Coming soon · EU-first · private beta

Your agent can spend. It cannot overspend.

Sign your spending rules once — with your fingerprint. From then on your AI agent pays by itself, and every single purchase is checked against your signed mandate before money moves. No approval fatigue. No card number in a prompt.

Signed mandateEnforced per purchaseProvable agent identityKill switch
AgentPaymentsSigned mandate
my-claude-agent
Per purchase
≤ €50.00
Daily cap
≤ €120.00
v3 ✓
signed with your fingerprint · enforced on every purchase
1
signature
to authorize forever
3
enforcement layers
before money moves
<2s
decision time
on every purchase
1
tap to freeze
everything
§ 01 — The problem

Agents can already buy things.
Safely is the hard part.

Hand an agent your card number and it can spend anything, anywhere, anytime — and you can't prove it was the agent.

Your card in a prompt

  • Unlimited spend — wrong amounts, wrong merchants, wrong timing
  • No proof whether the agent or a human paid
  • 3-D Secure challenges dead-end — no human at the keyboard
  • Card number sits in logs, context windows and screenshots

The AgentPayments mandate

  • Your rules travel with every purchase — limits, merchants, categories, hours
  • Every payment provably made by your agent — its own cryptographic identity
  • Enforced in real time, against your signed rules — not after the fact
  • Dispute-grade audit trail of every intent, approval and decline
§ 02 — The protocol

Signed once. Enforced always.

01

You sign the rules

Limits, merchants, categories, hours, countries — sealed with your biometrics as a legally binding authorization. Change them anytime; changes need your fingerprint again.

device key · secure enclave · never leaves your phone
02

Your agent asks to pay

At checkout, the agent authenticates with its own cryptographic key and receives one-time authority to pay — scoped to that purchase, that amount, that moment. Nothing more.

cryptographic identity · anti-replay · no key, no payment
03

We enforce in real time

As the payment happens, the real merchant and real amount — data no agent can fake — are matched against your signed consent in milliseconds. Then the authority evaporates.

real-time decision · < 2 s · frictionless
§ 03 — One purchase, start to finish

Every payment leaves an immutable trail.

Scroll through a single agent purchase — from signed intent to sealed audit entry. This is the record you could take to a dispute.

TX 8F3A · one purchase, start to finishlive replay
  1. 10:00:00.114intent_created€12.50 · glovo.com · signed by agent
  2. 10:00:00.371mandate_checkmandate v3 · within bounds
  3. 10:00:04.102live_decisionreal merchant · real amount → APPROVE · 41 ms
  4. 10:00:06.930authorized€12.50 · glovo.com
  5. 10:00:06.931authority_revokedthis approval can never be used again
  6. 10:00:06.932audit_sealedentry №48211 · immutable · tied to mandate v3
§ 04 — Enforcement

Your rules are checked three times before money moves.

Layer 1Intentbefore anything moves

Agent identity proven by signature. Amount, pace, and time window checked against your mandate. Fail = nothing happens at all.

AgentPayments
Layer 2In flightwhile the payment happens

Checked again in real time — against the real merchant and real amount reported by the payment network. Data no agent can fake.

AgentPayments
Layer 3The networkat authorization

Hard boundaries enforced at the payment-network level itself — they hold even if everything else were bypassed.

Licensed EU partners
§ 05 — The mandate

One signature.
Every boundary that matters.

Your consent profile is a signed document, not a settings page. Every future transaction is checked against it — first when the agent asks, again when the bank asks us.

  • Per-transaction, daily, weekly and monthly limits
  • Merchant whitelist & blacklist, categories, countries, active hours
  • Freeze everything instantly with the kill switch — one tap
Consent mandate · №003

Groceries & travel agent

1.Per transaction≤ €50.00
2.Daily cap≤ €120.00
3.Monthly cap≤ €900.00
4.Merchantswhitelist · 6
5.Active hours07:00–23:00 UTC
6.Kill switcharmed
M. Petrova
Signed · biometrics · device key · v3
§ 06 — For developers

Two functions.
Any agent framework.

  • can_pay — pre-flight check: will this purchase be approved? Plan before you spend.
  • get_checkout_fields — authorize and receive everything your agent needs to complete the purchase.
  • Ships as MCP tools, LangChain tool, and OpenAI function spec. Signing, nonces, and retries handled inside the SDK.
agent.pysdk v2
from agentpayments import AgentPaymentsClient client = AgentPaymentsClient(user_id="usr_4417", key_id="key_7f3a", private_key_path="~/.secrets/agent.pem") # plan… client.can_pay(amount=1250, currency="EUR", merchant="Glovo") # → { allowed: true, remaining_daily: 8750 } # …then pay fields = client.get_checkout_fields(amount=1250, currency="EUR", merchant="Glovo") # → one-time authority · exactly €12.50 · this purchase only # works on any checkout — web, mobile, in-app
§ 07 — In your pocket

Full visibility. Instant control.

Revoke in seconds

Every agent has its own key. Kill one key — or freeze the whole account — instantly from the app. Propagation takes seconds, not days.

Know the moment it happens

A push notification for every approval and every decline — with the reason, the merchant, and the rule that decided it.

Dispute-grade audit trail

Every intent, decision, and decline is logged immutably against your signed mandate. Cryptographic proof of exactly what you authorized — and what you didn't.

The payment rail for the agent economy.

We're launching soon, EU-first. Join the waitlist to get early access — and move up the queue for every friend you bring.

No spam — one email when your invite is ready. EU-first rollout; your country tells us where to launch next.
You're #—
of on the waitlist
Every friend who joins with your link moves you up the queue.
EU-first · EU-regulated · bank-grade rails
Works with Claude, ChatGPT, LangChain and any MCP-compatible agent.