# Ovra > European payment infrastructure for AI agents. ## Docs - [Get access event by ID](https://docs.getovra.com/api-reference/access-events/get-access-event-by-id.md) - [List access events](https://docs.getovra.com/api-reference/access-events/list-access-events.md) - [Request card access (evaluates policy and returns grant/deny decision)](https://docs.getovra.com/api-reference/access-events/request-card-access-evaluates-policy-and-returns-grantdeny-decision.md) - [Create agent token (API key holders only)](https://docs.getovra.com/api-reference/agent-tokens/create-agent-token-api-key-holders-only.md) - [List all tokens for the current owner (across all agents)](https://docs.getovra.com/api-reference/agent-tokens/list-all-tokens-for-the-current-owner-across-all-agents.md) - [List tokens for an agent](https://docs.getovra.com/api-reference/agent-tokens/list-tokens-for-an-agent.md) - [Revoke agent token](https://docs.getovra.com/api-reference/agent-tokens/revoke-agent-token.md) - [Create agent (auto-creates virtual card and policy)](https://docs.getovra.com/api-reference/agents/create-agent-auto-creates-virtual-card-and-policy.md) - [Delete agent (cascades to card, policy, tokens)](https://docs.getovra.com/api-reference/agents/delete-agent-cascades-to-card-policy-tokens.md) - [Freeze agent (also freezes card)](https://docs.getovra.com/api-reference/agents/freeze-agent-also-freezes-card.md) - [Fund agent card (adds to wallet balance)](https://docs.getovra.com/api-reference/agents/fund-agent-card-adds-to-wallet-balance.md) - [Get agent by ID](https://docs.getovra.com/api-reference/agents/get-agent-by-id.md) - [Get agent wallet balance and IBAN](https://docs.getovra.com/api-reference/agents/get-agent-wallet-balance-and-iban.md) - [List agents](https://docs.getovra.com/api-reference/agents/list-agents.md) - [Unfreeze agent (also unfreezes card)](https://docs.getovra.com/api-reference/agents/unfreeze-agent-also-unfreezes-card.md) - [Update agent](https://docs.getovra.com/api-reference/agents/update-agent.md) - [Assign agents/cards to a cost allocation](https://docs.getovra.com/api-reference/analytics/assign-agentscards-to-a-cost-allocation.md) - [Cost breakdown per agent](https://docs.getovra.com/api-reference/analytics/cost-breakdown-per-agent.md) - [Create cost allocation](https://docs.getovra.com/api-reference/analytics/create-cost-allocation.md) - [Cross-agent analytics summary](https://docs.getovra.com/api-reference/analytics/cross-agent-analytics-summary.md) - [Delete allocation](https://docs.getovra.com/api-reference/analytics/delete-allocation.md) - [Generate aggregated spend report PDF](https://docs.getovra.com/api-reference/analytics/generate-aggregated-spend-report-pdf.md) - [Get anomaly explanation (LLM-generated)](https://docs.getovra.com/api-reference/analytics/get-anomaly-explanation-llm-generated.md) - [List cost allocations (cost-center mappings)](https://docs.getovra.com/api-reference/analytics/list-cost-allocations-cost-center-mappings.md) - [List spending anomalies](https://docs.getovra.com/api-reference/analytics/list-spending-anomalies.md) - [MCC-category breakdown](https://docs.getovra.com/api-reference/analytics/mcc-category-breakdown.md) - [Spend forecast (next period projection)](https://docs.getovra.com/api-reference/analytics/spend-forecast-next-period-projection.md) - [Spend trend series](https://docs.getovra.com/api-reference/analytics/spend-trend-series.md) - [Top-spend merchants over a period](https://docs.getovra.com/api-reference/analytics/top-spend-merchants-over-a-period.md) - [Update allocation](https://docs.getovra.com/api-reference/analytics/update-allocation.md) - [Update anomaly state (mark resolved / dismissed)](https://docs.getovra.com/api-reference/analytics/update-anomaly-state-mark-resolved-dismissed.md) - [Export audit log (CSV / JSON)](https://docs.getovra.com/api-reference/audit/export-audit-log-csv-json.md) - [Manually purge audit entries past retention (dashboard only)](https://docs.getovra.com/api-reference/audit/manually-purge-audit-entries-past-retention-dashboard-only.md) - [Search audit log