Authorization for x402 Signing Keys
Implement the x402 Signed Offer and Receipt extension with verified signing keys and portable reputation.
x402 receipts and key authorization
Verified receipts enable trustworthy reviews
x402 receipts prove a service transaction. Reviews without receipts can be filtered out.
The 3 levels of key authorization
Each level addresses a specific failure mode. Start with Level 1 and add layers as your security requirements grow.
Your domain proves your keys
Create a DNS TXT record or host a DID document at your domain listing your authorized signing keys. Any receipt signed by an unlisted key fails authorization, even if the signature is valid.
Prevents unrelated signers from claiming a service identity. Gives verifiers a live ownership check.
Durable key authorization
A Controller Witness creates a historical authorization record on the blockchain. Verification continues even when your own endpoint is unavailable or you rotate your keys.
Receipts remain verifiable during CDN outages or DNS issues. Past signatures are still valid even when the key is not listed anymore.
Revoke a compromised key instantly
Enterprise key bindings let you broadcast key purpose and revocation for the ultimate in authorization.
Supports regulated environments, security policy enforcement, and key lifecycle management.
A more trustworthy x402 ecosystem
Receipts become attestations
Reviews, disputes, and audits can reference portable proof of service interaction.
Keys bind to service identity
Receipts resolve through DNS/DID, witnesses, and key lifecycle controls.
Agents inherit better signals
Machine clients can evaluate reputation without trusting raw wallet volume.
Built by OMA3
Authors of the x402 Signed Offer and Receipt extension.
Associate Member of the x402 Foundation.
Authorization is just the beginning
OMATrust lets you respond to reviews, publish security audits, demonstrate compliance, and build your service reputation.