Responsibility split
| Component | Who provides it | Notes |
|---|---|---|
| Browser / page | You or your agent runtime | e.g. local Playwright, Browserbase, or any Chromium exposing the DevTools HTTP JSON API |
| Checkout UI | Merchant | e.g. Stripe, Shopify, Adyen—their hosted checkout pages, not Ovra infrastructure |
| Card credentials | Ovra | Resolved only server-side when a fill token is redeemed |
| Fill or proxy execution | Ovra API | After POST /checkout/token; not by MCP/WebSocket from the agent into Ovra to “remote control” the browser |
Flow A: Browser — token → fill
- Intent is
approvedand includesexpectedMerchant(required to mint a token). POST /checkout/tokenwith{ intentId }returns a short-lived, single-use opaque token bound to that merchant domain.POST /checkout/fillwith{ token, cdpBaseUrl }— for examplecdpBaseUrl: "http://localhost:9333"(Chrome DevTools HTTP JSON API; do not pass aws://URL ascdpBaseUrlin this payload).- Ovra validates the token, resolves the card internally, fills PAN/expiry/CVC in the page, and completes booking when the fill succeeds.
intentId and the opaque token. It never receives PAN/CVV. Ovra does not require the agent to open a WebSocket to Ovra; during fill, the API talks to your browser’s DevTools endpoint.
Flow B: API — token → proxy
- Same
POST /checkout/tokenstep. POST /checkout/proxywith{ token, request }.requestincludesurl, optionalmethod,headers, andbody. Placeholders in strings or JSON (e.g.{{PAN}},{{CVC}},{{EXP_MONTH}},{{EXP_YEAR}},{{EXP_SHORT}},{{HOLDER}},{{LAST4}}) are replaced server-side; the response is returned without exposing raw card data to the caller.
SDK
@ovra/pay is the recommended browser integration: it obtains credentials and performs fill inside page.evaluate() so card data stays out of agent-visible JS scope.
Cost / hosting
- Browser: your infrastructure cost (local or a hosted browser provider such as Browserbase).
- Fill / proxy: Ovra API-side work; no separate “CDP session” product from the agent’s perspective.