entries](https://docs.getovra.com/api-reference/audit/search-audit-log-entries.md) - [Create beneficiary](https://docs.getovra.com/api-reference/beneficiaries/create-beneficiary.md) - [Delete beneficiary](https://docs.getovra.com/api-reference/beneficiaries/delete-beneficiary.md) - [Get beneficiary](https://docs.getovra.com/api-reference/beneficiaries/get-beneficiary.md) - [List beneficiaries (also reachable as `/vendors`)](https://docs.getovra.com/api-reference/beneficiaries/list-beneficiaries-also-reachable-as-`vendors`.md) - [Batch overage collection (dashboard / cron only)](https://docs.getovra.com/api-reference/billing/batch-overage-collection-dashboard-cron-only.md) - [Charge an overage amount via the saved payment method](https://docs.getovra.com/api-reference/billing/charge-an-overage-amount-via-the-saved-payment-method.md) - [Create Stripe Checkout Session for plan upgrade or top-up](https://docs.getovra.com/api-reference/billing/create-stripe-checkout-session-for-plan-upgrade-or-top-up.md) - [Create Stripe Customer Portal session](https://docs.getovra.com/api-reference/billing/create-stripe-customer-portal-session.md) - [Create Stripe setup session for a payment method](https://docs.getovra.com/api-reference/billing/create-stripe-setup-session-for-a-payment-method.md): Create a setup session to save a payment method (card or SEPA). - [Fund wallet via saved payment method](https://docs.getovra.com/api-reference/billing/fund-wallet-via-saved-payment-method.md): Fund wallet instantly via saved payment method. - [Get saved payment method status](https://docs.getovra.com/api-reference/billing/get-saved-payment-method-status.md) - [Get SEPA bank transfer details](https://docs.getovra.com/api-reference/billing/get-sepa-bank-transfer-details.md): Get SEPA bank transfer details for manual funding. - [Get wallet balance and payment method flag](https://docs.getovra.com/api-reference/billing/get-wallet-balance-and-payment-method-flag.md) - [Apply a signed mandate JWT (after passkey ceremony)](https://docs.getovra.com/api-reference/canvas/apply-a-signed-mandate-jwt-after-passkey-ceremony.md): Frontend gets a mandate JWT from the `propose_policy_change` tool result, runs the PasskeyTouch ceremony, then POSTs the signed JWT here. Replay-safe — duplicate applies collapse to the original mutation. - [Aria conversational chat (NDJSON event stream)](https://docs.getovra.com/api-reference/canvas/aria-conversational-chat-ndjson-event-stream.md): Streams an NDJSON event sequence (one JSON object per line) representing Aria's reasoning, tool calls, and tool results for a single user turn. Each event is `{ type: "text" | "tool_call" | "tool_result" | "error" | "done", ... }`. Auth: dashboard secret + X-Owner-Id, or a forwarded Bearer key that… - [Right-pane workspace snapshot](https://docs.getovra.com/api-reference/canvas/right-pane-workspace-snapshot.md): Read-only snapshot used by the Aria right-pane: customer + wallet summary, agents, cards, policies, and last 30 transactions for the authenticated owner. - [Get card-level controls (allowed merchants / countries / MCC)](https://docs.getovra.com/api-reference/card-controls/get-card-level-controls-allowed-merchants-countries-mcc.md) - [Reference list of supported countries](https://docs.getovra.com/api-reference/card-controls/reference-list-of-supported-countries.md) - [Reference list of supported currencies](https://docs.getovra.com/api-reference/card-controls/reference-list-of-supported-currencies.md) - [Update card-level controls](https://docs.getovra.com/api-reference/card-controls/update-card-level-controls.md) - [Approve a card-limit-change request](https://docs.getovra.com/api-reference/card-requests/approve-a-card-limit-change-request.md) - [Approve a pending card-request](https://docs.getovra.com/api-reference/card-requests/approve-a-pending-card-request.md) - [Cancel a pending card-limit-request](https://docs.getovra.com/api-reference/card-requests/cancel-a-pending-card-limit-request.md) - [Cancel a pending card-request](https://docs.getovra.com/api-reference/card-requests/cancel-a-pending-card-request.md) - [Get