🌙 Toggle Dark Mode Home Solutions MoltGuard MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard Integrity Dashboard Blog Status Verify Us API
← Back to Blog
Developer March 16, 2026 6 min read

MT Travel Developer Guide: Verify Booking Agents with W3C Delegation Chains

Your AI booked Business Class. You approved Economy. Without a delegation chain, every booking agent's mandate is just a prompt — not a cryptographic constraint. MT Travel fixes that.

MT Travel is a booking verification API for autonomous travel agents. It issues and verifies TravelAgentCredentials — W3C Verifiable Credentials (VCs) signed with Ed25519 — with delegation chains that bind each level of travel authority to enforceable constraints. 6 REST endpoints, 3 Model Context Protocol (MCP) tools, free during Early Access. Part of MolTrust v0.8.0.

What Is a TravelAgentCredential

A TravelAgentCredential is a W3C Verifiable Credential that authorizes an AI booking agent to make travel reservations on behalf of a company or individual. It contains the agent's DID, the principal's DID, spend limits, allowed segments (flight, hotel, car rental), cabin class restrictions, and an optional delegation chain. The credential is signed with Ed25519 and can be verified by any booking platform in a single API call.

{ "type": ["VerifiableCredential", "AuthorizedAgentCredential", "TravelAgentCredential"], "credentialSubject": { "id": "did:moltrust:booking-agent-001", "principalDID": "did:moltrust:acme-corp", "authorization": { "spendLimit": 5000, "currency": "USDC", "segments": ["flight", "hotel", "car_rental"], "cabinClass": "economy", "hotelMaxStarRating": 3, "validFrom": "2026-03-16T00:00:00Z", "validUntil": "2026-06-14T00:00:00Z" }, "delegationChain": [ { "from": "did:moltrust:acme-corp", "to": "did:moltrust:travel-agency", "spendLimit": 10000 }, { "from": "did:moltrust:travel-agency", "to": "did:moltrust:booking-agent-001", "spendLimit": 5000 } ] } }

Unlike API-key-only authorization, a TravelAgentCredential is portable, cryptographically verifiable, and carries its own constraints. The booking platform doesn't need to trust the agent — it trusts the credential and verifies every link in the delegation chain.

The Delegation Chain

The delegation chain models real-world travel authority. A company issues a credential to a travel agency with a total spend limit. The travel agency delegates a subset of that authority to a booking platform agent with tighter constraints. Each level of the chain is cryptographically signed — not prompt-based.

Company (Principal) — total budget: $10,000 └─ Travel Agency (Delegatee) — spend limit: $5,000/trip └─ Booking Platform (Sub-Delegatee) — cabin: economy, hotel: 3-star max

The verify endpoint validates every link: each delegate's spend limit must be less than or equal to its delegator's limit, and constraints can only be narrowed — never widened. If the booking platform tries to book Business Class when the chain says economy, the request is rejected.

Verify a Booking: One POST Request

The verification endpoint runs a 10-step pipeline. It checks the credential signature, spend limits, cabin class, segment authorization, delegation chain validity, and trust score. It returns a receipt with an approval status and an on-chain audit trail.

import requests # Verify a booking agent's reservation attempt receipt = requests.post( "https://api.moltrust.ch/guard/travel/verify", json={ "vc": travel_agent_credential, # Full W3C VC object "booking": { "segment": "flight", "amount": 850, "currency": "USDC", "cabinClass": "economy", "merchant": "united.com" } } ).json() print(receipt["result"]) # "approved", "review", or "rejected" print(receipt["guardScore"]) # 0-100 trust score print(receipt["receiptId"]) # Unique receipt ID for audit trail

The approved response:

{ "receiptId": "r-t1a2b3c4-d5e6-7890", "tripId": "trip-acme-2026-q1-001", "agentDID": "did:moltrust:booking-agent-001", "principalDID": "did:moltrust:acme-corp", "segment": "flight", "amount": 850, "currency": "USDC", "guardScore": 78, "result": "approved", "reason": "All checks passed", "onChainTx": "0x7a3b...c4d5", "timestamp": "2026-03-16T14:30:00Z" }

Trust scores below 20 are rejected. Scores 20-49 are flagged for review. 50+ approved. The booking platform can use guardScore and result to gate or escalate reservations automatically.

The 10-Step Verify Pipeline

  1. VC Signature — Ed25519 signature verification on the TravelAgentCredential.
  2. Expiry Check — Credential validUntil must be in the future.
  3. DID Resolution — Agent DID and principal DID must resolve to registered identities.
  4. Segment Authorization — The requested segment (flight, hotel, car_rental) must be in the credential's allowed segments.
  5. Spend Limit — Booking amount must be within the credential's spend limit.
  6. Currency Match — Booking currency must match the credential's currency.
  7. Daily Cap — Total daily bookings must not exceed the daily transaction limit.
  8. Trust Score — Agent's MolTrust reputation score is evaluated (reject < 20, review 20-49, approve 50+).
  9. Delegation Chain — Every link in the chain is validated: spend limits narrow monotonically, constraints only tighten.
  10. Traveler Manifest — If the credential specifies travelers, the booking must match the manifest.

