Card Payments
Conto supports connecting existing payment cards to the policy engine, giving you spend limits, merchant controls, time windows, and MCC-based restrictions for agent card usage.Issuing new cards directly through Conto is not yet generally available. Today, you can connect any existing card manually and enforce policies through the SDK approve/confirm flow.
Connecting a Card
Register an existing card by providing its last 4 digits, brand, and spend limits. Card management routes currently use the signed-in dashboard session; they do not accept agent SDK keys. SetCONTO_DASHBOARD_COOKIE to the full Cookie header from a signed-in dashboard request.
Assigning Cards to Agents
After connecting a card, assign it to an agent with per-agent limits:Card State Management
Pause, resume, or cancel cards from the dashboard or API:Linking Policies to Cards
Beyond the per-agent field-based limits, you can link named policies to cards. This uses the samePolicy / PolicyRule framework as wallets and agents.
See Advanced Policies for value formats.
Policy Enforcement
Card payments are evaluated through two layers:Layer 1: Agent-Card Limits
Field-based limits set when assigning a card to an agent:- Per-transaction, daily, weekly, monthly spend limits
- Time windows (allowed days and hours)
- MCC category allow/block lists
- Merchant allow/block lists
Layer 2: Policy Rule Engine
Database-defined policies linked to the card or agent:- All standard rule types (velocity, geographic, approval thresholds)
- Card-specific MCC and merchant rules
- Priority-ordered evaluation with AND logic
SDK Approve/Confirm Flow
Agents use the approve/confirm pattern before charging a connected card:1
Request Approval
Agent calls
POST /api/sdk/cards/approve before charging the card.2
Receive Approval
Conto evaluates both policy layers and returns an approval token (valid 5 minutes).
3
Charge the Card
Agent processes the card charge through its own payment integration.
4
Confirm Payment
Agent calls You can also include
POST /api/sdk/cards/{requestId}/confirm with the transaction reference.merchantDetails if the card processor returns the settled merchant
name, MCC, or location after authorization.API Reference
Card Alert Types
Card transactions are monitored for anomalies after each confirmed payment. These alerts are created automatically:Card alerts require sufficient transaction history for statistical detection.
CARD_SPEND_VELOCITY needs at least 5 days of history and 10 prior transactions. CARD_LARGE_TX needs at least 10 prior transactions.Next Steps
Card Management Guide
Dashboard walkthrough for managing cards
Advanced Policies
Card-specific policy rule types
Standard Payments
Stablecoin payment flow
Spend Limits
Configure spending controls