Payment Policy Decision API: POST /api/agent-services/payment-policy/decide
Preflight an x402 payment before an autonomous agent signs it. Checks resource binding, method, scheme, network, asset, amount vs expected price, payTo, facilitator, timeout, replay and idempotency readiness, metadata leakage, buyer spend limits, allow-lists, and optional service-risk signals. Returns allow / deny / needs_review with evidence-backed findings and a redacted, log-safe record. Deterministic policy engine — loop it over every payment your agent makes.
Start with a quote-only recipe. Payment signing stays in your project.
const response = await fetch("https://hermesplant.com/api/agent-services/payment-policy/decide", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
"type": "http",
"method": "POST",
"bodyType": "json",
"bodyFieldNames": [
"amountUnits",
"asset",
"buyerPolicy",
"facilitatorUrl",
"maxTimeoutSeconds",
"method",
"network",
"payTo",
"resourceUrl",
"scheme",
"tags"
],
"pathParamNames": [],
"queryParamNames": []
}),
});
console.log(response.status);
console.log(Object.fromEntries(response.headers));
console.log((await response.text()).slice(0, 1000));
// A valid 402 is a quote, not a completed paid call.Review the provider input schema before running this non-read-only method. No payment code is included.
- Exact route checked
not safely testable · potentially-mutating-method:POST
- Origin unavailable
ERR_SSL_PACKET_LENGTH_TOO_LONG
- Observed in cdp-bazaar
The registry record was observed and retained with provenance.
EVIDENCE
Each record has an exact-route quote outcome. Unresolved templates and potentially mutating methods are labeled instead of being invoked without provider-specific test input. A quote is still separate from a settled paid call.