Payment mandates let AI agents handle 402 paywalled APIs
Tobias Pfuetze describes how AI agents break when hitting HTTP 402 Payment Required responses, and introduces a "payment mandate" system via the `@delegare/sdk` that lets agents transact within strict, user-defined spending constraints.
Score breakdown
Developers building agentic workflows or paid APIs can integrate `@delegare/sdk` to let agents autonomously handle paywalled endpoints without exposing credentials or requiring human approval for every transaction.
- 01AI agents silently fail when APIs return HTTP 402 Payment Required, as they cannot authorize or retry after payment.
- 02Three common workarounds — hardcoded API keys, pre-funded wallets, and human-approval gates — each have significant drawbacks around safety, efficiency, or automation.
- 03The proposed solution is a 'payment mandate': a user-approved, scoped token (SD-JWT-VC) with a spending cap, allowed merchants, and an expiration window.
AI agents are increasingly capable of reasoning and calling external APIs, but they lack any native mechanism to handle paywalled endpoints. When an agent hits an HTTP 402 Payment Required response, it cannot authorize a charge, cannot retry after payment, and the workflow simply halts. Tobias Pfuetze outlines three common but flawed workarounds: hardcoding API credentials (no per-agent spending limits, risky if the agent misbehaves), pre-funding a wallet for the agent to draw from (capital-inefficient, poor UX, no fine-grained per-action control), and requiring human approval for every payment (safe but breaks automation entirely).
The proposed solution is a new primitive called a **payment mandate**.
The proposed solution is a new primitive called a **payment mandate**. A user approves a mandate scoped to a specific spending limit, a set of allowed merchants or endpoints, and an expiration time. The agent then operates within that mandate: when it encounters a 402 response, the `@delegare/sdk` intercepts the challenge, checks the required price against the mandate's budget, signs the payment, and retries the original request — all transparently. From the agent's perspective, the API call simply succeeds. The SDK is initialized with a `merchantId` and `apiKey`, and a pre-authorized SD-JWT-VC token is passed to a `delegare.fetch()` call as a drop-in replacement for standard HTTP requests.
Pfuetze frames payment as a missing infrastructure layer in the current agent stack, particularly relevant for pay-per-use APIs, premium data access, and autonomous SaaS workflows. The project drew approximately 1,000 SDK downloads from developers experimenting with the approach before any formal launch. A sandbox environment and documentation are available at `sandbox.delegare.dev` and `docs.delegare.dev`, and the team is seeking feedback from developers working on paid APIs, agent workflows, and MCP/tool integrations.
Key facts
- 01AI agents silently fail when APIs return HTTP 402 Payment Required, as they cannot authorize or retry after payment.
- 02Three common workarounds — hardcoded API keys, pre-funded wallets, and human-approval gates — each have significant drawbacks around safety, efficiency, or automation.
- 03The proposed solution is a 'payment mandate': a user-approved, scoped token (SD-JWT-VC) with a spending cap, allowed merchants, and an expiration window.
- 04The `@delegare/sdk` intercepts 402 responses, executes the payment within mandate constraints, and retries the request automatically.
- 05