Vyana for merchants
Sign in Join the waitlist
For merchants · ASP-native

Accept account signups — and soon payments — initiated by AI agents. Each one arrives carrying a signed, bounded, revocable consent mandate, already verified through a seven-layer chain. A new customer channel, with no cards on file and receipts that hold up in a dispute.

Join the waitlist Onboard a merchant →
AP2 · ready
Reach AP2 agents too. Vyana translates at the boundary — your existing APP integration also accepts payments from Google's 60-partner agent ecosystem. No new merchant API.
How it works →

A new customer channel

Agents create real, ready-to-use accounts at your service on a user's behalf — demand you can't capture today, arriving through a standard protocol.

No stored-card fraud

No shared passwords, no cards on file, no scraped credentials. Every signup carries cryptographic proof that the user authorized this agent.

Fewer disputes, by design

Signed creation and ownership receipts (ACR / AOC) prove exactly who authorized what — an audit trail that settles chargebacks before they start.

Less to defend

Every signup arrives pre-verified.

By the time a request reaches your endpoint, Vyana has already checked the user's signed consent, the scope, the caps, the velocity, and replay. You verify one signed token and create the account — bounded customers, no guesswork, no fraud heuristics to maintain.

You never touch a card or a password. Authority is always signed, and nothing an agent does exceeds what the user authorized.

Where you fit · today → next

Dev tools are the wedge. The agent economy is the market.

Agents already live inside coding environments, so developer tools are where signup volume is real today. The same consent rails extend to any business an agent transacts with on a user's behalf.

live · today

Developer tools & SaaS

Databases, hosting, APIs, observability, billing — high-frequency provisioning agents do constantly. Two reference merchants run live: Nimbus DB and Lumen Stock.

Databases Hosting / infra AI & APIs Observability
How it works

The agent asks. Vyana verifies and signs. You create the account.

Vyana sits in front of your endpoint and never lets a request through until it clears the chain. You receive a verified, short-lived token — verify it, create the account, and hand back receipts both sides can prove.

The agent
Signed request
Sends a user-authorized signup mandate, signed with the paired key.
Vyana broker · IdP
Verify & sign
Runs the 7-layer chain, mints a short-lived signed token (SIT).
Your service · ASP
Create & attest
Verify one token, create the account, return a signed ACR + AOC.
How you integrate · pick a strategy
strongest · native-asp

Go ASP-native

Implement the ASP endpoint and verify SITs directly. You get the full guarantees — signed tokens in, signed ACR + AOC out, no scraping or automation.

verify SIT issue ACR / AOC webhook or REST
Security first

Designed so an agent can never exceed what a human signed for.

Every signup runs the same seven-layer chain, in fixed order — any one layer can stop the request, and each appends a provenance event, so the whole decision is auditable end to end before it ever reaches you.

1
Sequential gatesThe request cannot jump ahead; each layer must clear before the next one runs.
2
Fail-closed by designSignature mismatch, expired mandate, over-cap amount, bad scope, or replay stops the flow.
3
Audit trail as outputEvery pass or stop appends provenance, so the decision is explainable after the fact.
one failed gate stops the request
01signaturePaired device proves who initiated it.
02mandateConsent is active, scoped, and revocable.
03scopeMerchant, action, and category are allowed.
04amountSpend fits per-action and aggregate caps.
05intentCart and merchant match the user request.
06velocityAbnormal bursts or patterns stop here.
07replayNonce is reserved once and cannot be reused.

Signed authority, end to end

Every request is EdDSA-signed over a canonical form. Tamper with a single field and the signature breaks — you only ever act on verified intent.

AES-256-GCM credential vault

Per-user envelope encryption. Agents receive scoped capabilities, never raw long-lived secrets — and credentials never sit on a card-on-file.

Hash-chained provenance

Each verify layer appends an event to a tamper-evident chain. Every signup and decision is reconstructable for audit, compliance, and disputes.

Replay & velocity guards

Nonce-bound, short-lived tokens defeat replay; per-txn, daily, and monthly caps bound how fast and how much an agent can ever do.

Revocable consent

The user's mandate is scoped, expiring, and revocable. Revoke it and in-flight and future requests stop clearing the chain — no orphaned access.

AOC user safety net

The Ownership Certificate lets the user claim their account directly at your service — even if the broker disappears. Trust without lock-in.

You stay in control

Your service, your rules — Vyana just proves the request.

Choose your integration

Go ASP-native for the strongest guarantees, or join through a ToS-compliant fallback strategy — on your timeline, no rip-and-replace.

Accept or reject

You verify the signed token and decide. Reject anything unsigned, out-of-scope, expired, or over-cap — the broker never forces a write.

Review queue

Hold higher-risk signups for manual approval in the merchant admin portal before any account is created.

Revocation-aware

Consent is revocable upstream. A revoked mandate stops clearing the chain, so it can never create or keep an account at your service.

Billing modes

Broker-billed provisioning today; merchant-billing and route-split settlement are on the APP roadmap — you pick how money moves.

You own the customer

The account is yours and the user's. ACR/AOC make ownership explicit, so there's no broker lock-in over your relationship.

From your endpoint

Verify one token. Create the account. Attest.

No fraud model to run, no card to store. Verify the signed token Vyana hands you, create the account, and return the receipts — the SDK does the crypto.

Where it stands

Shipping today — and what’s next.

live For merchants today

  • Two reference merchants — Nimbus DB and Lumen Stock — running on ASP.
  • Merchant onboarding wizard + admin review queue.
  • Signed-token (SIT) verification and ACR / AOC issuance.
  • The seven-layer verify chain with full hash-chained provenance.
  • Broker-billed provisioning across connected services.

roadmap Coming next

  • More merchant categories beyond developer tools.
  • Payments (APP) — merchant-billing and route-split settlement.
  • KYC tiers that raise a user's consent ceilings.
  • Dispute protocol — refunds, chargebacks, and arbitration with audit trails.
Early access

List your service on Vyana.

We're onboarding merchants in waves. Tell us about your service and we'll reach out with an invite. Want to explore first? Onboard in the demo →