@mandate/sdk package gives your AI agent everything it needs to call payment-gated APIs without storing credentials or managing payment state. You provide an agent ID and mandate ID; Mandate handles the challenge–proof–retry flow transparently. If the policy denies the transaction, you get a typed error with a machine-readable reason code.
Install the SDK
Initialize the client
sandbox boolean that is true when your API key starts with ky_sand_. You can use this to gate behavior in your agent:
Make a paid API call
Pass the target URL and your agent and mandate identifiers tofetchWithPayment. The method, extra headers, and body are all optional.
What happens under the hood
You do not need to implement any of this —fetchWithPayment handles it for you. Understanding the flow helps with debugging:
- The SDK makes an initial request to the target URL without any payment headers.
- If the endpoint returns 200, the response is returned immediately — the endpoint is free.
- If the endpoint returns 402, the SDK parses the payment challenge from the
X-Payment-Challengeheader. - The SDK calls
POST /v1/policy/evaluateon the Mandate API with your agent ID, mandate ID, merchant domain, amount, and currency. If the policy denies the transaction,PolicyDeniedErroris thrown immediately and no payment is made. - If the policy approves, the SDK calls
POST /v1/payments/proofto obtain a signed payment proof. - The SDK retries the original request with the
X-Payment-Proofheader attached. - If the retry returns another 402,
PaymentFailedErroris thrown.
Error handling
All SDK errors extendKyaError. Catch the specific subclasses to handle different failure modes:
PolicyDeniedError reason codes
Environment variables
You can also pass
apiKey and baseUrl directly to the KyaPaymentsClient constructor if you prefer not to use environment variables.
