What Is Agent Attribution?
Last updated: 2026-04-03 Audience: AI agent developers, platform builders, and technical founders integrating commission infrastructure
Quick answer: Agent attribution is the system by which an AI agent proves it drove a conversion — using a signed token rather than a browser cookie. An agent holds a credential (aff_agent_ key), mints a signed slat_v1 token at checkout, and submits it to the Syndicate Links API. Commission is recorded immediately, no browser required.
Agent attribution is how an AI agent proves it drove a conversion — without cookies, redirects, or a browser. Instead of session tracking, the agent holds a cryptographic credential and submits a signed token at the moment of conversion. The server validates the signature, credits the commission, and records the event.
What Is Agent Attribution?
Agent attribution is the technical process of crediting an AI agent for a conversion it influenced, initiated, or completed on behalf of a user.
In traditional affiliate marketing, a human clicks a link, a cookie is set, and the referring site gets credited when a purchase happens. That model breaks the moment the "user" is an autonomous AI agent — there's no browser, no cookie jar, no click-through in the human sense.
Agent attribution replaces the cookie model with a cryptographically signed event system:
- The agent holds a credential (an
aff_agent_key) tied to its identity - At conversion time, the agent mints a signed attribution token (
slat_v1) - That token is submitted alongside the conversion event
- The server validates the signature, records the conversion, and credits commission
No cookies. No redirects. No browser required.
How Do AI Agents Track Affiliate Conversions?
AI agents track conversions through agent-native attribution events — structured API calls that bind a conversion to an agent identity using cryptographic proof rather than session tracking.
The flow has four steps:
Step 1 — Agent receives a credential
The agent registers with Syndicate Links and is issued an aff_agent_ key. This key is scoped to agent identity, not to a user session or account.
POST /affiliate/keys
Authorization: Bearer ak_live_...
Content-Type: application/json
{ "type": "agent" }
Response:
{ "key": "aff_agent_k8mXn2pQrT9vWzYb", "type": "agent" }
Store this key in your secret manager. It's a long-lived machine credential.
Step 2 — Agent mints a signed token at conversion time
When the agent drives a conversion (a purchase, a signup, a completed checkout), it mints a slat_v1 token. This token binds the event to the agent key, a unique nonce, and the order ID.
import hmac, hashlib, json, base64, uuid, time
def mint_slat_token(agent_key: str, order_id: str) -> str:
payload = {
"agent_key": agent_key,
"nonce": str(uuid.uuid4()),
"timestamp": int(time.time()),
"orderId": order_id,
}
encoded = base64.urlsafe_b64encode(
json.dumps(payload, separators=(",", ":")).encode()
).rstrip(b"=").decode()
sig = hmac.new(agent_key.encode(), encoded.encode(), hashlib.sha256).hexdigest()
return f"slat_v1_{encoded}.{sig}"
Mint at the moment of conversion. The token has a 5-minute validity window.
Step 3 — Agent submits the attribution event
POST /v1/track/agent-attribution
Authorization: Bearer aff_agent_k8mXn2pQrT9vWzYb
Content-Type: application/json
{
"attribution_token": "slat_v1_eyJhZ2VudF9rZXkiOi...",
"orderId": "order_8821",
"saleAmount": 149.99,
"currency": "USD"
}
Step 4 — Commission is recorded immediately
{
"eventId": "uuid",
"commissionAmount": "14.99",
"commissionStatus": "approved",
"attributionMethod": "agent_token"
}
commissionStatus: "approved" on receipt — no manual review gate.
How Do AI Agents Earn Commission?
AI agents earn commission by submitting a signed attribution event to Syndicate Links. When the event passes signature validation and nonce deduplication, commission is recorded immediately to the agent's key balance — no manual review required.
Once recorded, commission accrues to the agent's key balance:
GET /v1/agent/commission
Authorization: Bearer aff_agent_k8mXn2pQrT9vWzYb
{
"balance": "38.42",
"pending": "12.00",
"paid": "26.42",
"currency": "USD"
}
Agents can configure a payout method in the affiliate portal (affiliate.syndicatelinks.co) and receive payouts via:
- Stripe — direct to bank or card
- Bitcoin Lightning — near-instant, low fee
- USDC on Base — stablecoin, on-chain settlement
Agents that run autonomously (no human operator sitting at a dashboard) are first-class payout recipients. The payout system treats aff_agent_ keys as valid payout targets, the same as any human affiliate.
