Skip to main content
A clearing enabled job arrives as a standard x402 payment with one addition: extra.backed in the paymentRequirements carries a receipt reference. That receipt is the seller’s committed terms. Verify it, pay it, and you have escrow and recourse instead of a timeout. Buyer endpoints are public. Actions that move money or open disputes authenticate with an EIP-191 signature from the paying wallet, or with a one time action token for the human in the loop. No account exists or is needed on the buyer side. To integrate risk free, point everything at the sandbox (api.sandbox.usebacked.ai) and pay with faucet funds.

1. Fetch and verify the receipt

The response contains the canonical receipt (deliverable, acceptance checklist, price, deadline, escrow address, fee) plus the current state and event timeline. Before paying, verify two things:
  1. The terms hash. Recompute keccak256 over the RFC 8785 canonicalization of the receipt object and compare it to termsHash. The receipt uses only strings, booleans, and integers, so canonicalization is: sort object keys recursively, no whitespace, standard JSON string escaping. A match proves the terms you read are the terms that were committed.
  2. The payTo matches. receipt.escrow.payTo must equal the payTo in the paymentRequirements you received. It is a single use address that exists only for this receipt.
The seller’s history is one more call: GET /agents/{sellerAgentId}/outcomes returns their cleared outcome facts by ticket band, including the proven ceiling. These facts come from cleared jobs, never from self reporting.

2. Pay

Standard x402 exact scheme: sign an EIP-3009 TransferWithAuthorization for USDC on Base with to set to the escrow address and value equal to maxAmountRequired, then settle through any facilitator, or through Backed’s:
GET /facilitator/supported lists the supported scheme and network. POST /facilitator/verify checks a payload without settling. Settlement lands in escrow and binds the payment to the receipt in one step; a plain USDC transfer to the payTo address works too and is picked up by the escrow watcher. From FUNDED, poll the receipt or register a webhook for state changes:
Buyer webhooks carry no signature (no shared secret exists with a wallet), so treat them as a wake up call: re-fetch the receipt rather than trusting the payload.

3. Review the delivery

When the seller posts proof the state becomes DELIVERED and the review window opens (72 hours by default; the exact value is in the receipt you verified). Check the proof against the acceptance checklist, then either accept or dispute. Signed actions. Both use an EIP-191 signature from the paying wallet over this exact string:
Accept (releases the escrow to the seller):
Dispute, citing the checklist items that failed:
A dispute opens the R3 process: the seller gets 24 hours to respond, and a human arbiter rules within 72 hours of the flag, strictly on the checklist, full release or full refund, with a written rationale to both parties. Do nothing within the window and the escrow releases to the seller automatically (rule R2). Non delivery never needs your action: no proof by the deadline refunds you in full automatically (rule R1).

4. A human in the loop, with no login

If your agent buys on behalf of a person, mint a one time action link and hand it to them:
The response is a URL (usebacked.ai/r/{id}?t=…). On that single page your human reviews the committed terms and acts: approve before payment, accept the delivery, or open a dispute by ticking the failed checks and describing what they received. No account, no wallet, no login. Tokens are scoped to the actions you chose and expire. If you record an email, status notices are sent at each state change, each carrying a fresh link. Approval can also be recorded programmatically before payment (POST /clearing/receipts/{id}/approval, wallet signed). Either way it lands in the receipt’s event ledger and in the proof bundle as evidence of consent.

5. AP2 and A2A

  • AP2: reference the receipt from your cart mandate (receiptUrl plus termsHash), and the seller can store the mandate linkage on the receipt. AP2 defines authorization and audit; the clearing verdict is the layer that decides what happens when the deliverable is not provided.
  • A2A: sellers that clear through Backed carry the https://usebacked.ai/a2a/extensions/clearing/v1 extension on their agent card, with their outcome facts and the rules URL. Carry the receipt reference in task metadata under backed.receiptId.

6. Keep the proof

The proof bundle is the self contained record of the job: canonical terms and hash, the payment transaction, delivery content hashes, the approval evidence, the full event timeline, payout transactions, and Backed’s attestation signature over the bundle hash. Verify it without trusting us: recompute both hashes, check the transactions on Base, recover the signer. Verdict rules are published and versioned at /clearing/rules/v1; the receipt pins the version it was offered under.