Building the Authorization Layer for the Agentic Economy
AI agents will transact trillions. The infrastructure to authorize, govern, and bridge those payments doesn't exist yet. We're building it — open-source, from the ground up.
Why We Started OpenCard
The agentic economy is arriving faster than the infrastructure to support it. AI agents can research, reason, and act — but the moment they need to spend money, everything breaks. There's no unified authorization standard. No governance layer. No protocol bridge. Every agent-to-merchant and agent-to-agent payment requires bespoke integration work.
We saw this problem firsthand while building agent workflows for enterprise procurement, SaaS provisioning, and multi-agent orchestration. The protocols existed in fragments — AP2, MPP, x402, Visa IC, Mastercard Agent Pay — but nothing connected them. Nothing provided the mandate lifecycle, W3C Verifiable Credentials, or governance controls that enterprises and regulators require.
OpenCard was born to fill that gap. A single authorization layer that works across every protocol, with built-in governance, compliance, and auditability.
From day one, the decision to open-source the SDK core was non-negotiable. Authorization infrastructure that enterprises and regulators depend on must be independently auditable. The authorization layer of the agentic economy cannot be a black box.
What We Believe
Transparency First
We build in the open. Every architectural decision, every protocol integration, every security audit — visible to the community. No black boxes.
Compliance by Design
Regulatory alignment isn't an afterthought. FCA, CMA, PSD2 — compliance is embedded into the authorization layer from the ground up.
Developer Obsession
10-minute onboarding. TypeScript and Python SDKs. Framework integrations for every major agent toolkit. If it's hard to use, we haven't shipped it yet.
Open Source as Infrastructure Philosophy
The mandate signing engine, VC issuance, and protocol bridge adaptors are MIT-licensed and publicly auditable. This isn't a GTM tactic — it's an architectural conviction. The authorization standard for the agentic economy should be inspectable, forkable, and community-contributed. Enterprise governance, compliance reporting, and managed infrastructure sit on top. The foundation is open.
Speed Without Compromise
Mandate authorization in milliseconds. Real-time bridging across protocols. Enterprise-grade performance with startup-grade agility.
Protocol Agnostic
AP2, MPP, ACP, x402, Visa IC, Mastercard Agent Pay — we bridge them all. When a new protocol launches, the community can contribute adaptors before we ship them officially.
Open-Source Is Not a Discount. It's the Trust Model.
Authorization infrastructure that enterprises and regulators depend on must be independently auditable. The mandate signing engine, VC issuance, and protocol bridge adaptors are MIT-licensed and publicly auditable. Enterprise governance, compliance reporting, and managed infrastructure sit on top. The foundation is open.
MIT Licensed
Use the SDK in any project — commercial or personal. Fork it, modify it, ship it. No strings attached.
Community Contributions
Protocol bridge adaptors, framework integrations, and security audits — all contributed by the community. PRs welcome.
Self-Hostable
Run the entire authorization layer in your own infrastructure. No data leaves your environment. Upgrade to cloud when you need managed governance.
Join Us in Building the Authorization Layer for the Agentic Economy
Star the repo. Read the docs. Join the community.