Skip to main content

Recurring Authorization Infrastructure

Recurring Authorization Infrastructure (RAI) is the trust-minimized pattern that underpins amser's delegated payment model. It separates authorization (the user's consent to recurring debits) from execution (keepers triggering each charge) so recurring payments stay non-custodial and revocable.

Authorization as the Primitive

Traditional subscription protocols focus on money movement. amser focuses on authority.

Authority is:

  • bounded — caps, budgets, limits
  • time-scoped — expiry, renewal windows
  • purpose-scoped — what actions are allowed
  • revocable — by user or by rule
  • non-custodial — funds remain in user wallets

Payments are a consequence of authorization, not the root abstraction.

What RAI Provides

  • Delegated spending only: users authorize spend through scoped allowances (Permit2) rather than depositing into protocol vaults.
  • Granular caps: per-cycle and total caps bound the maximum chargeable amounts.
  • Time-bounded authority: allowances carry explicit expirations.
  • Idempotent execution: bitmap/window tracking guarantees one charge per interval.
  • Composability: merchants can attach authorization gating to any on-chain or API feature.

Authorization Instruments

amser provides multiple authorization instruments, all enforced by the same validation layer:

InstrumentTriggerUse Case
SubscriptionsTime-based intervalsSaaS billing, recurring access
CreditsUsage exhaustionAI agents, API metering, compute

Each instrument shares the same non-custodial guarantees and Permit2 delegation model. They differ only in what triggers the next charge. Additional instruments (e.g. budgets, spend caps) may be added in future versions.

The Five Components

  1. Authorization surface: Permit2 signatures or ERC-20 approvals that define spend scope.
  2. State machine: Modules (SubscriptionModule, CreditModule) tracking timing, caps, pauses, and processed windows.
  3. Execution engine: PaymentProcessor enforcing rules and routing fees.
  4. Observation layer: Indexer + dashboards showing plan catalogs, due items, and revocation alerts.
  5. Automation layer: Keeper network that executes charges within safe windows.

Recurring Authorization vs Recurring Payments

  • Authorization = user consent captured once (with caps and expiry) and stored as a revocable Permit2 allowance; no funds move yet.
  • Recurring payment = periodic execution that consumes part of the authorized allowance, updates totals, and emits receipts.

Users can revoke authorization at any time. Payments automatically halt because allowances no longer satisfy the contract checks.

Non-Custodial by Design

amser never holds user funds.

All value remains in user wallets and is accessed only via:

  • delegated authority
  • bounded allowances
  • protocol-enforced validation

There are no vaults, no pooled balances, no infinite approvals. Users can revoke authorization at any time.

Why This Matters

Web3 does not need better payments. It needs better authority.

RAI provides the missing infrastructure for:

  • autonomous agents that need bounded spending power
  • recurring digital services without custody risk
  • programmable permissions with deterministic enforcement
  • non-custodial automation that users actually control