Example Purchase Authorization Record (PAR)

Authorization Decision Summary

Customer authentication	VERIFIED
Authentication method	Passkey / WebAuthn / FIDO2
User presence	CONFIRMED
User verification	BIOMETRIC or DEVICE PIN
Authorization captured	BEFORE payment
Cryptographic proof	INCLUDED

Conclusion: This transaction includes a user-verified authorization event captured prior to payment authorization.

Customer Authorization Event

Customer approved transaction	YES
Authorization timestamp (UTC)	2026-01-14T22:57:09Z
Authentication method	Passkey / WebAuthn / FIDO2
User presence	CONFIRMED
User verification method	BIOMETRIC or DEVICE PIN
Device-bound credential used	YES
Challenge signed	YES

This event represents an explicit, user-verified approval of the purchase prior to payment processing.

Transaction Linkage

Merchant order ID	ORDER-1008
Session continuity / transaction window	Authorization valid for 10 minutes
Amount	117.00 USD
Currency	USD
Merchant ID	mrc_9c3a7f1

Payment processor transaction ID	pp_ref_8e12…4bd
Authorization code	Not available
ARN	Not available
Payment provider reference	pp_ref_8e12…4bd
Network authorization timestamp	Not available

Linkage statement: This authorization event is associated with the transaction referenced above based on order context, merchant reference, and event timing alignment.

Customer Authentication Proof

Authorization status	Authorized by buyer
User verification performed	YES
Authentication method	Passkey / WebAuthn / FIDO2
User presence	CONFIRMED
User verification	BIOMETRIC or DEVICE PIN
Credential bound to device	YES
Challenge signed	YES
Credential exportable	Not available

Transaction Authorization Timeline

1. Checkout initiated	Unavailable
2. Authorization challenge presented	Unavailable
3. Customer completed secure authentication	2026-01-14T22:57:09Z
4. Cryptographic approval recorded	2026-01-14T22:58:41Z
5. Payment authorization request	Unavailable
6. Payment authorization response	Unavailable

Authorization was captured prior to or in preparation for payment authorization.

Device Authentication Context

Device-bound credential used	YES
Secure hardware-backed key present	Not available
Device fingerprint hash	Not available in this example
Platform class	Not available
Risk signal summary	Not available

Transaction Reference Details

Merchant order ID	ORDER-1008
Amount	117.00 USD
Currency	USD
Merchant ID	mrc_9c3a7f1
Payment provider reference	pp_ref_8e12…4bd
Session continuity / transaction window	Authorization valid for 10 minutes

Scope / Notes

Scope statement	This record documents a user-verified authorization event captured prior to payment authorization.
Non-scope statement	It does not prove delivery, product quality, refunds, or card-network liability outcomes.

Interpretation Guidance

• The customer was present during authentication.
• The customer completed a secure authentication step.
• The authorization event was captured prior to or in preparation for payment authorization.
• The record includes cryptographic integrity data for verification.

Cryptographic Integrity Evidence

Record hash	15c2cb0f4a35a31706671c6d56bbbfbe5fce8d0d84166f605ef810b60e6181e
Record authenticator / HMAC	ed25519:5f77b8d6a9c9c4f2c1a0b8d9e3b2c4d1a0f9c8e7d6b5a4c3b2a1908f7e6d5c4b
Canonical format	JSON with sorted keys and compact separators
Verification endpoint URL	https://onfinga.net/verify/par_3f2c9e1a7b0d4a8b/verification.json

Chain of Trust

1	Buyer device created a cryptographic approval event.
2	Event was transmitted to Onfinga for validation.
3	Onfinga recorded the event in a tamper-evident evidence record.
4	This PAR is generated from that recorded event and linked verification data.

Verification Path

Verification link	https://onfinga.net/verify/par_3f2c9e1a7b0d4a8b
Verification endpoint URL	https://onfinga.net/verify/par_3f2c9e1a7b0d4a8b/verification.json
Verification steps	Match record hash, confirm record authenticator, then review timestamps and transaction context.