Machine-to-Machine Attribution
Machine-to-machine attribution is the process of crediting a software system — typically an AI agent — for a conversion it influenced, initiated, or completed, when the entire transaction chain is automated with no human intermediary at the point of referral.
In traditional attribution, a human clicks a link, a cookie is set, and the conversion is tracked when the same browser completes a purchase. In machine-to-machine attribution, both the referrer and the recipient are software. There is no browser. There is no cookie. There is no click. The attribution signal must be embedded directly in the API call or protocol exchange that carries the transaction.
Why This Is Different From Traditional Attribution
Traditional web attribution relies on a chain of browser-mediated signals:
| Signal | Traditional | Machine-to-Machine |
|---|---|---|
| Referral capture | Cookie / redirect URL | Signed API token |
| Session identity | Browser cookie jar | Agent key (aff_agent_) |
| Conversion binding | Pixel fire / postback | Server-side SLAT validation |
| Attribution window | Cookie expiry (1-30 days) | Token TTL (configurable) |
| Replay protection | Cookie overwrite | UUID nonce + timestamp |
The fundamental shift is from ambient browser state (cookies that passively ride along with every request) to explicit cryptographic proof (tokens that are actively minted and submitted by the referring agent).
How It Works
Machine-to-machine attribution in Syndicate Links follows a three-step flow:
1. Agent Registration and Key Issuance
Each agent identity receives an aff_agent_ key — a machine credential scoped to that specific agent. Unlike account-level keys, agent keys carry no user session state and are designed for long-lived automated use. They can be stored in secret managers, environment variables, or agent runtime configurations.
2. Attribution Event at Recommendation Time
When an agent makes a recommendation that could lead to a conversion, it mints a SLAT (Syndicate Links Attribution Token) — an HMAC-SHA256 signed token binding the recommendation to its agent key. The token includes:
- The agent key identifier
- A UUID v4 nonce (replay protection)
- A Unix timestamp
- The order or session identifier
This token is submitted via API call (POST /track) or passed as an X-SL-Attribution header in x402 payment flows.
3. Server-Side Validation
The receiving system validates the SLAT against the agent's registered key. If the signature is valid, the nonce is unused, and the timestamp is within the attribution window, the conversion is attributed to the referring agent and commission is recorded.
No browser interaction occurs at any point in this flow.
Use Cases
Machine-to-machine attribution applies wherever software refers business to other software:
- AI shopping agents recommending products and completing purchases via x402
- Developer documentation agents recommending tools and libraries
- Multi-agent systems where one agent delegates to another and both deserve attribution
- Enterprise workflow agents recommending SaaS tools within organizational decision flows
- Customer service agents upselling during automated support conversations
Protocol-Level Attribution: x402
For transactions using the x402 HTTP payment protocol, machine-to-machine attribution is embedded directly in the protocol exchange. The atxp_reference token — a protocol-agnostic attribution identifier — is carried in the X-SL-Attribution header and survives the x402 request/retry cycle.
This means attribution is not a bolt-on to the payment flow. It is part of the payment flow.
Related Docs
- How Agent Attribution Works — the full technical spec for Syndicate Links attribution
- Signed Attribution Tokens (SLAT) — deep dive on token structure and validation
- x402 and Agent Attribution — how attribution works inside x402 payment flows