Skip to main content
The @mandate/sdk package gives your TypeScript agent a single method — fetchWithPayment — that transparently handles the full 402 payment flow: it checks the mandate policy, requests a cryptographic proof from Mandate, and retries the original request with the signed proof attached. You keep your business logic; the SDK handles the payment handshake.

Installation

KyaPaymentsClient

KyaPaymentsClient is the main entry point. Construct it once and reuse it across requests.

Constructor options

KyaPaymentsClientOptions
apiKey
string
required
Your Mandate API key. Keys that start with ky_sand_ activate sandbox mode.
baseUrl
string
Mandate API base URL. Defaults to https://api.kya.dev.

Instance properties


fetchWithPayment(url, options)

Makes an HTTP request to url, automatically handling a 402 payment challenge if the server requires payment.

Options

FetchWithPaymentOptions
agentId
string
required
The ID of the agent making the payment.
mandateId
string
required
The mandate that authorizes this payment.
method
string
HTTP method. Defaults to 'GET'.
headers
Record<string, string>
Additional request headers to include on both the initial and retried request.
body
string
Request body, forwarded on both the initial and retried request.

Returns

Promise<Response> — the final HTTP response from the target server.

Request flow

1

Initial request

Sends the request to url with a Content-Type: application/json header and any headers you supply.
2

Non-402 response

If the status is anything other than 402, returns the response immediately with no payment processing.
3

Parse the challenge

Reads and base64url-decodes the X-Payment-Challenge header. Throws PaymentChallengeError if the header is absent or malformed.
4

Evaluate policy

Calls POST /v1/policy/evaluate with the agent ID, mandate ID, merchant domain, amount, currency, and resource URL. Throws PolicyDeniedError if the decision is "denied", or PaymentFailedError if the HTTP call itself fails.
5

Request a payment proof

Calls POST /v1/payments/proof to obtain a signed PaymentProof. Throws PaymentFailedError if proof generation fails.
6

Retried request

Resends the original request with three additional headers: X-Payment-Proof, X-Kya-Agent-Id, and X-Kya-Mandate-Id.
7

Final response

Returns the server’s response. If the server still returns 402, throws PaymentFailedError with the server’s reason field.

Error classes

All error classes are exported from @mandate/sdk.

KyaError

Base class for all Mandate SDK errors. Extends the native Error.

PolicyDeniedError

Thrown when POST /v1/policy/evaluate returns decision: "denied". Extends KyaError with code: "policy_denied". Reason codes

PaymentFailedError

Thrown when payment processing itself fails — for example, if proof generation returns an error or the seller rejects the proof. Extends KyaError with code: "payment_failed".

PaymentChallengeError

Thrown when the X-Payment-Challenge header is missing or cannot be decoded. Extends KyaError with code: "challenge_parse_error".

Lower-level exports

These functions are exported for advanced use cases such as building custom payment flows or server-side challenge generation.

buildPaymentChallenge options

buildProof options


Full example