Virtual cards with real-time policy enforcement. Every transaction is approved, blocked, or escalated for human review — before money moves.
An agent initiates the payment. Shatale enforces policy, requests approval, and executes — all in seconds.
“Agents can pay — with control built in.”
That leaves engineering stuck between two bad options: give agents broad access to payment credentials, or keep humans in every transaction. Neither scales.
Team cards and stored credentials don't give agents bounded permissions or clear ownership. One rogue workflow touches the entire budget.
If policy runs after authorization, the money already moved. Agent payments need controls at the exact moment of approval — not as a reconciliation step.
Finance and compliance need to see what the agent attempted, what policy was checked, and who approved exceptions. Without this, autonomous payments can't go to production.
Shatale combines virtual card issuing, authorization-time policy enforcement, and human approval workflows — so AI agents can transact without bypassing finance controls.
Issue isolated virtual cards instead of reusing shared payment credentials. Each card is scoped to a specific agent, purpose, or customer account — nothing bleeds across.
Allow or block transactions by merchant, MCC, amount, geography, time window, and custom logic. Rules run at the authorization moment — zero latency, zero exceptions.
Out-of-policy requests can be routed to an approver with full context — merchant, amount, agent, and reason — instead of silently failing open or blocking everything.
Every payment attempt, policy decision, reviewer action, and final outcome is recorded immutably. Export to your data stack via webhooks or pull via API.
You decide what the agent is allowed to buy — by category, merchant, or spend amount. Anything outside those bounds is blocked before the charge happens, not discovered in a bank statement.
Deploy AI that pays on behalf of customers without taking on compliance risk yourself. Policy violations are caught at the authorization layer — not discovered in reconciliation at month end.
Shatale sits at the authorization layer. One API call per payment intent — same latency, no credential rotation, no per-authorization fee. The agent gets approved, escalated, or declined. Nothing else changes.
| Capability | Shatale | Othersgeneral payment infrastructure | Generic card issuing |
|---|---|---|---|
| Agent-scoped virtual cards | Per-agent, single-use, merchant-locked |
Virtual cards; not agent-scoped |
General cards, custom controls |
| Agent API and MCP | Native publisher API; MCP-ready |
General APIs; no agent MCP layer |
Not available |
| Delegated authorization flows | Delegate, approve, deny, confirm |
Issuing controls; approval UX is custom |
Not available |
| Agent policy engine | Merchants, MCCs, timing, risk rules |
Radar + Issuing; not agent-specific |
Custom webhook required |
| User-owned limit management | Users set daily, tx, MCC limits |
Platform-set controls, not user-managed |
Not native |
| Subscription management | Renewals, trials, pause per card |
Billing for merchants, not user control |
No policy context |
| Credential vault | Temp relay credentials; user revokes |
No credential vault for logins |
Not available |
| Publisher isolation | Hard boundaries: agents, cards, policies |
Connect accounts; agent isolation custom |
Custom implementation |
| Audit trail | Agent, policy, card, tx history |
Logs available; agent audit needs build |
No policy context |
| Emergency freeze | User freezes agent or publisher instantly |
Card controls; agent freeze needs build |
Manual process |
| Agent catalog | Verified library drives user discovery |
No marketplace; publishers drive traffic |
Not available |
| Monetization cockpit | Built-in MOR, billing, fraud, catalog |
Connect + Billing; AI MOR not turnkey |
Not available |
If you only need card issuance, general-purpose issuing may be enough. If you need AI agents to spend with bounded permissions and approval workflows, that's what Shatale is built for.
Let agents buy approved software or supplies within merchant and budget limits — without exposing a shared corporate card or requiring human approval on every purchase.
Give internal automation bounded purchasing power for cloud spend, API subscriptions, and tooling. Each agent operates within its own policy envelope.
Enable agent actions that require online payments on behalf of customers — with full auditability and customer-level approval controls baked into the flow.
Plug in a Skill in two clicks. No payment logic to write. Your agent gets instant, tested controls that run directly in the authorization path.
Block payments above any configured limit — per transaction, daily, or monthly. Runs before the card network approves.
limit: $500/day · window: dailyAllow or block entire merchant categories — gambling, airlines, subscriptions, or any 4-digit MCC list.
mode: block · MCCs: 7995 (gambling)Prevent spending when available balance drops below your threshold. Configurable floor per agent.
deny_if_below: $10.00Receive a webhook on every settled transaction — merchant name, amount, MCC, and card last4.
webhook_url: https://your-api.com/eventsCreate cards, attach policies, receive authorization events, handle approvals, and export decision logs through the Shatale API and Publisher SDK.
Provision and manage agent cards programmatically. Scoped to agent, workflow, or customer account.
Define spending rules in JSON — MCC allowlists, merchant patterns, amount limits, geo and time constraints.
Receive authorization events with full context before the transaction completes. Your policy logic, our enforcement.
Accept or deny escalated transactions programmatically or via the end-user console. Configurable timeouts.
Pull the full authorization lifecycle via REST or stream events to your data warehouse.
No signup needed. Install our MCP server, connect to Claude Desktop or Cursor, and ask your AI to create agents with spending controls.
Pick a scenario. The engine decides in real time — and when approval is needed, you're in control.
When you give an agent a card, the agent becomes the cardholder — it can spend anything, anywhere, with no user awareness. Shatale flips this: the user delegates to the agent within defined limits. The user gets real-time approve/deny notifications, pre-sets MCC restrictions and amount caps, and sees the full audit trail. The agent spends. The user stays in control. This is the difference between "hope the agent behaves" and "delegate with confidence."
No — that's the point. Shatale is a publisher API. You integrate in one sprint: API call to issue a delegated virtual card, policy attached, user consent captured. We handle the card issuing, compliance, KYB/KYC, fraud monitoring, and chargeback handling. Your team builds the UX. We handle the payments infrastructure.
Three layers of protection. First, the policy engine blocks anything outside the MCC whitelist or amount cap — before the transaction even processes. Second, transactions above a configurable threshold require real-time user approval (with a countdown timer). Third, full audit trail means you always know exactly which policy decision was made, why, and when. And any card or agent can be frozen instantly from the publisher dashboard or user console.
Yes — Shatale is global. We issue US commercial virtual cards (Visa/Mastercard) with global merchant acceptance. Publishers in any geography can integrate via API. EU deployment is also supported. We are not EU-only.
We are currently in early access — free for all publishers. Get access now, integrate, and start testing with real users at no cost. Pricing will be introduced later as we scale. Early partners lock in the most favorable terms.
It depends on you — a basic working integration can be done in minutes. We provide API docs, an SDK, and a publisher sandbox you can explore right now. Most publishers have a working prototype in hours and a production-ready integration in one sprint (1–2 weeks). The compliance pack (KYB docs, liability framework, integration checklist) is provided upfront so your legal team can review in parallel — no waiting on us.
Safer than alternatives. B2B2C users come through your platform — they're already verified, contextualized users, not cold-start consumers. The policy engine enforces MCC whitelists, amount caps, velocity limits, and time windows at authorization time — before money moves. We provide chargeback handling and fraud monitoring. Publishers set the risk parameters; Shatale enforces them on every transaction.
All of them. Shatale is model-agnostic and framework-agnostic. We have an MCP server (Model Context Protocol) for direct integration with Claude, GPT-4o, and other MCP-compatible agents. For other frameworks, the publisher API works with any agent that can make an HTTP call.
Still have questions? Talk to us →
We're working with a small group of design partners. If you're building AI agents that need online purchasing capability, we'd like to hear from you.
We'll be in touch within 48 hours.