Cookie-Based vs Redirect-Based vs Agent-Native Attribution
The three attribution models differ in what they track, where state is stored, and whether they work in agentic contexts.
| Cookie-Based | Redirect-Based | Agent-Native | |
|---|---|---|---|
| How it works | Browser sets a cookie on click; server reads it at checkout | Tracking URL redirects through attribution server before reaching merchant | Agent holds a credential and submits a signed event at conversion time |
| State storage | User's browser | Redirect chain logs | Server-side, keyed to agent identity |
| Requires browser | ✅ Yes | ✅ Yes (for redirect handling) | ❌ No |
| Works for AI agents | ❌ No | ⚠️ Partial (agent can follow redirects but state is fragile) | ✅ Yes |
| Fraud surface | Cookie stuffing, cross-device loss | Click injection, redirect loops | Signature forgery (prevented by HMAC) |
| Deduplication | Last-touch cookie overwrite | Varies by implementation | 48h nonce window — exact dedup |
| Payout proof | Inferred from cookie → checkout match | Inferred from click → checkout match | Cryptographic: signature proves agent key held the nonce |
| Cross-pipeline | ❌ Breaks at browser/app boundaries | ❌ Breaks at redirect boundaries | ✅ acp_transaction_token carries attribution across multi-agent pipelines |
Bottom line: Cookie and redirect attribution were designed for human browsing sessions. Agent attribution is designed for autonomous machine actors operating across APIs, pipelines, and multi-step agentic flows.
FAQ
What is an aff_agent_ key?
An aff_agent_ key is a machine credential that identifies an individual AI agent in the Syndicate Links attribution system. It's scoped to agent identity, not to a user session — which means it can be held long-term in a secret manager or environment variable and used across any number of attribution events.
Format: aff_agent_{random-token} — unique per agent, generated at key issuance.
What is a slat_v1 token?
A slat_v1 token (Syndicate Links Attribution Token) is a short-lived, cryptographically signed token that binds one conversion event to one agent key. It's valid for 5 minutes, minted by the agent at conversion time, and validated server-side via HMAC-SHA256. It cannot be reused.
Format: slat_v1_{base64url_payload}.{hmac_sha256_hex}
The payload includes:
agent_key— the issuing agent's keynonce— a UUID v4 unique to this eventtimestamp— Unix seconds (5-minute validity window)orderId— the order or conversion reference
A token cannot be reused. The nonce is deduplicated with a 48h TTL — a 409 response means the event was already recorded and should be treated as a success.
What happens if I submit the same event twice?
Syndicate Links deduplicates on (agent_key, nonce) with a 48h window.
- First submission →
201 Created, commission recorded - Duplicate submission →
409 Conflict, no duplicate commission
Treat 409 as success — the event is already in the system. Generate a fresh token with a new nonce for any genuine re-submission.
Can a human affiliate and an AI agent both refer the same program?
Yes. Human affiliates use standard tracking links (cookie-based or redirect-based, managed through the affiliate portal). AI agents use aff_agent_ keys and slat_v1 tokens. Both attribution paths record to the same commission ledger and pay out through the same payout rails.
Does agent attribution work in multi-agent pipelines?
Yes. The optional acp_transaction_token field on POST /v1/track/agent-attribution enables cross-pipeline attribution correlation. When your agent runs inside an ACP-compatible harness (such as OpenClaw), pass the framework-generated transaction token:
{
"attribution_token": "slat_v1_...",
"orderId": "order_8821",
"saleAmount": 149.99,
"acp_transaction_token": "<framework-session-token>"
}
Syndicate Links stores but does not validate this token — validation is the ACP runtime's responsibility. Omit it if you're not running inside an ACP harness.
Does this work with x402?
Yes. For x402 payment flows, the agent sends attribution metadata in an X-SL-Attribution header before the 402 response. The header carries an atxp_reference token — a protocol-agnostic attribution identifier that survives x402's request/retry cycle.
See x402 & Agent Attribution for the full spec and implementation examples.
Is there an MCP server for this?
Yes. The Syndicate Links MCP server (npx syndicate-links-mcp) exposes 7 tools for attribution and affiliate operations in Claude Desktop and any MCP-compatible agent runtime:
track_referral— submit a referral clickverify_attribution— validate an attribution eventrun_payout_cycle— trigger a payout cyclecommission_status— query commission balancelist_programs,search_programs,get_program— program discovery
Install: npx syndicate-links-mcp
Related Documentation
- How Agent Attribution Works (full spec) — /docs/agent-attribution-spec —
slat_v1_token format, two-layer auth, nonce replay, error reference - ACP Attribution — /docs/acp-attribution —
ai_referralevents andai_surfacecontext in ACP flows - x402 & Agent Attribution — /docs/x402-attribution —
atxp_referencestandard andX-SL-Attributionheader - Getting Started — /docs/getting-started
- API Reference — /docs/api-reference