Verifiable Intent (VI) Credential
The Verifiable Intent (VI) Credential endpoint provides a compatibility layer that maps Mandaitor's Proof-of-Mandate SD-JWT VCs to the Mastercard/Google Verifiable Intent three-layer chain format. This enables Mandaitor credentials to be verified by any VI-compliant payment processor or commerce platform.
Background
The Verifiable Intent specification, developed by Mastercard and Google, defines a three-layer credential chain for autonomous agent commerce:
| Layer | Purpose | Mandaitor Mapping |
|---|---|---|
| L1 — Principal Credential | Proves the identity of the delegating human | Mandate principal identity |
| L2 — Autonomous Credential | Proves the agent is authorized to act | Mandate scope + constraints |
| L3 — Transaction Credential | Proves intent for a specific transaction | Generated per-request |
Mandaitor's existing mandate and PoM architecture maps naturally to this model. The VI Credential endpoint generates the L1 + L2 chain from an active mandate, enabling downstream verifiers to validate the agent's authority using the VI specification.
Issuing a VI Credential Chain
To issue a VI credential chain from an existing mandate:
const viChain = await client.post(`/mandates/${mandateId}/vi-credential`, {
audience: "https://merchant.example.com",
nonce: "unique-transaction-nonce",
agent_public_key: {
kty: "EC",
crv: "P-256",
x: "...",
y: "...",
},
principal_public_key: {
kty: "EC",
crv: "P-256",
x: "...",
y: "...",
},
principal_key_id: "key-2026-q2",
});
The response contains the full credential chain:
{
"credential_chain": {
"l1_principal": "eyJ...",
"l2_autonomous": "eyJ...",
"metadata": {
"mode": "AUTONOMOUS",
"mandate_id": "mdt_abc123",
"expires_at": "2026-06-01T00:00:00Z",
"scope_summary": "construction.validation.*"
}
},
"format": "vi-sd-jwt",
"spec_version": "1.0"
}
Requirements
The following conditions must be met for VI credential issuance:
- The mandate must be in
ACTIVEstatus. - The caller must be the tenant owner.
- Both the agent and principal public keys must be provided.
- An audience (the relying party URL) must be specified.
Use Cases
The VI Credential is primarily designed for agentic commerce scenarios where an AI agent needs to prove its authorization to a merchant or payment processor:
- An AI purchasing agent presenting credentials to an e-commerce platform.
- A procurement agent authorizing payments through a VI-compliant payment gateway.
- Cross-platform agent interactions where the receiving party uses VI verification.
Audit Trail
Every VI credential issuance is recorded in the mandate's audit trail with the event type VERIFICATION_ALLOWED and sub-type VI_CREDENTIAL_ISSUED, including the audience and expiration timestamp.
The Verifiable Intent Credential endpoint is currently in Preview. The VI specification itself is still being finalized by Mastercard and Google, and the credential format may change to maintain compatibility with the evolving standard.