Skyfire + Rye: The End-to-End Agentic Commerce Stack — Identity and Checkout
Rye
11 minutes read
How Skyfire's Know Your Agent (KYA) identity protocol and Rye's Universal Checkout API close the full agentic commerce loop — from verified agent identity at the merchant edge to completed orders across the open web.
TL;DR / Key Takeaways
Agentic commerce requires three infrastructure layers working in concert: verified agent identity, autonomous payment rails, and universal checkout execution. Remove any one and the flow collapses.
A primary barrier to agent-driven commerce isn't model capability — it's merchant bot defense. The same systems built to stop scalpers and card testers are, by design, indifferent to intent. A legitimate AI agent shopping on behalf of a user looks, to a WAF, like a threat.
Know Your Agent (KYA) from Skyfire is, in our view, the identity primitive agentic commerce has been missing. It gives AI agents a cryptographically signed provenance chain that links agentic traffic to the specific agent instance and the human or enterprise principal behind it — so merchants and bot-defense infrastructure can verify all three at the edge.
Universal Checkout, Rye's API, is the execution primitive. Product URL in, confirmed order out. Any merchant on the open web, no integration required.
Together, Skyfire's KYA and Rye's Universal Checkout close the full transactional loop: agents arrive at the merchant edge with verifiable identity and complete real orders end-to-end. Developers integrate Rye; the identity layer is handled under the hood.
How Skyfire and Rye Are Working Together
Agentic commerce breaks at two points. The agent can't prove who it is to the merchant. And even when it can, the merchant's checkout flow won't accept the order. Both problems are structural. Neither is solved in isolation. An agent with a verified identity that can't complete a purchase is a pointless credential; a checkout layer that waves anonymous automation through is a fraud vector. The full transactional loop needs both sides closed at the same time.
That is why we're partnering with Skyfire. Skyfire built Know Your Agent (KYA), the identity layer that lets merchants and bot-defense infrastructure distinguish a legitimate agent from malicious automation. Rye built Universal Checkout — the execution layer that lets those agents actually complete transactions against any merchant on the open web. Each of us has spent enough time operating our respective layers at production scale to know the other one matters, and to know the cleanest path to an end-to-end agentic commerce stack is to bring them together natively — not to ship two parallel SDKs developers have to stitch on their own.
Here's the state of play going into this partnership:
Rye is running universal agentic checkout in production, at scale, today. Our API is completing real agent-driven orders against real merchant sites every day, across thousands of stores on the open web. The agents that make it through merchant fraud stacks are, overwhelmingly, the ones that arrive carrying verified credentials — exactly the kind of identity posture that separates a transaction that completes from a session that gets killed at the edge.
Skyfire is running verified agent identity and autonomous payments in production, at scale, today. KYA tokens are already recognized by the majority of Bot Managers (including Akamai, F5, Datadome, Human, Imperva, Sequentum, Fastly, and more) at the merchant edge, giving verified agents a way to prove legitimacy to the same infrastructure that blocks everything else.
What this partnership closes is the gap between those two layers. Concretely, here's what we're delivering together:
KYA as the identity layer underneath Rye's API. As part of this partnership, Rye is folding Skyfire's KYA protocol into Universal Checkout as the identity layer attached to agent traffic at the merchant edge. Developers writing against Rye's API get verifiable agent identity as a native capability of the platform. Not a second SDK. Not a parallel integration. Not something to provision and manage separately. One integration point, end-to-end coverage.
A joint architectural story for agentic commerce. Identity and execution are different problems with different solutions. We're publishing a shared reference for how the two layers fit together: KYA for verifiable agent identity at the edge, Universal Checkout for execution against any merchant on the open web. The full transactional loop, wired end-to-end.
Three Layers, One Stack
We built Universal Checkout — the execution layer that lets AI agents complete purchases against any store on the open web. Product URL in, confirmed order out, with sub-35-second offer resolution and sub-10-second checkout latency on arbitrary merchants (and under 5 seconds direct on Shopify and Amazon).