Each step produces a pass/fail result. The first failure short-circuits the pipeline and returns the rejection reason.

Issue a Credential: $5 USDC via x402

Issue a TravelAgentCredential via the x402 payment protocol. $5 USDC on Base L2 — free during Early Access.

# Issue a TravelAgentCredential (free during Early Access) vc = requests.post( "https://api.moltrust.ch/guard/vc/travel-agent/issue", json={ "agentDID": "did:moltrust:booking-agent-001", "principalDID": "did:moltrust:acme-corp", "spendLimit": 5000, "currency": "USDC", "segments": ["flight", "hotel", "car_rental"], "cabinClass": "economy", "hotelMaxStarRating": 3, "travelers": ["alice@acme.com"], "delegationChain": [ { "from": "did:moltrust:acme-corp", "to": "did:moltrust:travel-agency", "spendLimit": 10000 }, { "from": "did:moltrust:travel-agency", "to": "did:moltrust:booking-agent-001", "spendLimit": 5000 } ], "validDays": 90 } ).json() print(vc["credential"]) # Signed TravelAgentCredential (JWS) print(vc["credentialHash"]) # SHA-256 hash

The 6 Endpoints

All endpoints are prefixed with /guard/ through the API gateway: api.moltrust.ch/guard/travel/...

MCP Integration

MT Travel is available as 3 MCP tools in the moltrust-mcp-server package (36 tools total, v0.8.0):

# Install pip install moltrust-mcp-server # Add to Claude Desktop / Cursor / Windsurf claude mcp add moltrust -- uvx moltrust-mcp-server # Available tools: # mt_travel_info — service info and schema # mt_travel_verify — verify agent booking # mt_travel_issue_vc — issue TravelAgentCredential

The Model Context Protocol (MCP) integration means any MCP-compatible client can verify travel bookings natively without writing HTTP calls.

Use Cases

Corporate Travel Policy Enforcement

A company issues a TravelAgentCredential to its booking agent with economy-only cabin class, 3-star hotel max, and a $5,000 spend limit. Every reservation the agent makes is verified against these constraints. If the agent tries to book Business Class, the pipeline rejects it at step 4 (Segment Authorization) or step 9 (Delegation Chain). The finance team gets a cryptographic audit trail instead of a spreadsheet.

Multi-Level Travel Agency Delegation

A travel management company receives authority from a corporate client. It delegates a subset of that authority to an AI booking platform. The delegation chain ensures the platform can never exceed the agency's own limits. Each booking receipt includes the full chain for compliance auditing.

Trip-Level Aggregation

A multi-leg business trip — flight, hotel, car rental — generates multiple booking receipts under one tripId. The /travel/trip/:tripId endpoint returns all receipts for a trip, with aggregated spend totals. Finance teams can reconcile an entire trip in one API call.

6 endpoints. 3 MCP tools. W3C Delegation Chains.

Cryptographic trust for the autonomous booking economy.

api.moltrust.ch/guard/travel/verify

FAQ

What is MT Travel?

MT Travel is a booking verification API for autonomous travel agents. It issues TravelAgentCredentials (W3C Verifiable Credentials) with delegation chains that bind an AI booking agent to enforceable spend limits, cabin class, hotel rating, and segment restrictions. Booking platforms can verify agent authority in a single API call.

What is a delegation chain?

A delegation chain is a sequence of signed authority transfers: Company → Travel Agency → Booking Platform. Each link narrows the constraints — spend limits can only decrease, cabin class can only be restricted. The verify pipeline validates every link in the chain. If any link is invalid, the booking is rejected.

How does the 10-step verify pipeline work?

The /travel/verify endpoint checks: Ed25519 VC signature, expiry, DID resolution, segment authorization (flight/hotel/car), spend limit, currency match, daily transaction cap, trust score evaluation, delegation chain validation, and traveler manifest binding. The first failure short-circuits the pipeline and returns the rejection reason.

What does it cost?

Verification (POST /travel/verify), receipt lookup, and info endpoints are free permanently. Credential issuance (POST /vc/travel-agent/issue) costs $5 USDC via the x402 payment protocol on Base L2. All endpoints are free during Early Access.

Can I use MT Travel with Claude Desktop?

Yes. Install the MCP server with pip install moltrust-mcp-server and add it to Claude Desktop. The mt_travel_verify tool lets Claude verify booking agent transactions natively. See the MCP Integration section above.

Start Verifying Booking Agents

Free during Early Access. 36 MCP tools via pip install. W3C Verifiable Credentials with delegation chains and Ed25519 signatures.

API Docs → pip install →

Written by the MolTrust Team (CryptoKRI GmbH, Zurich). Follow @MolTrust on X for updates.

stay in the loop TRUST UPDATES DAILY. @MOLTRUST ON X →