PRODUCT · PAYMENTS

Enable agentic payments.

Create a payment session, let the customer authorize on a hosted, PCI-compliant UI, then pass the sessionId to a checkout task. Card data never passes through your backend.

Get API keyRead the docs
01Create sessionPOST /payment/session02Customer paysHosted UI: redirect or iframe03Use sessionIdPass it into a checkout task
POST /payment/session

Create a payment session.

Call it from your backend with the customer's email, the amount, and a purpose. You get back a hosted payment URL and a sessionId, plus the authorization that scopes the session.

  • Called server-side with your x-api-key
  • Returns a hosted url, a sessionId, and the authorization
  • Card data never passes through your backend
  • CartAI auto-selects Visa or Mastercard by card
Pass the sessionId to a checkout task once paid. See Checkouts →
curl https://api.cartai.ai/payment/session \
  -H "x-api-key: $CARTAI_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "customer@example.com",
    "price": "700",
    "purpose": "Purchase Agent"
  }'
HOSTED PAYMENT UI

Collect the card without PCI scope.

Hand the session URL to your frontend. Redirect the customer to it, or embed it in an iframe to keep them on your page. The card is entered and tokenized inside CartAI's hosted UI, so card data never touches your servers, DOM, or logs, and your backend stays out of PCI scope.

  • Redirect, or embed in an iframe with allow=payment
  • Card fields served from CartAI's PCI-compliant UI
  • No card data on your servers, DOM, or logs
  • Out of PCI scope for your backend
<!-- Keep the customer on your own page -->
<iframe
  src="SESSION_URL"
  width="480" height="640"
  allow="payment"
  style="border:none"
  title="CartAI Payment">
</iframe>
 
// set the src from the session response
frame.src = session.data.url
NETWORK SUPPORT

On the rails built for agents.

CartAI starts Visa Intelligent Commerce or Mastercard Agent Pay automatically, based on the customer's card.

Visa

Live

Visa Intelligent Commerce

Mastercard

Live

Mastercard Agent Pay

American Express

Coming soon
TEST PAYMENT

Test the flow before you go live.

In development, pass card details directly with the provider set to test, and use the sandbox card to simulate approval, decline, and retry. The test provider is disabled on production keys.

Never use real card details with the test provider.
Sandbox test card
4242 4242 4242 4242
EXP 12 / 34CVV 444
provider: "test" · disabled on production keys

Card payments, minus the PCI scope.

A hosted session in, a sessionId out. The agent pays, and a card number never lands in your systems.

Get API keySee Checkouts