Merchant/API Direction
Payment is the trigger. Trust is the product.
SafeGate is moving from controlled pilot evidence toward merchant integration architecture.
Boundary: this is public architecture direction only. No live production API keys, no unrestricted merchant API, and no backend payment logic changes are included in v5.0.
View JSON Hackathon Pack Invoice Lite GitHub DocsMerchant Problem
Merchants need more than “payment completed.” They need payment verification, receipt proof, access unlock state, merchant evidence, invoice status, and safe integration boundaries.
SafeGate Merchant Value
Payment TrustVerified payment-triggered trust event.
Receipt ProofReceipt proof status after finalized payment.
Access UnlockAccess state tied to verified payment.
Merchant EvidenceMerchant-side evidence records.
Invoice DirectionInvoice-ready commerce workflow.
API DirectionControlled future integration model.
Future API Direction
| Method | Path | Purpose | Status |
|---|---|---|---|
| GET | /api/receipt/{receiptId} | Verify receipt proof status | Future direction only |
| GET | /api/invoice/{invoiceId} | Check invoice status | Future direction only |
| GET | /api/merchant/{merchantId}/records | Read merchant evidence records | Future direction only |
| POST | /api/payment/verify | Verify payment binding before trust event | Future direction only |
| POST | /api/merchant/intake | Create controlled merchant onboarding/intake record | Future direction only |
Target Merchant Flow
Merchant creates invoice / order → Buyer pays with Pi → SafeGate verifies finalized payment → Receipt proof is created → Access is unlocked → Merchant record is created → Merchant can verify status through future controlled API
API Security Principles
1. API keys must never be public. 2. Merchant-level rate limiting is required. 3. Receipt IDs and invoice IDs must not expose private records. 4. Payment verification must fail secure on ambiguity. 5. Wrong amount must not unlock access. 6. Wrong recipient must not unlock access. 7. Wrong invoice/product/access target must not unlock access. 8. Expired invoice must not unlock access. 9. Duplicate payment must not unlock access twice. 10. Pending, failed, canceled, timeout, ambiguous, or 502 responses must not unlock access. 11. Production API requires security review before public use.
Evidence Base
5-Tester Pilot Evidence Dashboard
Security Hardening Implementation Check
Safe Public Claim
SafeGate has defined a public Merchant/API architecture direction after proving a controlled Pi Testnet payment → receipt proof → access unlock → merchant record flow.
Claims To Avoid
Do not claim: - SafeGate production API is live - Public API keys are available - Merchant API is unrestricted - Invoice payment binding is production-ready - SafeGate is fully audited - Pi mainnet settlement is proven
Next Step
v5.0.1 Merchant/API Security Checklist.