Embed an Ontario readiness badge
Ontario badges are a compact way to link to a signed public readiness report. The badge is evidence that a specific report exists — not a safety guarantee and not a promise of future behavior.
/api/agent/can-pay).
Read what Ontario checks and
what Ontario does not check.
1) Get a report_id
Badges bind to a public report. Generate a report by running the readiness verifier.
curl -X POST https://ontarioprotocol.com/api/verify/x402-readiness \
-H "Content-Type: application/json" \
-d '{"target_url":"https://service.example/x402/task"}'
The response includes a report_id and report_url. Keep that report URL as the canonical reference.
2) Embed the badge (HTML)
Link to the report page and render the SVG badge as an image. Do not embed the SVG without a link.
<a href="https://ontarioprotocol.com/verify/report/<report_id>"> <img src="https://ontarioprotocol.com/verify/report/<report_id>.svg" alt="Ontario x402 readiness report"> </a>
Alternative image URL (same badge): https://ontarioprotocol.com/api/verify/reports/<report_id>/badge.svg
3) Verify the report behind the badge (agents)
Agents should follow the badge link, then verify integrity and freshness before paying. These are point-in-time checks.
| Report JSON | GET /api/verify/reports/<report_id> |
|---|---|
| Integrity | GET /api/verify/reports/<report_id>/integrity (signature validity + well-known key) |
curl -s https://ontarioprotocol.com/api/verify/reports/<report_id>/integrity | jq
If your policy requires freshness, treat old reports as stale and re-run the verifier before payment.
Recommended human checklist
| 1 | Open the badge link and confirm it matches the expected target_url. |
|---|---|
| 2 | Scan warnings/recommendations and re-run verification after fixes. |
| 3 | Check verified_at (freshness) and signature integrity. |
| 4 | Use /api/agent/can-pay to enforce spend limits and fail-closed policy. |