Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getovra.com/llms.txt

Use this file to discover all available pages before exploring further.

Ovra is the payment layer for AI agents. Issue virtual Visa cards, hold and move EUR, collect payments, and enforce spending policies through a single API and an MCP server. Card numbers never enter the model context, every transfer is policy-checked, and every event is auditable. We are EU-native, API-first, and built for developers shipping autonomous workflows that need to spend or earn money. Think Stripe for AI agents.
Sandbox-only today. Ovra is locked to sandbox mode through the entire pre-seed raise. Every feature in these docs runs end-to-end against simulated rails — real settlement (live mode) is on the v1.3+ roadmap.

The six pillars

Pay

Agents pay anyone for anything with scoped virtual cards. Two modes: MPP for machine-readable merchants, CUA for browser checkouts.

Cards

Virtual Visa cards, instantly. Multiple cards per agent, freeze and rotate in real time, AES-256-GCM at rest.

Accounts

EUR wallets with dedicated IBANs. Send, receive, hierarchical sub-wallets, full ledger.

Collect

Agent-native payment requests. Internal Ovra-to-Ovra is instant and free; external is SEPA with reference matching.

Control

Declarative spending policies plus a 5-signal risk engine. Enforced server-side — agents cannot bypass their own rules.

Intelligence

Spend analytics, anomaly detection, append-only audit trails, optional AI insight on every signal.

How a payment works

1

Declare an intent

The agent posts an intent: amount, merchant, purpose. Policy engine plus risk engine evaluate it. Result is approved, pending_approval, or denied.
2

Pick a payment mode

MPP if the merchant speaks Authorization: Payment (IETF draft-httpauth-payment-00). CUA if you need to fill a browser form. Both end on a transactions row with requireIntent enforced.
3

Settle and audit

Transaction completes, ledger entries write, webhooks fire (HMAC-signed, retried per plan tier), audit event lands in append-only audit_events.

Sacred invariants

These nine rules are non-negotiable across every surface:
  1. PAN and CVV never leave the server toward an agent’s context.
  2. requireIntent — no money moves without an approved intent.
  3. Strict agent isolation — at_* tokens see only their own agent’s data.
  4. Money-moving POSTs require an Idempotency-Key header.
  5. Every decision lands in decision_logs and audit_events (append-only, PG RULES enforced).
  6. All IDs from crypto.randomBytes, never Math.random.
  7. API keys SHA-256 hashed; every secret compare uses timingSafeEqual.
  8. Webhooks fail-closed in production, HMAC-signed, DNS-aware SSRF block.
  9. EU data residency — Postgres in EU, banking partner in Berlin, PostHog EU endpoint, X-Data-Residency: EU on every response.

What Ovra is not

Our regulated banking partner is a Berlin-licensed EMI. Ovra is a technology platform that orchestrates issuing, custody, and settlement through them.
Fiat-only. EUR-only through pre-Series A. No stablecoins, no on-chain settlement.
B2B and developer-stack only. No P2P, no consumer cards, no credit, no BNPL — debit and pre-funded wallets only.
API-first. The dashboard is responsive web; we will not ship native iOS or Android.
The agent framework drives the browser. Ovra supplies the tokenized credential — never the agent’s runtime.
Sandbox-only through the entire pre-seed phase. Live mode unlocks in v1.3+. We are honest about this everywhere.

Where to next

Quickstart

Five minutes from sign-up to first sandbox payment.

MCP setup

Connect the 19 MCP tools to Claude, Cursor, or any MCP client.

API reference

Every endpoint, every field, every error code.

Pricing

Free, Starter, Business, Enterprise — what you get on each tier.