Proof of Payment
Artifact contents
What a PoP records: on-chain facts, match result, authorisation, compliance, and relay metadata.
A PoP is a JSON object with two layers: a signing envelope that carries key provenance and the signature, and a data payload that carries the proof itself. The signature covers the data payload only. The envelope fields and the signing algorithm are specified in Signing and key discovery; this page enumerates what data records.
Envelope
| Field | Meaning |
|---|---|
kid | Identifier of the key version that produced the signature. |
alg | Signing algorithm. Always ES256. |
iat | Unix timestamp (seconds) at which the artifact was generated. |
schema_version | The PoP schema version that defines the layout and meaning of data. |
signature | Signature over the canonical serialization of data. |
data — what is proven
| Group | Contents |
|---|---|
| Payment correlation | payment_intent_id, chain_id, token_id, and the deterministic deposit address the payment resolved to. |
| On-chain settlement facts | The payer's source address; the deposited amount; the deposit transaction hash; the settlement transaction hash; the settled amount; the destination the settlement moved value to; and the protocol fee collected on-chain. |
| Match result | The deterministic, binary match between the expected payment and the observed on-chain facts. A PoP records a matched case only. |
| Finality outcome | The canonical finality_outcome the case finalized to — paid or duplicate_payment (a PoP is not produced for other outcomes; see Generation scope). |
| Authorisation reference | A reference to the merchant authorisation that governed execution — the "authorised" link in the chain of authority. |
| Compliance record | The sanctions screening result; the geoblock result (nullable; absent when there is no checkout-session context); the merchant's transaction-level decision (approve or reject); and the timestamp of that decision. |
| Relay metadata | The submission transaction id of the relay that executed the merchant-signed authorisation, and the protocol fee collected on-chain. |
What a PoP does not contain
- It carries no secret material — it is safe to retain, forward, and republish.
- It does not embed Tekmerion-side lifecycle status. Status is a projection, not part of the proof; see Statuses and projections.
- It does not restate confirmation thresholds. Per-chain confirmation depths live in Supported chains and tokens; a verifier checks finality against the chain directly.