Get Your First Agent Payment in 5 Minutes

TL;DR

• 5 steps: create publisher account → grab API key → issue a virtual card → set a policy → run a sandbox transaction.
• All sandbox; no real funds. Production credentials swap in with one config change.
• Total time on a working keyboard: 5 minutes.

To put your first AI agent payment through Shatale's sandbox, you'll move through five steps using the Publisher API: create an account, generate a sandbox API key, define a spending policy, issue a virtual card to an agent, and run a test authorization. Every step below is a single API call; full curl examples are inline.

Step 1: Create a publisher account

Sign up at https://admin.shatale.com. You'll get access to the Publisher dashboard — the home for agent management, virtual cards, policies, and integration health.

Verify your email, then enable 2FA. (You'll need 2FA before you can issue production credentials.)

Step 2: Grab a sandbox API key

In the dashboard, go to Settings → API Keys → New sandbox key. The key starts with sk_sandbox_ — anything starting with sk_live_ is production. Don't mix.

Copy the key into an environment variable so you don't paste it into curl history:

export SHATALE_KEY="sk_sandbox_..."

Step 3: Define a spending policy

Policies are the rule set every transaction is evaluated against. Use a template to start:

curl -X POST https://api.shatale.com/v1/policies \
  -H "Authorization: Bearer $SHATALE_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Travel agent policy",
    "rules": {
      "max_per_transaction": 50000,
      "max_per_day": 200000,
      "allowed_mccs": ["3000-3299", "7011", "4511"],
      "blocked_mccs": ["7995", "6051"],
      "geo_allow": ["US", "CA", "GB", "FR", "DE"],
      "business_hours_only": false
    }
  }'

Amounts in cents. The response includes a policy_id you'll attach to the agent in Step 4.

Other templates available out of the box:

• General Permissive — $1,000/tx, $5,000/day, no MCC restrictions.
• SaaS Only — software MCCs only, $500/tx.
• Locked Down — $10 approval threshold, EU-only, business hours.

Step 4: Create an agent and issue a virtual card

Two calls, no state to manage between them:

# Create agent
curl -X POST https://api.shatale.com/v1/agents \
  -H "Authorization: Bearer $SHATALE_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "TravelBot v1",
    "description": "Books flights and hotels within budget",
    "policy_id": "pol_..."
  }'
# → returns agent_id

# Issue card
curl -X POST https://api.shatale.com/v1/cards/issue \
  -H "Authorization: Bearer $SHATALE_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agt_..."}'
# → returns card_id and PAN/CVV/expiry (sandbox only — production cards return tokens, not raw PAN)

Step 5: Run a sandbox transaction

Use the simulated authorization endpoint to fire a transaction without involving the network:

curl -X POST https://api.shatale.com/v1/sandbox/auth \
  -H "Authorization: Bearer $SHATALE_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "card_id": "crd_...",
    "amount": 4999,
    "currency": "USD",
    "merchant": {
      "name": "Test Airline",
      "mcc": "3001",
      "country": "US"
    }
  }'

A successful response includes authorized: true, the policy version evaluated, and the ledger hold ID. A declined response includes a reason code and a human-readable explanation.

What you'll see in the dashboard

After the sandbox auth, the Publisher dashboard updates within a second:

• The agent's transaction history shows the new authorization.
• The ledger shows a debit/credit pair tagged with agent_id, policy_id, and merchant.
• The webhook log shows the auth.created event delivered (or queued).

What's next?

Once the sandbox flow is working:

• Set up webhooks so your application reacts to auth events in real time. See How to Inspect Webhooks for Agent Payment Integrations.
• Configure user enrollment — the consent flow where end-users delegate budget to the agent.
• Run the full pre-launch checklist before flipping to live. See Sandbox Testing for AI Agent Payments.
• Swap to production credentials. One env var change. Production cards return tokens, not raw PAN.

FAQ

Are sandbox transactions free?

Yes. Sandbox runs on a separate environment with simulated authorization and no funds movement. No fees, no rate limits worth worrying about.

Can I test decline scenarios?

Yes. Sandbox auth has a simulate_decline parameter and amount-based triggers (e.g. amounts ending in 0001 always trigger an MCC block). The full list is in the API reference.

How do I move to production?

Generate a production API key (requires 2FA), confirm the policy + cards have been smoke-tested in sandbox, and swap the env var. Production cards return tokenized PAN-via-handle (not raw PAN) and authorize against the real network.

What if the agent has no end-user yet?

You can run the full sandbox flow against a synthetic delegation. In production, real delegations require the user-consent enrollment flow — without it, transactions decline at auth time.

Where do I get help if something breaks?

Email support@shatale.com. For developer-specific issues, the Publisher Developer Portal has the integration health dashboard and webhook inspector.

Related reading

• How to Build a Payment-Enabled AI Agent With MCP and Shatale — full end-to-end build
• How to Inspect Webhooks for Agent Payment Integrations — webhook setup + debugging
• Sandbox Testing for AI Agent Payments — pre-launch validation checklist

External references

• Shatale Publisher API reference — full endpoint docs
• EMVCo 3D Secure 2.x — authentication used in production

---

By Ted L. Last updated 2026-04-29.