Skip to main content
The @mandate/sdk package gives your AI agent everything it needs to call payment-gated APIs without storing credentials or managing payment state. You provide an agent ID and mandate ID; Mandate handles the challenge–proof–retry flow transparently. If the policy denies the transaction, you get a typed error with a machine-readable reason code.

Install the SDK

Initialize the client

The client exposes a sandbox boolean that is true when your API key starts with ky_sand_. You can use this to gate behavior in your agent:

Make a paid API call

Pass the target URL and your agent and mandate identifiers to fetchWithPayment. The method, extra headers, and body are all optional.
Each fetchWithPayment call may charge the mandate if the policy approves it. Make sure the agent ID and mandate ID you supply are correct before calling paid endpoints.

What happens under the hood

You do not need to implement any of this — fetchWithPayment handles it for you. Understanding the flow helps with debugging:
  1. The SDK makes an initial request to the target URL without any payment headers.
  2. If the endpoint returns 200, the response is returned immediately — the endpoint is free.
  3. If the endpoint returns 402, the SDK parses the payment challenge from the X-Payment-Challenge header.
  4. The SDK calls POST /v1/policy/evaluate on the Mandate API with your agent ID, mandate ID, merchant domain, amount, and currency. If the policy denies the transaction, PolicyDeniedError is thrown immediately and no payment is made.
  5. If the policy approves, the SDK calls POST /v1/payments/proof to obtain a signed payment proof.
  6. The SDK retries the original request with the X-Payment-Proof header attached.
  7. If the retry returns another 402, PaymentFailedError is thrown.
Your agent never stores or manages payment credentials at any point in this flow.
Call POST /v1/verify-agent before making an actual paid request to run a pre-flight policy check. It runs the same checks as the policy engine but does not create a transaction or charge the mandate — useful for surfacing configuration problems early.

Error handling

All SDK errors extend KyaError. Catch the specific subclasses to handle different failure modes:

PolicyDeniedError reason codes

Environment variables

You can also pass apiKey and baseUrl directly to the KyaPaymentsClient constructor if you prefer not to use environment variables.