mpps.io

Proof of delivery for the Machine Payments Protocol.

MPP receipts prove money moved. mpps.io proves what was delivered.

Free. MPP-native. Open source.

Try it — free GitHub Genesis Certificate #1 →
The Problem

Your agent pays $200 via MPP for API data. The vendor says they delivered. Your agent says the data was wrong. Who's right?

MPP receipts prove money moved. They don't prove what was delivered, what was promised, or what decision led to the payment.

Without a neutral third party, it's your agent's word against theirs. Every MPP transaction. Every time.

Built for MPP

The missing half of every MPP transaction.

Agent ──MPP──▶ Service    (pays $5 for data)
  │                │
  │          MPP Receipt     → "$5 paid"           ✓
  │                │
  └──mpps.io──┘
         Attestation      → "sha256:abc delivered" ✓
                           → Complete evidence chain

Every service on mpp.dev/services — Anthropic, Exa, fal.ai, OpenRouter — delivers something after payment. mpps.io lets both parties prove exactly what was exchanged.

What mpps.io Does

One API call. One immutable proof.

After any MPP transaction, your agent hashes the delivered content, sends the hash to mpps.io, and gets back a signed receipt — timestamped, stored for 10 years, independently verifiable.

We never see your data. Only its fingerprint. If mpps.io shuts down tomorrow, your attestations remain valid — the verifier is open-source, the public key is published, your evidence outlives us.

How It Works
Hash
Your agent computes SHA-256 of any content locally. Raw data never leaves the agent.
Attest
Hash is sent to mpps.io. Signed by hardware security module, timestamped, locked in immutable storage.
Verify
Anyone can verify the attestation independently — via API, on the web, or fully offline. No account needed.
Three Principles
don't look

We receive SHA-256 hashes, never original data. Your business logic, your content, your secrets — they stay on your servers. By design.

don't judge

We don't evaluate, interpret, or validate your content. An attestation proves a submission existed at a point in time. That's all.

don't delete

Attestations are stored in AWS S3 Object Lock (Compliance Mode). They cannot be modified or deleted — not by us, not by anyone — for 10 years.

Under the Hood

Five-layer trust chain

Identity Derived agent IDs via Argon2 hashing. Pseudonymous, consistent, unlinkable to real-world identity.
Timestamp Server-side ISO 8601 timestamps via AWS Time Sync. Monotonic ordering within the attestation log.
Signature RSA-PSS SHA-256 via AWS KMS HSM. FIPS 140-2 Level 3 certified. Private keys never leave hardware.
Storage AWS S3 Object Lock in Compliance Mode. Write-once, read-many. 10-year retention. Tamper-proof.
Verification Open-source verifier. Works offline. No account, no credentials, no trust required. Your evidence outlives us.
Try It

Three lines. That's it.

The API is live. No registration. No API key. No SDK required.

# Hash your content, attest it, done.
curl -X POST https://mpps.io/v1/notarize \
  -H "Content-Type: application/json" \
  -d '{"content_hash":"sha256:YOUR_HASH_HERE"}'

Or in Python:

import hashlib, requests

data = b"your important data here"
h = "sha256:" + hashlib.sha256(data).hexdigest()

r = requests.post("https://mpps.io/v1/notarize", json={"content_hash": h})
print(r.json()["uuid"])  # done. HSM-signed. 10 years. immutable.
MPP Native

Standard 402 payment flow. Works with any MPP client.

mpps.io implements the Machine Payments Protocol natively. Certified attestations ($0.01) use the standard HTTP 402 challenge-credential-receipt flow. Any agent with a Tempo wallet or Stripe integration can pay.

# Agent requests certified attestation → gets 402
POST /v1/certify402 Payment Required
                     WWW-Authenticate: Payment realm="mpps.io" amount="0.01"

# Agent pays via MPP (Stripe card or Tempo USDC) → retries
POST /v1/certify  +  Authorization: Payment <credential>200 + certified receipt + Payment-Receipt header

Service discovery via mpps.io/llms.txt — agents find us automatically.

Use Cases

After every MPP transaction, there's something to prove.

1

After paying via MPP — prove what was delivered

Your agent paid $50 via MPP for data. The vendor attests the delivered content hash with mpps.io. Now you have two receipts: the MPP receipt proves money moved, the mpps.io attestation proves what was sent.

MPP pays → vendor delivers → vendor attests hash → buyer verifies
2

After receiving via MPP — prove what arrived

Your agent received data from an MPP service. Hash it. Attest it. Now you have an immutable delivery receipt — proof of exactly what arrived, independent of what the vendor claims.

MPP pays → data arrives → buyer attests received hash → independent proof
3

Before spending via MPP — prove the decision chain

Your agent is about to spend $500 via MPP. Attest the input data, the analysis, the action. When your boss asks "why did you spend that?", every step has independent, timestamped proof.

Attest input → attest decision → MPP pays → attest result → full audit trail
4

Before installing — prove the code is clean

You publish a skill or API on the MPP ecosystem. Hash your release, attest it. Users verify the hash before running. If the hash doesn't match, the code was tampered with.

Author attests release hash → publishes UUID → users verify before install
Genesis Certificate

"On March 20, 2026, two days after agents learned to pay, they learned to remember."

mpps_att_d530a57c095a4d66
View Certificate →

"Trust the math, not the notary."

Pricing
Free
$0 / forever
  • 10 attestations per hour
  • 10 certified attestations per day
  • HSM-signed (FIPS 140-2 Level 3)
  • Immutably stored for 10 years
  • No registration required
Certified via MPP
$0.01 / attestation
  • Unlimited certified attestations
  • Rich metadata support
  • Human-readable certificates
  • Attestation chains (parent_uuid)
  • Pay via MPP — card or USDC on Tempo
Integration

Works with every MPP client.

Any agent with a Tempo wallet, mppx, or Stripe integration can use mpps.io. No signup. No API keys. Just HTTP.