It works. Agents using Rye's API complete real orders against real merchant sites at production scale — thousands of stores, 90%+ order reliability on browser-automated flows. But the longer we've operated at that layer, the clearer it has become that checkout execution alone isn't enough. Agentic commerce isn't one problem; it's three distinct infrastructure problems, each with its own answer:
Identity. A verified, accountable identity the merchant's edge can trust — not "this traffic is from an AI," but "this is a specific agent, acting on behalf of a specific principal, presenting a signed credential the merchant can actually validate." Without this, every agent request looks like a malicious bot to the fraud stack, and gets treated accordingly.
Payments. Funded, tokenized payment methods with per-agent spending controls. The agent needs to pay without being handed a human's raw card, without unbounded spend authority, and without forcing every merchant to stand up a new rail. Credential and funding have to travel together, or neither works.
Checkout execution. The actual navigation of arbitrary, heterogeneous checkout flows — field names, form structures, shipping validators, tax calculators, 3DS prompts, inventory holds, the works. Even a verified, funded agent cannot reliably complete an order against an arbitrary merchant site without this layer sitting between it and the checkout.
Each of these has been solved independently. The opportunity is in connecting them into a single coherent stack.
The Bot Defense Problem: Same Wall, Two Sides
Merchant fraud detection was built to block exactly the traffic pattern that AI agents generate. CAPTCHAs, device fingerprinting, velocity checks, TLS fingerprinting, behavioral analysis — these systems are effective precisely because they treat all non-human traffic as suspect until proven otherwise.
This creates a paradox that every team building in agentic commerce runs into eventually — and that F5's own engineering team has called out directly: the security infrastructure that protects e-commerce is also the primary thing preventing agent-driven commerce from scaling.
A few facts worth sitting with:
F5 Labs' 2025 Advanced Persistent Bots Report found that more than 1 in 5 add-to-cart transactions on retail sites are automated by reseller bots — drawn from 200B+ transactions observed across F5 Bot Defense customers between November 2023 and September 2024. Merchants have extremely good reasons to be paranoid about automation.
At the HTTP layer, a legitimate AI agent completing a purchase on behalf of a user is nearly indistinguishable from a malicious bot. Both script browsers. Both generate rapid, regular request patterns. Both bypass standard client-side telemetry.
As Skyfire Co-Founder Craig Dewitt put it when announcing the F5 partnership: "The behavioral signals that indicate a malicious bot also describe a perfectly legitimate AI agent completing a task on behalf of a real user: speed of navigation, absence of mouse movement patterns, headless browser signatures, and non-human session timing." That's the whole problem in one sentence.
The industry has been talking about agentic commerce as if the hard part is the agent. It isn't. The hard part is the wall the agent hits when it tries to transact — and that wall has two sides. You need an answer for identity (so the merchant's edge knows who's knocking) and an answer for execution (so the agent can actually navigate the flow once it's through the door). Solving one without the other leaves the transaction stranded. Payment, the third layer of the stack, has to work too — but the wall itself is identity and execution.
The Identity Layer: Know Your Agent
Skyfire's Know Your Agent protocol is the answer Rye is building around for the identity half of the wall — an identity layer deployed natively inside F5 Distributed Cloud Bot Defense and recognized at the merchant edge as legitimate agent traffic.
KYA gives an AI agent a cryptographically signed identity chain that ties together the three things the merchant edge actually cares about:
The agentic AI traffic arriving at the door
The specific agent instance performing the action
The human or enterprise principal on whose behalf the agent is acting
"This is an AI agent" is not a sufficient claim for a merchant to drop its guard. "This is agent instance X, acting on behalf of verified enterprise account Y, presented as a signed token from a known identity provider" is a very different claim — and it's one a bot-defense system can act on.
