Product / Controls

Constrain spend.
Export evidence.

AP2 mandates set cryptographic spend budgets for each agent. Policies apply routing rules across the account. Every decision produces a deny code or an evidence bundle.

Create mandate Mandate reference

AP2 mandates

Agent spending authority

A mandate is a user-signed authorization granting an agent permission to spend on their behalf — within defined constraints. Budget, categories, and expiry are cryptographically enforced.

max_amount_usd

Hard spending ceiling. Exceeded → MANDATE_BUDGET_EXCEEDED.

allowed_categories

Whitelist of spend categories. Others → MANDATE_CATEGORY_DENIED.

valid_until

ISO 8601 expiry. Past → MANDATE_EXPIRED immediately.

agent_did

The specific agent DID this mandate grants. Non-matching agent → MANDATE_NOT_FOUND.

Create mandate

curl -X POST https://p402.io/api/a2a/mandates \
  -H "Authorization: Bearer $P402_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "payment",
    "user_did": "did:key:z6Mk...",
    "agent_did": "did:p402:agent_01...",
    "constraints": {
      "max_amount_usd": 50.00,
      "allowed_categories": [
        "llm-inference",
        "data-retrieval"
      ],
      "valid_until": "2025-02-01T00:00:00Z"
    }
  }'

# Response:
{
  "id": "mnd_01HX...",
  "status": "active",
  "amount_spent_usd": 0,
  "constraints": { ... }
}

Create policy

curl -X POST https://p402.io/api/v2/governance/policies \
  -H "Authorization: Bearer $P402_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production limits",
    "max_spend_usd": 500,
    "allowed_models": [
      "gemini-2.0-flash",
      "gpt-4o-mini",
      "deepseek-v3"
    ],
    "enforce": true
  }'

Policies

Account-level routing rules

Policies apply to all routing decisions in the account. They run before mandate checks — if a policy denies a request, the mandate is never evaluated.

Evaluation order

1. Policy spend limit check

2. Policy allowed_models check

3. Mandate budget check

4. Mandate category check

5. Mandate signature check

6. Route to provider

Deny codes

Full deny code list

MANDATE_NOT_FOUNDMandate ID does not exist in this account.

MANDATE_INACTIVEMandate status is exhausted, expired, or revoked.

MANDATE_EXPIREDvalid_until timestamp has passed.

MANDATE_BUDGET_EXCEEDEDamount_spent_usd + requested > max_amount_usd.

MANDATE_CATEGORY_DENIEDRequested category not in allowed_categories.

MANDATE_SIGNATURE_INVALIDMandate signature does not match public_key.

POLICY_SPEND_LIMITRequest would exceed policy max_spend_usd.

POLICY_MODEL_DENIEDRequested model not in policy allowed_models.

All deny responses include a requestId. Denied requests are visible in the Audit log with the reason code attached.

Integration audit

Evidence for risk review

Run an integration audit from the dashboard or API. The audit checks your x402 implementation against known failure patterns and exports a signed evidence bundle for compliance review.

Integration correctness checks

Security rule validation

Mandate and policy consistency

Export as JSON evidence bundle

Findings table with severity rubric

Run audit Trust Center

Evidence bundle fields

requestId

tenantId

payer + payTo

asset + amount + chainId

txHash

receiptId, mandateId, policyId

denyCode (if rejected)

timestamps per event

trace events summary

audit findings summary

Constrain spend.Export evidence.

Agent spending authority

Account-level routing rules

Full deny code list

Evidence for risk review

Constrain spend.
Export evidence.