The Infrastructure Layer Every AI Agent Needs to Pay
AI agents can research, decide, and act. But the moment they need to spend money — everything breaks. OpenCard provides the unified authorization, governance, and protocol bridge that makes agent payments legal, auditable, and enterprise-ready. The core SDK is open-source and free. Forever.
MIT licence · TypeScript & Python · No credit card required · Deploy in 10 minutes
npm install @opencard/sdk|pip install opencardCore SDK is MIT-licensed and open-source on GitHub
MIT Licensed
Use it in any project, commercial or personal
Community-driven
Protocol updates, issues, and PRs welcome
Production-ready
W3C DID/VC, AP2-native, full mandate lifecycle
AI Agents Are Ready to Work. Payments Aren't Ready for Them.
Today's AI agents can browse the web, write code, orchestrate complex workflows, and make decisions that used to take a team of people. But the moment an agent needs to spend money, everything breaks down.
No Authorization Standard
"Who authorized this agent to spend?" — No cryptographic proof exists. No mandate chain. No non-repudiable evidence that the user gave permission.
Protocol Fragmentation
Five competing payment protocols launched in 12 months — AP2, MPP, ACP, x402, UCP. Each solves a different slice. None normalises them into a single governance-ready integration.
Enterprise Compliance Gap
FCA Consumer Duty. CMA DMCC enforcement. EU AI Act. Regulators are asking: "Show me the audit trail for every agent payment." Most enterprises have no answer.
One Integration. Every Protocol. Full Authorization, Governance, and Compliance.
OpenCard is the unified infrastructure layer for AI agent payments — open-source at the core, enterprise-grade at scale. Not a card issuer. Not a payment processor. The layer that authorizes, governs, and bridges agent payments into a single compliance-ready record.
Authorize
Open-SourceMandate-native, AP2-powered, W3C VC
The authorization engine is fully open-source. Inspect every line of mandate signing, VC issuance, and revocation logic. Audit it, fork it, contribute to it. The cryptographic foundation that makes agent payments legally defensible — available to every developer, free.
// npm install @opencard/sdk
const mandate = await OpenCard.createIntentMandate({
agent: "procurement-bot",
limit: 500,
category: "office-supplies"
})View source on GitHub →
Govern
Enterprise policy engine. FCA-grade audit trails.
Set granular spend policies per agent — merchant categories, geographic restrictions, time windows, counterparty whitelists. Monitor every transaction in real time. One-click suspension of all agent payment authorities.
opencard.killSwitch({
agentId: "procurement-bot",
reason: "policy-breach"
})Enterprise governance layer — hosted or self-hosted
Bridge
AP2 + MPP + ACP + x402 + Visa IC → one record
Five protocols. One OpenCard integration. OpenCard normalises mandate metadata, transaction records, and compliance signals across every agentic payment protocol into a single schema.
opencard.bridge({
protocol: "x402",
mandate: intentMandate,
session: mppSession
})Protocol bridge adaptors open-source on GitHub
Built in the Open. Trusted by Default.
Authorization infrastructure only works if you trust it completely. That's why the OpenCard SDK core is fully open-source — every mandate signing algorithm, every VC issuance flow, every protocol bridge adaptor. No black boxes. No vendor lock-in on the authorization layer.
Full Transparency
Every line of mandate lifecycle code is publicly auditable on GitHub. Security researchers, enterprises, and developers can inspect, verify, and independently validate exactly how OpenCard handles authorization. Trust built on code, not promises.
Community-Driven Protocol Support
When a new agentic payment protocol launches, the community can contribute bridge adaptors before OpenCard ships them officially. Protocol coverage compounds with the ecosystem — not just with our engineering team.
Self-Host or Cloud
The SDK core runs anywhere. Self-host the entire authorization layer in your own infrastructure — no data leaves your environment. Upgrade to OpenCard Cloud for managed governance dashboards, FCA compliance reporting, and enterprise SLAs.
The Infrastructure Analogy
Stripe unifies card payment execution across networks.OpenCard unifies authorization, governance, and compliance across agentic payment protocols.
Plaid doesn't own the banking rails — it normalises access to all of them.OpenCard doesn't own the payment protocols — it normalises authorization and governance across all of them.
OAuth 2.0 is the authorization standard every web API assumes is already in place.OpenCard is the authorization standard every agentic payment protocol assumes is already in place.
LangFuse gives you full observability over every LLM call.OpenCard gives you full observability, auditability, and governance over every agent payment.
Three Layers. One Integration. Everything Your Agents Need to Transact.
For Developers — Open-Source & Free
OpenCard SDK
“Open-source authorization infrastructure. Production-ready in 10 minutes.”
The AP2 reference implementation is incomplete. Every developer building agent payment flows hits the same W3C Verifiable Credential wall. OpenCard SDK is the open-source production solution — full mandate lifecycle management, cross-protocol bridging, and agent identity in a single TypeScript/Python package. MIT licensed. Free forever.
- Full W3C DID/VC lifecycle — open-source
- Mandate lifecycle API — open-source
- Cross-protocol bridge adaptors — open-source
- MCP and A2A server templates — open-source
- Full sandbox — open-source
- Enterprise governance dashboard — hosted/cloud
- FCA compliance reporting — cloud only
- Kill-switch API — cloud only
MIT licence · TypeScript & Python · github.com/oneopencard
# Install
npm install @opencard/sdk
# Or Python
pip install opencard
import { OpenCard } from '@opencard/sdk'
// Create an agent DID
const agent = await OpenCard.registerAgent({
name: 'procurement-bot'
})
// Issue a mandate
const mandate = await OpenCard.createIntentMandate({
agentDID: agent.did,
spendLimit: 500,
currency: 'GBP',
merchantCategory: ['office-supplies'],
})
// Verify before any transaction
const verified = await OpenCard.verifyMandate(mandate.id)From Zero to First Mandate in 10 Minutes
Install
npm install @opencard/sdk
TypeScript and Python. Works with Node.js, Deno, Bun, and all major agent frameworks.
