Testing Spending Policies
This guide focuses on policy semantics: how rules, actions, and priorities combine, and how to prove it with a three-tier threshold test that approves, requires approval, or denies payments based on amount. For environment choices (agent sandbox vs testnet), counterparty and time-window scenarios, and production migration, see Testing Payments Safely.Prerequisites
A Conto account and organization
An active agent with a linked, funded wallet and an SDK key in
CONTO_API_KEY. The Quickstart walks through creating the wallet, connecting the agent, and generating the keyWhat You’ll Build
Step 1: Verify Your Setup
Before creating policies, confirm the agent is correctly configured:agent.statusis"ACTIVE"walletsarray is not empty
Step 2: Create Policies
Create two policies to test different enforcement behaviors.Policy A: Spend Limit
1
Create the policy
Go to Policies in the sidebar and click Create Policy.
- Name: “Manual Spend Test”
- Description: “Deny transactions over $15”
- Policy Type: SPEND_LIMIT
2
Add a rule
This allows transactions up to $15. Anything above is denied.
How rule actions work:
ALLOW+LTE $15means: “Allow transactions where the amount is ≤ $15”- Transactions that do NOT match the ALLOW condition are implicitly denied
DENY+GT $15achieves the same effect: “Deny transactions where amount > $15”REQUIRE_APPROVAL+GT $10means: “Require manual approval when amount > $10”
Policy B: Approval Threshold
1
Create the policy
- Name: “Manual Approval Test”
- Description: “Require approval for transactions over $10”
- Policy Type: APPROVAL_THRESHOLD
2
Add a rule
Transactions over $10 require manual approval in the dashboard before they can execute.
Step 3: Assign Policies to the Agent
1
Open agent detail page
Navigate to your agent’s detail page.
2
Go to the Permissions tab
Click the Permissions tab.
3
Assign both policies
Assign “Manual Spend Test” and “Manual Approval Test” to the agent. All assigned policies are evaluated with AND logic, the most restrictive rule wins.
GET /api/sdk/setup call from Step 1 to confirm policies now shows both assigned policies.
Step 4: Run Test Transactions
Usecurl or any HTTP client to test the three scenarios.
Test 1: $5 Payment (Expect: APPROVED)
Test 2: $12 Payment (Expect: REQUIRES_APPROVAL)
Test 3: $20 Payment (Expect: DENIED)
Step 5: Execute an Approved Payment
If Test 1 returnedAPPROVED, you can execute it onchain:
txHash and an explorer URL to verify onchain.
Using the SDK Instead of curl
The same three tests in TypeScript (conto.payments.request with amounts 5, 12, and 20) are shown in the Quickstart’s SDK step.
Editing Wallet Limits After Setup
If you need to change wallet spending limits after the initial setup:- Go to the agent detail page
- Open the Overview or Wallets tab
- Click the pencil icon next to the wallet
- Update per-transaction, daily, weekly, or monthly limits
- Click Save Changes
How Policy Evaluation Works
Conto evaluates wallet-level limits first, then policy rules with AND logic. The first DENY stops evaluation. Org-level policies stack with agent-level policies. See Policy Overview for the full reference.Troubleshooting
These accordions cover policy-semantics issues. For setup issues (lost SDK keys, unfunded wallets), see the Quickstart troubleshooting; for environment and scenario issues, see Testing Payments Safely.Payment denied but I expected REQUIRES_APPROVAL
Payment denied but I expected REQUIRES_APPROVAL
Multiple policies are evaluated with AND logic. If one policy denies while another would require approval, the denial takes priority. Check which policies are assigned in the Permissions tab.
Wrong policy is triggering
Wrong policy is triggering
Policies at the same priority level are all evaluated. If both an approval threshold (
>$10)
and a spend limit (>$15) match, DENY wins over REQUIRES_APPROVAL. Priority changes sort
order only; it does not override a failing rule.Organization policies are overriding my agent policies
Organization policies are overriding my agent policies
Org-level policies apply to all agents. If a Starter policy caps transactions at 100, the $25 cap wins. Check with your org admin.
Next Steps
Policy Types
Explore all available policy rule types
SDK Reference
Full SDK payment methods and options
Time Windows
Restrict payments to specific hours and days
Counterparties
Allowlist and blocklist recipient addresses