Customers · use cases

Where “approved” must mean provably approved.

PBI is adopted where irreversible actions create real liability: treasury, governance, admin control planes, deploy approvals, and legal/ownership actions. These examples are written to be procurement-friendly and implementation-ready.

Enterprise onboarding Developer hub API docs Demo

Fast pilots

Start with 1 endpoint. Prove ROI. Expand coverage.

Evidence receipts

Store receiptHash and action context for audit and disputes.

Strict guarantees

UP+UV occurred for a single-use, time-bounded challenge bound to actionHash.

Keep existing auth

PBI hardens actions without replacing SSO/OAuth/JWT.

Best first wins

Start where blast radius is highest

pilot

•Treasury / payouts

•Role changes / key rotation

•Deploy approvals / config

•Governance actions

•Legal / ownership actions

Rollout:
1) pick 1 irreversible endpoint
2) actionHash + challenge
3) UP+UV verify
4) store receiptHash
5) expand coverage

Open tool →

Case studies

Representative deployments

Written to map cleanly to engineering + security review concerns.

Treasury approvals for money-out

Finance / Payments

Problem

Approvals were inferred from sessions and admin logs, creating dispute ambiguity and replay risk.

Solution

Presence-gated payout execution: actionHash bound to challenge, UP+UV required, receiptHash stored for audit mapping.

Result

Irreversible payouts become provable approvals with durable evidence references.

First endpoint

POST /payout/execute (gated by PBI_VERIFIED)

Admin control plane for role changes

Enterprise SaaS

Problem

Privileged role grants and key rotations had large blast radius when sessions were compromised or delegated.

Solution

Presence-gate admin actions (grant role, rotate key) with single-use challenges and receipt logging.

Result

Privileged changes become intentional ceremonies, not side effects of access.

First endpoint

POST /admin/grant-role (gated by PBI_VERIFIED)

Deploy approvals and production config

Infrastructure / DevOps

Problem

Deploy and config toggles were executed under broad permissions without action-level proof of presence.

Solution

Bind deploy intent to actionHash and require UP+UV for release actions; store receipts for incident review.

Result

Production changes become dispute-ready approvals with cryptographic evidence.

First endpoint

POST /deploy/approve (gated by PBI_VERIFIED)

Vertical fit

Where PBI is typically approved fastest

These teams already understand the liability of session-based approvals.

Finance & custodians

Money movement, settlement, withdrawals, treasury approvals.

Enterprise SaaS

Admin control planes, privileged changes, key rotations.

Infrastructure

Deploy approvals, config flags, incident actions.

Government / regulated

Evidence-heavy operations, chain-of-custody, audit trails.

Legal workflows

Ownership and signature-like approvals with dispute-ready evidence.

AI oversight

Human-in-the-loop approvals where presence must be provable.

Next step

Pick the one action you can’t afford to dispute.

We’ll scope a pilot that hardens it with presence verification and receipts. Once it works there, expanding coverage is straightforward.

Enterprise onboarding →Security →Trust Center →Developers →