Virtual cards with real-time policy enforcement. Every transaction is approved, blocked, or escalated for human review — before money moves.
An agent initiates the payment. Shatale enforces policy, requests approval, and executes — all in seconds.
"Agents can pay — with control built in."
That leaves engineering stuck between two bad options: give agents broad access to payment credentials, or keep humans in every transaction. Neither scales.
01
Team cards and stored credentials don't give agents bounded permissions or clear ownership. One rogue workflow touches the entire budget.
02
If policy runs after authorization, the money already moved. Agent payments need controls at the exact moment of approval — not as a reconciliation step.
03
Finance and compliance need to see what the agent attempted, what policy was checked, and who approved exceptions. Without this, autonomous payments can't go to production.
Shatale combines virtual card issuing, authorization-time policy enforcement, and human approval workflows — so AI agents can transact without bypassing finance controls.
Issue isolated virtual cards instead of reusing shared payment credentials. Each card is scoped to a specific agent, purpose, or customer account — nothing bleeds across.
Allow or block transactions by merchant, MCC, amount, geography, time window, and custom logic. Rules run at the authorization moment — zero latency, zero exceptions.
Out-of-policy requests can be routed to an approver with full context — merchant, amount, agent, and reason — instead of silently failing open or blocking everything.
Every payment attempt, policy decision, reviewer action, and final outcome is recorded immutably. Export to your data stack via webhooks or pull via API.
You decide what the agent is allowed to buy — by category, merchant, or spend amount. Anything outside those bounds is blocked before the charge happens, not discovered in a bank statement.
Deploy AI that pays on behalf of customers without taking on compliance risk yourself. Policy violations are caught at the authorization layer — not discovered in reconciliation at month end.
Shatale sits at the authorization layer. One API call per payment intent — same latency, no credential rotation, no per-authorization fee. The agent gets approved, escalated, or declined. Nothing else changes.
| Capability | Shatale | Agent card tools (card-first approach) |
Generic card issuing |
|---|---|---|---|
| Virtual card issuance | Built in | Built in | Built in |
| Publisher API (embed in your SaaS) | Full publisher integration | No publisher layer | Not available |
| User delegation (user → agent) | User controls what agent can spend | Agent is the cardholder | Not available |
| Real-time user approve/deny | Push notification + countdown | Not available | Not native |
| Authorization-time policy engine | MCC / merchant / amount / time | Basic limits only | Custom webhook required |
| Multi-tenant publisher isolation | Each publisher fully isolated | Shared rail | Custom implementation |
| Full authorization audit trail | Policy trace on every decision | Transaction logs only | No policy context |
| Emergency freeze | Any card or agent, instantly | Card-level only | Manual process |
| Global deployment | US commercial · global reach | Geography varies | Varies by provider |
If you only need card issuance, general-purpose issuing may be enough. If you need AI agents to spend with bounded permissions and approval workflows, that's what Shatale is built for.
Let agents buy approved software or supplies within merchant and budget limits — without exposing a shared corporate card or requiring human approval on every purchase.
Give internal automation bounded purchasing power for cloud spend, API subscriptions, and tooling. Each agent operates within its own policy envelope.
Enable agent actions that require online payments on behalf of customers — with full auditability and customer-level approval controls baked into the flow.
Create cards, attach policies, receive authorization events, handle approvals, and export decision logs through the Shatale API and Publisher SDK.
Provision and manage agent cards programmatically. Scoped to agent, workflow, or customer account.
Define spending rules in JSON — MCC allowlists, merchant patterns, amount limits, geo and time constraints.
Receive authorization events with full context before the transaction completes. Your policy logic, our enforcement.
Accept or deny escalated transactions programmatically or via the end-user console. Configurable timeouts.
Pull the full authorization lifecycle via REST or stream events to your data warehouse.
Pick a scenario. The engine decides in real time — and when approval is needed, you're in control.
Simulated · No real transactions · All data is fictional
When you give an agent a card, the agent becomes the cardholder — it can spend anything, anywhere, with no user awareness. Shatale flips this: the user delegates to the agent within defined limits. The user gets real-time approve/deny notifications, pre-sets MCC restrictions and amount caps, and sees the full audit trail. The agent spends. The user stays in control. This is the difference between "hope the agent behaves" and "delegate with confidence."
No — that's the point. Shatale is a publisher API. You integrate in one sprint: API call to issue a delegated virtual card, policy attached, user consent captured. We handle the card issuing, compliance, KYB/KYC, fraud monitoring, and chargeback handling. Your team builds the UX. We handle the payments infrastructure.
Three layers of protection. First, the policy engine blocks anything outside the MCC whitelist or amount cap — before the transaction even processes. Second, transactions above a configurable threshold require real-time user approval (with a countdown timer). Third, full audit trail means you always know exactly which policy decision was made, why, and when. And any card or agent can be frozen instantly from the publisher dashboard or user console.
Yes — Shatale is global. We issue US commercial virtual cards (Visa/Mastercard) with global merchant acceptance. Publishers in any geography can integrate via API. EU deployment is also supported. We are not EU-only.
Shatale monetizes through interchange on card transactions (we share the merchant processing fee that's standard on all card payments) plus a platform fee for publishers. For your end users, Shatale is embedded in your product — they don't pay Shatale directly. Contact us for pricing.
Most publishers complete a working integration in one sprint (1–2 weeks). We provide API docs, an SDK, and a publisher sandbox. The compliance pack (KYB docs, liability framework, integration checklist) is provided upfront so your legal team can review in parallel.
Safer than alternatives. B2B2C users come through your platform — they're already verified, contextualized users, not cold-start consumers. The policy engine enforces MCC whitelists, amount caps, velocity limits, and time windows at authorization time — before money moves. We provide chargeback handling and fraud monitoring. Publishers set the risk parameters; Shatale enforces them on every transaction.
All of them. Shatale is model-agnostic and framework-agnostic. We have an MCP server (Model Context Protocol) for direct integration with Claude, GPT-4o, and other MCP-compatible agents. For other frameworks, the publisher API works with any agent that can make an HTTP call.
Still have questions? Talk to us →
We're working with a small group of design partners. If you're building AI agents that need online purchasing capability, we'd like to hear from you.