402/task"
  },
  "certification": null,
  "reasons": [],
  "warnings": [],
  "recommendations": []
}

Recommended agent behavior

Treat allow as “ready under policy,” not “safe.” Prefer running a readiness scan first, then using can-pay as an explicit gate.

1	Run `/api/verify/x402-readiness` and save the public report.
2	Share the report URL for human review and machine citation.
3	Enforce budgets with `max_usdc` and handle `review`/`deny` paths explicitly.