A few properties worth highlighting for developers evaluating this layer:
Built on standard web identity primitives. KYA uses JWTs, OAuth2, and JWKS. No bespoke protocol for merchants to adopt. Tokens can be verified at the edge without round-trips back to Skyfire.
F5 Distributed Cloud Bot Defense integration. KYA tokens are recognized natively by F5's bot management. F5's platform is used by over 80% of the Fortune Global 500, which means verified agents can be allowed through at the WAF layer without new merchant-side integration work. That is a large unlock for distribution — it turns agent allow-listing from a per-merchant engineering project into a policy decision inside infrastructure merchants already run.
The net effect: KYA turns anonymous automation into accountable commerce. It's the piece of infrastructure that lets a merchant meaningfully distinguish a scalper from a shopper — and treat the latter as a real customer.
The Checkout Execution Layer: Universal Checkout
Identity gets the agent past the merchant's fraud stack. A funded payment method gets the agent ready to transact. Neither one places the order.
This is where most agentic commerce conversations quietly skip a step. Every merchant's checkout flow is different. Field names, form structures, shipping validators, tax calculators, 3DS prompts, inventory holds, coupon interactions, address normalization, regional SKU substitutions — the surface area is enormous and fractal. An agent with a perfect identity and a funded wallet still cannot reliably convert a product URL into a confirmed order against an arbitrary merchant without a checkout execution layer sitting between it and the merchant site.
That's what Rye's Universal Checkout API is. The shape of it:
Product URL in, confirmed order out. A developer hands Rye a URL. Rye handles offer resolution (price + tax + shipping + availability in real time, typically sub-35 seconds), order placement, and confirmation.
Browser automation plus caching into deterministic workflows. The first time Rye transacts against a given merchant flow, it's navigating. Successful flows get captured and converted into reproducible, deterministic workflows that execute far faster on subsequent runs. Over time, the open web starts to look more like an API.
Tokenized payments only. No raw card data ever touches the agent or the developer. PCI DSS scope is reduced by design.
Merchant-of-record preserved. The merchant keeps the customer, the data, the returns relationship, and the brand experience. Rye is infrastructure, not a marketplace intermediary.
Fraud-mitigation proxy layer. This is the execution-side counterpart to Skyfire's identity-side answer — the networking layer that ensures a legitimate automated request actually reaches the checkout flow instead of getting killed by a CDN rule three hops upstream.
Universal Checkout is the piece that turns "the agent got past the door" into "the agent completed the purchase."
The Full Stack Together
Here is the thesis, stated plainly: agentic commerce requires identity, payments, and checkout execution as a single stack. Building any one of them without the others produces a dead end.
The failure modes are easy to enumerate:
Identity without checkout execution. The agent is trusted, funded, and waved through at the edge — and then gets stuck on a three-page checkout flow with a quirky address validator. Trust without capability.
Checkout execution without identity. The agent can drive the flow perfectly — but the merchant's WAF killed the session before the agent ever saw the cart page. Capability without trust.
Payments without either. The agent has money and nowhere to spend it. A wallet is not a transaction.
Skyfire + Rye closes the loop:
Rye attaches a KYA credential to the agent's outbound request as it flows through Universal Checkout. At the merchant edge, that credential is verified (by F5 Distributed Cloud Bot Defense or equivalent), and the session is allowed through.
Rye's Universal Checkout API executes the purchase against the merchant site. Offer resolution, form navigation, tokenized payment handling, confirmation. No raw card data ever touches the agent, and per-transaction spend controls are enforced at the execution layer.
The merchant receives a verified, accountable, fully-completed order — from an automated buyer it can actually charge.
For developers building agent applications that need to complete purchases, the integration story is deliberately simple: use Rye. Rye's Universal Checkout API is the one integration point. KYA lives underneath it as the identity layer attached to agent traffic at the merchant edge. One SDK, one transactional loop, thousands of stores across the open web in scope.
