FairAd is built on world-standard protocols and formats to maximize interoperability and adoption.
| Layer | Standard | Purpose |
|---|---|---|
| Well-known URI | RFC 8615 | /.well-known/ prefix for discovery; manifest at /.well-known/fairad.json. |
| HTTPS | RFC 2818, RFC 9110 | All production endpoints use TLS. HTTP is allowed only when explicitly enabled for local dev. |
| JSON | RFC 8259 | Manifest, API request/response, and PoI payloads are JSON. |
| Ed25519 | RFC 8032 | Payment Commitments and receipt integrity use Ed25519 signatures. |
| Content-Type | RFC 7231 | Manifest served as application/json where applicable. |
| OIDC / JWT | OpenID Connect Core, RFC 7519 | Proof of Human attestations (X-FairAd-Human-Token) follow JWT/OIDC claim structure and JWKS verification. |
| MCP | Model Context Protocol | Merchant Ad-Server is an MCP server; agents use standard MCP clients. |
| Currency | ISO 4217 | currency in manifest and commitments uses ISO 4217 codes (e.g. USD, EUR). |
The FairAd manifest is a well-known URI as defined by RFC 8615:
- Path:
/.well-known/fairad.json(no trailing slash). - Scheme:
httpsin production. - Authority: The merchant’s public domain.
Consumers that support RFC 8615 can discover the manifest at a predictable URL per origin. The manifest schema is specified in WELL_KNOWN_SPEC.md.
- Methods: GET for manifest and settlement status; POST for sponsored-context and settlement submit.
- Status codes: 200 (success), 400 (validation/error), 404 (not found), 402 reserved for future payment flows.
- Headers: Custom headers use the
X-FairAd-*prefix. Standard headers (Content-Type, Accept, etc.) follow HTTP semantics.
- Signatures: Ed25519 (RFC 8032). Public keys and signatures are Base64-encoded (no padding required for compatibility).
- Hashing: SHA-256 for disclosure and receipt hashes; identifiers use the form
sha256:<hex digest>.
These choices align with modern web and identity standards and are widely supported across languages and platforms.