Docs
Lexicon review
A community-review package explaining why the ATM lexicons exist, what is deliberately private, and what feedback is most useful.
Compatible with the closed-beta ATM app APIs and versioned ATM event headers. Check atm-api-version on every webhook or XRPC receiver event.
Review goals
The lexicons should be small, durable, and interoperable. ATM-owned lexicons cover payment-facing profile, catalog refs, app links, and app/service methods. They should not duplicate attested.network or publish private processor state.
Community reviewPre-publication
ATM-owned namespaces
| money.atmosphere.actor.* | Payment-facing ATM profile and public profile reads. |
|---|---|
| money.atmosphere.product | Portable public identity for what is sold. |
| money.atmosphere.price | Amount, currency, cadence, and custom amount configuration. |
| money.atmosphere.discount | Public discount/offer terms. |
| money.atmosphere.discountCode | Customer-facing discount code record and restrictions. |
| money.atmosphere.catalog.* | App-facing private fulfillment link registration. |
| money.atmosphere.payment.* | ATM-specific proof registration, subscriptions, and app-facing payment methods. |
What stays off protocol
- Stripe or processor account ids.
- Customer emails, addresses, phone numbers, buyer messages, and attendee answers.
- Webhook URLs, signing secrets, service-auth replay state, and delivery logs.
- Checkout sessions, payment method details, fraud/risk data, and KYC requirements.
- Ticket QR secrets, scan tokens, exact private capacity counters, and check-in logs.
attested.network compatibility
ATM must not extend network.attested.*. Strict attested.network routes accept the fields defined by those lexicons. ATM-specific checkout/session data belongs inside the broker-defined product token or ATM-owned lexicons.
Open questions
- Are Product and Price separated cleanly enough for other apps and brokers?
- Are discounts and discount codes sufficiently generic without leaking redemption counters?
- Should ticket public offers remain under tickets.atmosphere instead of money.atmosphere?
- Are app/user service-auth assertion patterns worth publishing as a shared schema later?
- Are any public fields likely to become privacy footguns at scale?
Publication checklist
- Post ATM and Tickets lexicons for community review.
- Resolve namespace/DNS TXT records.
- Publish only ATM-owned NSIDs from the correct namespace owner.
- Do not publish mirrored network.attested.* from ATM.
- Regenerate generated lexicon types after final schema changes.
- Update docs examples and API reference after schema feedback.