← Back to Skills Marketplace

Ucp Checkout Rest

Name: Ucp Checkout Rest
Author: ichiorca

by Rohit Bajaj · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ucp-checkout-rest

Description

Implement UCP Checkout over the REST binding — create, get, update, complete, and cancel checkout sessions with proper headers, idempotency, status transitio...

README (SKILL.md)

UCP Checkout — REST Binding

Before writing code

Fetch live spec: Web-search site:ucp.dev specification checkout-rest and fetch the page for the exact current endpoint shapes, required headers, request/response schemas, and status codes.

Also fetch https://ucp.dev/specification/reference/ for all data type definitions (Buyer, LineItem, Total, Message, etc.).

Conceptual Architecture

Five REST Operations

Operation	HTTP	Path	Idempotent?
Create Checkout	POST	`/checkout-sessions`	Yes (via Idempotency-Key)
Get Checkout	GET	`/checkout-sessions/{id}`	Naturally
Update Checkout	PUT	`/checkout-sessions/{id}`	Yes (full replace)
Complete Checkout	POST	`/checkout-sessions/{id}/complete`	Yes (via Idempotency-Key)
Cancel Checkout	POST	`/checkout-sessions/{id}/cancel`	Yes (via Idempotency-Key)

Required Headers (every request)

UCP-Agent: Platform's profile URI in RFC 8941 structured field format — profile="https://..."
Idempotency-Key: UUID for mutating operations; Business caches 24+ hours
Request-Id: UUID for distributed tracing
Request-Signature: Cryptographic signature for request integrity verification
Content-Type: application/json

Status State Machine

incomplete → requires_escalation → ready_for_complete → complete_in_progress → completed
     |               |                    |                      |
     +---------------+--------------------+----------------------+--------→ canceled

The canceled state is reachable from any non-terminal state (incomplete, requires_escalation, ready_for_complete, complete_in_progress).

The agent's job is to drive the session from incomplete to ready_for_complete by resolving messages, then call complete.

Negotiation in Every Response

Every response includes a ucp object with the negotiated version and capabilities. The Business computes the intersection of its own capabilities with the Platform's profile, prunes orphaned extensions, and returns only what both sides support.

Error Handling Pattern

Responses include a messages array. Each message has:

type: error / warning / info
code: Machine-readable error code
content: Human-readable description
severity: recoverable / requires_buyer_input / requires_buyer_review (these are the 3 formal enum values; note: escalation appears in some spec sections but is NOT part of the formal severity enum — this is a spec inconsistency)
path: JSONPath pointing to the problematic field

Agent behavior by severity:

recoverable → Agent fixes automatically (e.g., update with missing address)
requires_buyer_input → Ask the human user
requires_buyer_review → Show totals/terms for human confirmation
escalation → Redirect to continue_url

Implementation Checklist

Business (merchant server):

Parse UCP-Agent header and fetch platform profile for negotiation
Validate Idempotency-Key — return cached response if duplicate
Create checkout session with line items, compute totals
Return negotiated ucp object + full session state + messages
Handle Update by recalculating totals, re-validating, updating messages
Handle Complete by processing payment credential, creating order
Handle Cancel by cleaning up session
Return proper HTTP status codes (201 Created, 200 OK, 400/409/429, etc.)

Platform (agent client):

Discover Business profile at /.well-known/ucp
Send UCP-Agent header with own profile URI
Create checkout, inspect status and messages
Loop: resolve messages → update checkout → re-check status
When ready_for_complete: acquire payment credential, call complete
Handle requires_escalation by surfacing continue_url to user

Monetary Values

All amounts are integers in minor currency units (e.g., $29.99 = 2999). Never use floating point.

TLS Requirement

All UCP REST endpoints MUST be served over HTTPS with minimum TLS 1.3.

Usage Guidance

Before using this skill to build a real checkout client or server, make sure final purchase completion requires explicit buyer confirmation, credentials are tokenized and never logged, and the live UCP specification is fetched only from official HTTPS sources.

Capability Analysis

Type: OpenClaw Skill Name: ucp-checkout-rest Version: 1.0.0 The skill bundle provides legitimate architectural guidance and implementation instructions for the Universal Checkout Protocol (UCP) REST binding. It outlines standard API operations, header requirements (including cryptographic signatures), and error handling logic. The instructions to fetch live specifications from ucp.dev are consistent with the stated purpose, and there are no signs of malicious code, data exfiltration, or harmful prompt injection.

Capability Tags

cryptocan-make-purchases

Capability Assessment

ℹ Purpose & Capability

The skill's purpose is clearly to implement UCP Checkout REST operations, including checkout completion and cancellation; those actions are high-impact but disclosed and central to the stated purpose.

ℹ Instruction Scope

The instructions describe automatically resolving recoverable checkout messages and calling complete when ready; this is purpose-aligned, but generated clients should require clear buyer confirmation before final purchase completion.

✓ Install Mechanism

No install spec, binaries, environment variables, or code files are present; this is an instruction-only skill.

ℹ Credentials

The skill asks the agent to fetch the live UCP specification from the web, which is reasonable for protocol implementation but should be limited to official HTTPS sources.

ℹ Persistence & Privilege

No persistence is requested, but the protocol references payment credentials and request signatures, so any implementation must protect those materials and avoid logging them.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ucp-checkout-rest
After installation, invoke the skill by name or use /ucp-checkout-rest
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of ucp-checkout-rest skill. - Implements UCP Checkout session lifecycle over REST: create, get, update, complete, and cancel. - Enforces required headers (UCP-Agent, Idempotency-Key, Request-Id, Request-Signature, Content-Type) for every request. - Follows UCP session state machine and status transitions. - Handles capability negotiation via the `ucp` object in each response. - Standardizes error handling and message severities for client and business logic. - Specifies proper use of integer monetary values and minimum TLS 1.3 for all endpoints.

Metadata

Slug ucp-checkout-rest

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Ucp Checkout Rest?

Implement UCP Checkout over the REST binding — create, get, update, complete, and cancel checkout sessions with proper headers, idempotency, status transitio... It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.

How do I install Ucp Checkout Rest?

Run "/install ucp-checkout-rest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ucp Checkout Rest free?

Yes, Ucp Checkout Rest is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ucp Checkout Rest support?

Ucp Checkout Rest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ucp Checkout Rest?

It is built and maintained by Rohit Bajaj (@ichiorca); the current version is v1.0.0.

More Skills