AgentPay
Get started

Integration

Authentication

AgentPay uses API keys. You generate them from the dashboard; you pass them as a Bearer token on every request.

Keys

  • sk_test_… — operates against the Stripe Issuing test environment. No real money.
  • sk_live_… — operates in production. Real card charges.

Create keys at /api-keys. The full secret is shown on creation and never again; we only store a sha256 hash. Lost keys are revoked and replaced, not recovered.

Sending the key

curl https://agentpay-mvp.vercel.app/v1/cards \
  -H "Authorization: Bearer sk_test_..."

Include the Authorization header on every request. We don't accept keys in query strings.

Rate limits

1000 requests per hour per API key. Every response includes the current state:

RateLimit-Limit: 1000
RateLimit-Remaining: 987
RateLimit-Reset: 1714758000

Exceeded limits return 429 rate_limited. Back off and retry; the RateLimit-Reset value is a unix timestamp at which the window resets.

Idempotency

POSTs accept an optional Idempotency-Key header (any unique string under 200 chars). Retrying a request with the same key returns the original response rather than creating a duplicate card / holding the payment method twice.

curl -X POST https://agentpay-mvp.vercel.app/v1/cards \
  -H "Authorization: Bearer sk_test_..." \
  -H "Idempotency-Key: a1b2c3d4-..." \
  -d '{"amount_cents":2000,"agent_id":"claude-desktop"}'

Revocation

Click Revoke next to any key in /api-keys. Takes effect immediately. Subsequent requests return 401 unauthorized.