Skip to main content

Verifiable Intent (VI) Credential

The Verifiable Intent (VI) Credential endpoint provides a compatibility layer that maps Mandaitor's Proof-of-Mandate SD-JWT VCs to the Mastercard/Google Verifiable Intent three-layer chain format. This enables Mandaitor credentials to be verified by any VI-compliant payment processor or commerce platform.

Background

The Verifiable Intent specification, developed by Mastercard and Google, defines a three-layer credential chain for autonomous agent commerce:

LayerPurposeMandaitor Mapping
L1 — Principal CredentialProves the identity of the delegating humanMandate principal identity
L2 — Autonomous CredentialProves the agent is authorized to actMandate scope + constraints
L3 — Transaction CredentialProves intent for a specific transactionGenerated per-request

Mandaitor's existing mandate and PoM architecture maps naturally to this model. The VI Credential endpoint generates the L1 + L2 chain from an active mandate, enabling downstream verifiers to validate the agent's authority using the VI specification.

Issuing a VI Credential Chain

To issue a VI credential chain from an existing mandate:

const viChain = await client.post(`/mandates/${mandateId}/vi-credential`, {
audience: "https://merchant.example.com",
nonce: "unique-transaction-nonce",
agent_public_key: {
kty: "EC",
crv: "P-256",
x: "...",
y: "...",
},
principal_public_key: {
kty: "EC",
crv: "P-256",
x: "...",
y: "...",
},
principal_key_id: "key-2026-q2",
});

The response contains the full credential chain:

{
"credential_chain": {
"l1_principal": "eyJ...",
"l2_autonomous": "eyJ...",
"metadata": {
"mode": "AUTONOMOUS",
"mandate_id": "mdt_abc123",
"expires_at": "2026-06-01T00:00:00Z",
"scope_summary": "construction.validation.*"
}
},
"format": "vi-sd-jwt",
"spec_version": "1.0"
}

Requirements

The following conditions must be met for VI credential issuance:

  1. The mandate must be in ACTIVE status.
  2. The caller must be the tenant owner.
  3. Both the agent and principal public keys must be provided.
  4. An audience (the relying party URL) must be specified.

Use Cases

The VI Credential is primarily designed for agentic commerce scenarios where an AI agent needs to prove its authorization to a merchant or payment processor:

  • An AI purchasing agent presenting credentials to an e-commerce platform.
  • A procurement agent authorizing payments through a VI-compliant payment gateway.
  • Cross-platform agent interactions where the receiving party uses VI verification.

Audit Trail

Every VI credential issuance is recorded in the mandate's audit trail with the event type VERIFICATION_ALLOWED and sub-type VI_CREDENTIAL_ISSUED, including the audience and expiration timestamp.

caution

The Verifiable Intent Credential endpoint is currently in Preview. The VI specification itself is still being finalized by Mastercard and Google, and the credential format may change to maintain compatibility with the evolving standard.