Free During Beta: Receipt issuance, policy engine, provider verification, and public receipt verification are all free. No wallet required. No deposit needed.
Cryptographic consent receipts + programmable guardrails + provider verification for AI agents. Your agent proves what it agreed to. Your policy controls what it's allowed to do. The API provider can verify both.
{
"agent_id": "agent-gpt4-0x7a...",
"action_type": "data_access",
"terms_url": "https://api.co/tos",
"action_context": {
"endpoint": "/v1/charges",
"method": "POST"
}
}Four steps. Deterministic. Verifiable. Both sides trust the proof.
Agent payload is sorted, null-stripped, and serialized into deterministic canonical JSON per ORS v0.1 canonicalization.
SHA-256 hash computed, then signed with domain separated Ed25519 per ORS v0.1. The signature is bound to the exact payload.
Anyone can verify the receipt using the ORS verification algorithm and public keys. The signed receipt is stored in the ledger.
API provider checks the receipt before serving the request. One GET call, public endpoint, no auth. Both sides trust the proof.
Agents can be talkative; we ensure they aren't leaky. Openterms automatically scans and rejects receipts containing emails or SSNs, preventing sensitive data from being etched into your permanent transaction logs.
[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\d{3}-\d{2}-\d{4}Block receipts exceeding $0.05 USDC per transaction
{
"type": "max_amount_per_receipt",
"limit": 50000
}Set hard limits on what your agents can do. The policy engine supports 7 rule types with deterministic evaluation, deny short-circuit, and escalation paths.
When your agent logs its own actions, enforces its own rules, and keeps its own records — you have a claim. Not proof. Openterms is the independent witness.
You wrote the rules. You enforced them. You kept the logs. When something goes wrong, every answer to "who checked this?" is: you did.
You set the rules. A third party enforces them. The proof is cryptographic — Ed25519 signatures, independently verifiable, immutable. The math checks the work.
Every action gets a signed receipt. The agent works freely. You build a verified record of everything it did.
Query the audit trail. See every action type, terms URL, amount. Notice patterns.
Now you know what the agent actually does, not what you think it does.
The /v1/policy/simulate endpoint tests rules against hypothetical payloads without blocking anything.
Policies are versioned. Review the deny log. Relax rules that block legitimate actions. Tighten rules that let bad ones through.
"It's the difference between 'I followed the speed limit' and having a dashcam with a GPS timestamp. Both might be true. Only one is evidence."
Three problems. Three policy configs. Zero ambiguity.
For solo developers and indie hackers running agents against paid APIs
You give your agent access to a paid API and it enters a loop. With Openterms, you set a spending cap. When the agent hits it, the next receipt returns POLICY_DENIED. The agent stops. Your credit card doesn't.
{
"rules": [
{ "type": "daily_spend_cap", "limit": 5000000 },
{ "type": "max_amount_per_receipt", "limit": 500000 }
]
}Reasons: Daily spend cap exceeded (projected $5.12 > $5.00 cap)
Do NOT proceed with this action. Notify the user.
For regulated industries — finance, healthcare, defense, legal
Your compliance team needs to know what the agent did and whether it was authorized. Openterms gives you guardrails that enforce before the action, cryptographic proof that can't be edited after the fact, and an audit trail your compliance team can actually query.
{
"rules": [
{ "type": "allowed_action_types", "values": ["data_access", "api_call"] },
{ "type": "blocked_action_types", "values": ["purchase"] },
{ "type": "required_terms_url_prefix", "prefix": "https://yourcompany.com/" },
{ "type": "escalate_above_amount", "threshold": 1000000 }
]
}GET /v1/policy/decisions?decision=denyFor teams adopting agentic AI with graduated autonomy
Under $5 per action? The agent handles it automatically. Over $5? It pauses and asks you. Over $100/day total? Hard stop. Your team gets the speed of automation for routine tasks and human judgment for the decisions that matter.
{
"rules": [
{ "type": "escalate_above_amount", "threshold": 500000 },
{ "type": "daily_spend_cap", "limit": 10000000 },
{ "type": "allowed_action_types", "values": ["purchase", "api_call"] }
]
}Reasons: Amount $8.50 exceeds escalation threshold of $5.00
Do NOT proceed. Ask the user to approve this action.
Your agent carries proof. The provider checks it. Both sides trust the math, not each other.
When your agent calls issue_receipt, the response includes:
The agent forwards these headers in its API call.
The provider's middleware calls one public endpoint:
No API key needed. Returns receipt data with cryptographic verification. Valid → serve. Invalid → reject.
The agent has a signed receipt proving consent. The provider has verification proving the agent agreed.
Both backed by Ed25519 signatures and ORS standard JWKS distribution at /.well-known/jwks.json.
# Provider middleware — 5 lines
receipt_hash = request.headers.get("X-Openterms-Receipt")
if not receipt_hash:
return {"error": "Consent receipt required"}, 403
result = requests.get(f"https://openterms.com/v1/receipts/verify/{receipt_hash}")
if not result.json().get("valid"):
return {"error": "Invalid consent receipt"}, 403
# Receipt verified — serve the requestOne POST request. You get an API key, a webhook URL, and a dashboard. Domain verification via .well-known — same pattern as SSL certificates.
POST /v1/providers
{ "name": "Your API", "terms_url_prefix": "https://yourapi.com/terms/", "contact_email": "[email protected]" }Production-ready API. Try it now.
curl -X POST https://openterms.com/v1/receipts \
-H "Authorization: Bearer openterms_sk_..." \
-H "Content-Type: application/json" \
-H "Idempotency-Key: unique-req-001" \
-d '{
"agent_id": "agent-gpt4-0x7a3b...",
"action_type": "data_access",
"terms_url": "https://api.example.com/tos/v2",
"action_context": {
"endpoint": "/v1/charges",
"method": "POST",
"scope": "read:transactions"
}
}'# Anyone can verify a receipt by its hash
curl https://openterms.com/v1/receipts/verify/a1b2c3d4e5f6...
{
"valid": true,
"receipt_id": "rcpt_abc123",
"agent_id": "my-agent",
"action_type": "api_call",
"terms_url": "https://api.example.com/tos/v2",
"verification": {
"hash_matches": true,
"signature_valid": true,
"key_id": "key_2026_02"
}
}Paste a canonical hash or full receipt JSON to verify its cryptographic integrity in real-time.
Openterms implements the Open Receipt Specification (ORS), a portable format for cryptographic agent policy acknowledgement receipts. ORS is published as a standalone standard so anyone can build compatible implementations.
ORSv0.1\x00 prefix)ORS-Receipt, ORS-Verify)ORS is a data format and a verification algorithm. It is not a network protocol, not a policy engine, and not a billing system. Any team can write a conforming implementation and interoperate with Openterms or any other ORS issuer.
The spec includes a reference verifier (verify.py), 9 example receipts, and 12 canonicalization test vectors. Implementations that pass all vectors are guaranteed to produce identical bytes for identical payloads.
Receipt issuance, policy engine, provider verification, and public receipt verification are all free. No wallet required. No deposit needed.
Everything is free during beta. We'll announce pricing changes well in advance. Current users will be grandfathered.