Docs

One request decides whether an agent checks out.

Agent Gateway is a decision service. Your store sends what an AI agent presented at checkout, and the API answers allow deny or review, with a granular reason for every signal it checked. It never moves money: your plugin enforces the decision, the gateway only judges it.

The decision model

Every verification runs up to three independent layers, and the response tells you exactly which ones passed:

A decision is allow only when every required layer passes. A required layer that fails, or a presented layer that fails even when optional, produces deny. Genuine uncertainty (a key directory you cannot reach, an ACP step-up) produces review in standard mode. The set of required layers and how uncertainty resolves are both set by your policy mode.

Base URL and authentication

The production service is live at:

https://verify.mandategate.com

Every call to /v1/verify is authenticated with a merchant API key as a bearer token. Each key is bound to one merchant_id and can only verify for that merchant. Keys are issued per merchant; during early access we provision them directly, so request access to get one. Health and scan endpoints are public.

# confirm the service is up (no auth)
curl https://verify.mandategate.com/healthz
# → {"status":"ok","version":"0.1.0"}

Quickstart

  1. Get a merchant key

    Request early access. We issue an mg_live_… key bound to your merchant_id. Treat it as a secret; it lives server-side in your store, never in the browser.

  2. Install the enforcement layer

    For WooCommerce, install the plugin and point it at https://verify.mandategate.com with your key. It calls the API only when an agent is present, so human checkout is never touched. See the WooCommerce integration guide.

  3. Verify a checkout

    The plugin sends a POST /v1/verify with the agent's signature headers, the cart your server built, and your policy. You get a decision plus reason codes. The full request and response shape is in the API reference.

  4. Start in monitor mode, then enforce

    Run in monitor mode first: it logs every decision and denies nothing, so rollout carries zero risk to sales. When you trust what you see, promote to standard. See policy modes.

Reference

Verification API

Endpoints, authentication, the full request and response schema, status codes, and a complete worked example of POST /v1/verify.

Read the reference → Reference

Reason codes

The complete taxonomy of every signal the gateway emits, grouped by layer, with what each one means and whether it allows or denies.

Read the reference → Guide

Policy modes and rollout

Monitor, standard, and strict, plus required layers, trusted-agent lists, and clock skew. How to deploy with zero regression and enforce later.

Read the guide → Guide

WooCommerce integration

Install the plugin, issue a key, configure the settings, sign your checkout terms for standard mode, and read the verification log.

Read the guide →

Build against it

Request a merchant key to start verifying agent checkouts, or run a read-only scan to see what an agent can already reach on your store today.

Get early access Scan your store