Paybond includes a focused set of operational surfaces for teams that run production agent settlement programs. These surfaces help customers administer a workspace, review intent and payment activity, resolve disputes, export evidence, investigate Signal standing, and coordinate continuity operations.
Some workflows are available directly in the console or API. Others are Paybond-managed and coordinated with customers because they affect evidence retention, recovery posture, signing trust, or service availability. In every case, access remains tenant-scoped and role-based.
At a glance
| Surface | Primary users | Purpose |
|---|---|---|
| Workspace administration | Workspace owners and tenant admins | Sign in, manage access, configure identity, review plan and billing posture, and administer tenant-level settings. |
| Machine and protocol access | Tenant admins and integration owners | Create, rotate, and revoke service credentials; manage trusted agent keys used by protocol-trust workflows. |
| Intent operations | Operators and operations leads | Review intent queues, evidence, deadlines, settlement state, and lifecycle exceptions. |
| Disputes | Operators, reviewers, legal, and support | Pause contested settlement, collect evidence, keep a case timeline, and record an outcome. |
| Settlement operations | Finance and operations teams | Manage approved settlement configuration, monitor payment-rail health, and investigate mismatches through audited workflows. |
| Signal investigations | Risk, operations, and compliance teams | Review operator standing, signed receipts, trends, fraud signals, release-gate posture, and portfolio exports. |
| Compliance and provenance | Compliance, audit, legal, external reviewers | Produce portable tenant-scoped records and verification material for assurance and regulatory review. |
| Support coordination | Customer admins and Paybond support | Use time-boxed, audited support access for approved operational help. |
| Continuity and recovery | Paybond operations, with customer coordination when needed | Protect platform records, rotate trust material, and restore or rebuild derived state without weakening tenant isolation. |
Admin console
The admin console is the main private workspace surface for Paybond customers. Depending on plan, entitlement, and role, teams use it to:
- sign in to an existing workspace
- review workspace health, onboarding status, and next actions
- configure SSO, SCIM, role mappings, and access controls where enabled
- manage billing posture, usage, invoices, and plan changes
- administer managed policy templates and tenant settlement settings
Public marketing pages remain separate from the private console. Tenant-scoped data is only available after authentication and role checks. For sign-in behavior, see Console sign-in and workspace access.
Machine and protocol access
Tenant admins can manage machine access for integrations without exposing broad workspace sessions. The supported workflows cover service-account API keys, short-lived Harbor access, and trusted agent keys for protocol-recognition flows.
This surface is for controlled credential lifecycle work:
- create credentials for automation and onboarding
- rotate or revoke credentials when ownership changes
- keep trusted external agent keys scoped to the tenant
- preserve inventory and history for review
Customer-managed credentials stay in the customer's control. Paybond-managed platform signing and session material is handled separately through Paybond operational processes.
Intent operations
Intent operations are the day-to-day work queue for teams running Paybond settlement. Operators can review intent status, submitted evidence, deadlines, settlement eligibility, timeline history, and items that need follow-up before money moves.
Operators do not edit settlement records directly. They route an intent through supported lifecycle actions such as evidence review, settlement confirmation, refund, dispute opening, or exception investigation, while Paybond keeps the tenant-scoped provenance record intact.
Disputes
When a funded or evidence-backed intent is contested, Paybond provides a dispute surface that pauses normal settlement and creates a case record for review. Operators can track the case timeline, collect evidence references, add internal notes, and move the matter toward resolution.
Common outcomes include:
- release of funds through Harbor
- refund to the payer through Harbor
- split or negotiated resolution recorded on the Gateway dispute case
- escalation to an external reviewer or arbitration process recorded on the Gateway dispute case
This allows a workspace to handle contested work without losing provenance or bypassing the normal settlement record.
Settlement operations
Settlement operations cover both configuration and ongoing exception handling. Tenant admins manage approved settlement routing through supported configuration workflows; operators and finance teams use settlement views to identify mismatches, delayed confirmations, webhook issues, and non-terminal outcomes.
For Stripe-backed workspaces, including Stripe Connect and Stripe ACH Direct Debit, Paybond exposes reconciliation and webhook health workflows so teams can compare Paybond settlement state with Stripe activity. For other enabled rails, such as x402 USDC on Base, the customer-facing surface is approved configuration and audited exception handling rather than direct provider-state editing.
The goal is controlled recovery and investigation, not ad hoc manual correction. Operators can identify exceptions, confirm whether Paybond and the payment rail agree on the current state, and route issues through an audited operational path.
Signal investigations
Signal investigations help teams understand operator standing and the evidence behind it. Depending on plan and role, the console and API expose:
- operator scorecards, signed receipts, and trend history
- review queues and explicit review events
- score-neutral fraud signals and release-gate posture
- tenant portfolio summaries and signed portfolio exports
- provenance views that connect standing changes back to settlement history
Signal is private to the tenant. It is not a public reputation feed, cross-tenant leaderboard, or shared marketplace ranking.
Compliance and provenance
Paybond can produce tenant-scoped audit bundles for internal review, external auditors, customer assurance, dispute handoffs, and regulatory requests. Each export is packaged so a reviewer can confirm that the bundle corresponds to the underlying Paybond settlement record at the time it was produced.
In practice, this surface is designed for:
- regulator-ready evidence requests
- third-party audit and compliance workflows
- customer assurance reviews that need portable records outside the live console
- offline checks of ledger continuity and exported artifacts
Downloads use purpose-built access controls rather than general console browsing, which helps keep audit material tightly scoped to the export being reviewed.
Support coordination
Paybond support access is explicit, time-boxed, and audited. It is intended for customer-approved operational help, such as investigating an export, dispute, settlement exception, or access issue. Support access does not change the tenant boundary: every read and write remains attributable and tenant-scoped.
Continuity, rotation, and recovery
Paybond separates customer-managed configuration from Paybond-managed platform security material. Customer admins manage business settings, service-account credentials, trusted agent keys, identity configuration, and settlement settings through supported product surfaces. Paybond manages the platform material used for sessions, signatures, receipts, exports, and external webhook verification.
Rotations are staged so active workflows can continue during key rollover. In practice, that means new signing material can come online before older material is fully retired, reducing disruption while preserving verifiability.
Signal continuity follows the same boundary. Signal standing and artifacts are derived from the settlement record rather than treated as a separate source of truth, so Paybond can recover derived state from the underlying record when needed. Customer-facing guarantees are:
- routine restarts do not double-count settlement history
- tenant-specific recovery is coordinated and scoped
- recovery work does not expose one tenant's data to another tenant
Paybond backs up the ledger-backed settlement system and the operational data needed to restore console, dispute, audit, and Signal surfaces. Recovery planning covers more than raw storage: it includes restore drills and tenant-boundary checks so the platform can be recovered in a controlled way.
Boundaries
The operational surfaces are deliberately constrained. Paybond does not expose:
- raw cross-tenant data access
- customer-run destructive rebuild controls
- unsupported record-editing tools outside the normal workflow
- direct payment-provider state edits outside supported settlement workflows
- public Signal reputation across tenants
- unaudited support access