Register your agent
const agent = await OpenCard.registerAgent({
name: 'procurement-bot',
owner: 'did:opencard:naveen-bhati'
})
// → did:opencard:procurement-bot-v2Create a mandate
const mandate = await OpenCard.createIntentMandate({
agentDID: agent.did,
spendLimit: 500,
currency: 'GBP',
merchantCategory: ['office-supplies', 'saas'],
validUntil: '2026-12-31'
})Bridge to any protocol
// Works with AP2, MPP, ACP, x402, Visa IC, Mastercard Agent Pay
const bridged = await OpenCard.bridge({
mandate: mandate.id,
targetProtocol: 'x402'
})Your agent is authorized to pay
Done. Your agent can now transact across any protocol.
Works With Every Agent Framework You Already Use
LangChain
npm install @opencard/langchainCrewAI
pip install opencard-crewaiOpenAI Agents SDK
npm install @opencard/openai-agentsClaude MCP
npm install @opencard/mcpAutoGen
pip install opencard-autogenLangGraph
npm install @opencard/langgraphDon't see your framework? Open a GitHub issue → — or contribute an adaptor.
What Gets Unlocked When Agents Can Actually Pay
Procurement Automation
A procurement agent monitors inventory, compares suppliers, and selects the best price. With OpenCard, it operates inside a cryptographic Intent Mandate — spend limit, merchant category, and counterparty all pre-approved.
Travel Booking
A travel agent finds the optimal flight and hotel, checks against corporate policy, and books it. The OpenCard mandate scopes it to approved merchants and budget. The card auto-cancels after use.
Media Buying
An ad-buying agent identifies high-performing placements and executes buys across multiple ad networks. OpenCard governs per-campaign spend limits, tracks total exposure, and generates the audit trail.
SaaS Provisioning
A SaaS provisioning agent spins up cloud infrastructure, buys API credits, and subscribes to tools. OpenCard meters the spend, enforces pre-approved vendor whitelists, and reports everything.
Multi-Agent Orchestration
An orchestrator agent delegates to a research agent, a data agent, and a writing agent. OpenCard splits payment across the chain, settles each agent's contribution, and produces one invoice.
Security & Incident Response
A security agent detects unusual account activity and instantly purchases additional monitoring or defense services within pre-approved emergency budgets. OpenCard ensures spending is limited to trusted vendors and logs the full authorization trail.
All Agentic Payment Protocols. One OpenCard Integration.
The agentic payment landscape is fragmenting fast. Five protocols launched in 12 months. Each solves a different layer. None of them solves authorization, governance, or cross-protocol compliance. OpenCard normalises all of them.
| Protocol | Backer | What It Does | OpenCard's Role |
|---|---|---|---|
| AP2 | Google + 60 partners | Authorization & trust mandates | Primary implementation backbone |
| ACP | OpenAI + Stripe | Agent checkout flows | Mandate annotation layer |
| MPP | Stripe + Paradigm | Session-based streaming payments | Session budget governance |
| x402 | Coinbase | HTTP-native stablecoin micropayments | Mandate-backed stablecoin auth |
| UCP | Google + Shopify | Discovery through fulfillment | Mandate scope extension |
| Visa IC | Visa | Agent-ready tokenisation | Bridge + token metadata |
| MC Agent Pay | Mastercard | Agent payment tokens | Bridge + compliance record |
→ New protocol? OpenCard adds support. You don't change your integration.
Built for Today. Designed for Where Agentic Commerce Is Going.
Vision 1 — Now Building
Authorization Foundation
AP2 SDK · W3C DID/VC issuance · Mandate lifecycle API · x402 bridge · Full sandbox
“Own the mandate standard before anyone else.”
Vision 2 — Month 9–18
Protocol Bridge
Full 5-protocol normalisation · Enterprise governance dashboard · FCA/CMA compliance module · ISO 20022 export
“One integration. Every protocol. One compliance record.”
Vision 3 — Month 18–36
Payment Infrastructure
FCA EMI licence · IBAN-backed agent wallets · Virtual Visa/Mastercard card issuance · Human-in-the-loop approval flows
“Every mandate-backed agent gets a payment card.”
Vision 4 — Month 36–60
Agentic Commerce Platform
Agent-to-agent settlement · Multi-agent orchestration billing · Revenue splits · Agent service marketplace · Cross-border stablecoin rails
“The operating system for the entire agentic economy.”
Want early access to each phase? Join the Waitlist →
Not Another Virtual Card API
| OpenCardOpen-Source Core | Ralio | Crossmint | Skyfire | |
|---|---|---|---|---|
| Open-Source SDK | ||||
| W3C Mandate Chain | ||||
| Multi-Protocol Bridge | Partial | Exec only | ||
| Enterprise Governance | ||||
| FCA / CMA Compliance | ||||
| Kill-Switch API | ||||
| UK / EU Regulatory | Partial | |||
| Self-Hostable | ||||
| Virtual Card Issuance |
The SDK is open-source and self-hostable. Enterprise governance is cloud-hosted with SLA guarantees. Others give agents a way to pay. OpenCard proves they were authorized to pay — and governs every transaction across every protocol.
The Agentic Economy Is Here. The Infrastructure Isn't.
Until now. And it's open-source.