Register your service in the Skyfire developer portal and obtain an API key; configure the token verification public keys from the Skyfire JWKS endpoint
At your API entry point, inspect the incoming Authorization or X-KYAPay-Token header for a KYAPay JWT signed by the buyer agent's authorization server
Decode the JWT and validate signature, expiry, audience, and scopes against Skyfire's JWKS; reject with HTTP 401 if invalid or expired
Extract the KYA identity claims (agent DID, principal, trust level) and the embedded payment credential; confirm the payment amount and currency match the requested resource price
If valid, fulfill the request and return the resource along with an X-KYAPay-Receipt header containing a signed confirmation JWT for the buyer's audit trail
Log the transaction with the KYAPay token fingerprint, timestamp, and settlement reference for reconciliation
Known gotchas
KYAPay JWTs have short expiry windows designed for agent use; do not cache them — re-validate on every request even within a single session
The KYA trust level in the token claim is set by the issuing authorization server, not the agent itself; a low trust level should trigger additional friction or rejection even if the signature is valid
Skyfire settles in USDC; ensure your payout account is configured to receive USDC before enabling the endpoint in production or transactions will succeed on-chain but not reach your account
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp