# dev.cocore.compute.paymentAuthorization

> Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz)

✓ This is the authoritative definition for this NSID.

## Description

A requester's signed authorization permitting a named exchange to charge them up to a ceiling for a specific job. Published in the requester's repo before any work runs. Settlement records strong-ref this authorization to prove consent.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.paymentAuthorization)
- [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.paymentAuthorization/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.paymentAuthorization/examples)

## Definitions

### `dev.cocore.compute.paymentAuthorization`

**Type**: `record`

**Key**: `tid`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `nonce` | `string` | Yes | 16 random bytes, hex-encoded. Replay protection: any settlement re-using a consumed nonce is invalid. |
| `scope` | `string` | Yes | singleJob: authorization is consumed by a single matching receipt. session: a bounded set of jobs may share this authorization until expiresAt. |
| `ceiling` | `ref` → `dev.cocore.compute.defs#money` | Yes | Maximum amount the exchange may charge under this authorization. |
| `exchange` | `string` (did) | Yes | DID of the exchange authorized to charge. |
| `createdAt` | `string` (datetime) | Yes |  |
| `expiresAt` | `string` (datetime) | Yes |  |
| `sessionBudget` | `ref` → `dev.cocore.compute.defs#money` | No | When scope=session, total cumulative charges across all settlements under this authorization MUST NOT exceed sessionBudget. Ignored when scope=singleJob. |

## Raw Schema

```json
{
  "id": "dev.cocore.compute.paymentAuthorization",
  "defs": {
    "main": {
      "key": "tid",
      "type": "record",
      "record": {
        "type": "object",
        "required": [
          "exchange",
          "ceiling",
          "scope",
          "nonce",
          "expiresAt",
          "createdAt"
        ],
        "properties": {
          "nonce": {
            "type": "string",
            "maxLength": 32,
            "minLength": 32,
            "description": "16 random bytes, hex-encoded. Replay protection: any settlement re-using a consumed nonce is invalid."
          },
          "scope": {
            "type": "string",
            "description": "singleJob: authorization is consumed by a single matching receipt. session: a bounded set of jobs may share this authorization until expiresAt.",
            "knownValues": [
              "singleJob",
              "session"
            ]
          },
          "ceiling": {
            "ref": "dev.cocore.compute.defs#money",
            "type": "ref",
            "description": "Maximum amount the exchange may charge under this authorization."
          },
          "exchange": {
            "type": "string",
            "format": "did",
            "description": "DID of the exchange authorized to charge."
          },
          "createdAt": {
            "type": "string",
            "format": "datetime"
          },
          "expiresAt": {
            "type": "string",
            "format": "datetime"
          },
          "sessionBudget": {
            "ref": "dev.cocore.compute.defs#money",
            "type": "ref",
            "description": "When scope=session, total cumulative charges across all settlements under this authorization MUST NOT exceed sessionBudget. Ignored when scope=singleJob."
          }
        }
      }
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1,
  "description": "A requester's signed authorization permitting a named exchange to charge them up to a ceiling for a specific job. Published in the requester's repo before any work runs. Settlement records strong-ref this authorization to prove consent."
}
```