This is not a roadmap. It is not a protocol in draft. It is not a demo recorded in a sandbox. Rye is running the checkout layer in production at scale today. Skyfire is running the identity and payment layer in production at scale today. What this partnership does is wire the two together so the full loop is available to developers as a single coherent stack.
If You're Building on the Stack
If you are building agent applications that will eventually need to transact — which is to say, most of them — here is the short list:
Make sure your agents carry verifiable identity at the merchant edge. You can build and manage an identity layer yourself, or use a checkout platform that handles it for you — Rye attaches Skyfire's KYA credentials to agent traffic routed through Universal Checkout, so the developer never has to touch it. Our view: anonymous automation has no future in commerce.
Fund your agents responsibly. Use tokenized payment methods with explicit per-agent spending controls. Do not hand an LLM a credit card and hope.
Solve checkout universally. Emerging protocols like AP2, TAP, and ACP are doing important work on the identity, mandate, and authorization layers — but your agent still needs an execution layer that can actually complete the transaction against a merchant's checkout flow, whatever stack that merchant happens to run underneath. Use a Universal Checkout layer so your coverage is the open web, not just the subset of merchants that have natively adopted any single agent-facing protocol.
Think in stacks, not silos. Identity, payments, and checkout execution are interdependent. Build one in isolation and you will spend next year discovering the other two.
Frequently Asked Questions
Do developers have to integrate both Skyfire and Rye to use this stack?
No. Developers integrate Rye. Skyfire's KYA lives underneath Rye's Universal Checkout API as the identity layer attached to agent traffic at the merchant edge — so agents you ship via Rye arrive carrying verifiable credentials without you having to build or manage an identity system yourself. One integration, full stack.
How is KYA integrated with Rye's Universal Checkout API?
As part of this partnership, Rye is folding Skyfire's KYA protocol into its stack as the identity layer attached to agent traffic flowing through Universal Checkout. Developers building on Rye get verifiable agent identity at the merchant edge as a native part of the platform — they don't have to provision KYA, manage keys, or integrate a second SDK. The goal is the cleanest possible path to a full agentic commerce loop: one integration point, end-to-end coverage.
How does this relate to AP2, Visa TAP, and other agent-commerce protocols?
AP2, TAP, and ACP are identity and mandate protocols — they describe how an agent's authority, intent, and payment instructions are represented and signed. Skyfire's KYA sits in the same neighborhood on the identity side, and is the first identity protocol integrated natively into enterprise bot-defense infrastructure. Rye's Universal Checkout operates on the execution side: it completes the actual transaction against a merchant's checkout flow, and is committed to interoperating with the identity and mandate protocols that gain traction across the agentic commerce ecosystem. The layers are complementary by design.
What about merchants that don't run F5 Distributed Cloud Bot Defense?
F5's integration with Skyfire KYA is the first enterprise bot-defense deployment of agent identity at the edge, which is a meaningful unlock given F5's footprint across over 80% of the Fortune Global 500. For merchants running other bot-defense stacks, Rye's own fraud-mitigation proxy layer already handles the execution-side problem today, and we expect additional bot-defense vendors to recognize KYA-style credentials as the standard matures.
Is this live end-to-end today?
Both layers are running in production. Rye operates Universal Checkout at scale across thousands of merchants on the open web. Skyfire operates KYA and the F5 Distributed Cloud Bot Defense integration at the merchant edge. This partnership is the work of composing those two production systems natively — so that when you integrate Rye, the agents you ship arrive at merchant edges with KYA-verified identity attached under the hood, with no additional work on the developer side.
Start Building
Rye's Universal Checkout API lets your AI agent purchase from any store on the open web — no merchant integration required, with Skyfire's KYA as the identity layer attached to agent traffic at the merchant edge. Start building with Rye's Universal Checkout API docs.
To learn more about Skyfire's Know Your Agent protocol, visit the Skyfire product page.
If you're building in agentic commerce and want to talk about how the identity and checkout layers fit together for your use case — reach out.