card-limit-request detail](https://docs.getovra.com/api-reference/card-requests/get-card-limit-request-detail.md) - [Get card-request detail](https://docs.getovra.com/api-reference/card-requests/get-card-request-detail.md) - [List card-issuance requests](https://docs.getovra.com/api-reference/card-requests/list-card-issuance-requests.md) - [List card-limit-change requests](https://docs.getovra.com/api-reference/card-requests/list-card-limit-change-requests.md) - [Reject a card-limit-change request](https://docs.getovra.com/api-reference/card-requests/reject-a-card-limit-change-request.md) - [Reject a pending card-request](https://docs.getovra.com/api-reference/card-requests/reject-a-pending-card-request.md) - [Submit a card-issuance request (cardholder workflow)](https://docs.getovra.com/api-reference/card-requests/submit-a-card-issuance-request-cardholder-workflow.md) - [Submit a card-limit-change request](https://docs.getovra.com/api-reference/card-requests/submit-a-card-limit-change-request.md) - [Activate a card after physical receipt or first auth](https://docs.getovra.com/api-reference/cards/activate-a-card-after-physical-receipt-or-first-auth.md) - [Batch fetch metadata for several card ids](https://docs.getovra.com/api-reference/cards/batch-fetch-metadata-for-several-card-ids.md) - [Close (terminate) a single card](https://docs.getovra.com/api-reference/cards/close-terminate-a-single-card.md) - [Freeze a single card](https://docs.getovra.com/api-reference/cards/freeze-a-single-card.md) - [Freeze card](https://docs.getovra.com/api-reference/cards/freeze-card.md) - [Get effective policy summary with spend stats for a card](https://docs.getovra.com/api-reference/cards/get-effective-policy-summary-with-spend-stats-for-a-card.md) - [Get sensitive card data (PAN, CVC). Agent tokens must provide intentId.](https://docs.getovra.com/api-reference/cards/get-sensitive-card-data-pan-cvc-agent-tokens-must-provide-intentid.md) - [Initiate payout from card account back to wallet](https://docs.getovra.com/api-reference/cards/initiate-payout-from-card-account-back-to-wallet.md) - [Instant card with sandbox PAN fallback for MPP demo](https://docs.getovra.com/api-reference/cards/instant-card-with-sandbox-pan-fallback-for-mpp-demo.md): API-key only. Returns full PAN/CVV inline for sandbox demos. - [Instantly issue a virtual card (mock PAN)](https://docs.getovra.com/api-reference/cards/instantly-issue-a-virtual-card-mock-pan.md): Sandbox/MPP path that bypasses the issuer for fast iteration — returns a tokenized fallback PAN. For production use prefer `POST /cards/agent/{agentId}` (full issuer flow). - [Issue additional card for an agent](https://docs.getovra.com/api-reference/cards/issue-additional-card-for-an-agent.md) - [List all cards across all agents](https://docs.getovra.com/api-reference/cards/list-all-cards-across-all-agents.md) - [List cards for an agent](https://docs.getovra.com/api-reference/cards/list-cards-for-an-agent.md) - [Permanently close card](https://docs.getovra.com/api-reference/cards/permanently-close-card.md) - [Retrieve PIN reveal token (sensitive — API key only, rate-limited)](https://docs.getovra.com/api-reference/cards/retrieve-pin-reveal-token-sensitive-—-api-key-only-rate-limited.md): API-key only. Returns a one-shot PIN reveal token — agent tokens cannot access this endpoint. Rate limited to 3 req/min. - [Rotate card (close old, issue new with same limits)](https://docs.getovra.com/api-reference/cards/rotate-card-close-old-issue-new-with-same-limits.md) - [Unfreeze a single card](https://docs.getovra.com/api-reference/cards/unfreeze-a-single-card.md) - [Unfreeze card](https://docs.getovra.com/api-reference/cards/unfreeze-card.md) - [Update card display label](https://docs.getovra.com/api-reference/cards/update-card-display-label.md) - [Update card spend limits](https://docs.getovra.com/api-reference/cards/update-card-spend-limits.md): Update transaction / daily / monthly spend limits for a single card. Replaces the legacy `PATCH /cards/{cardId}/spend-limit` endpoint. - [Confirm checkout after external payment form](https://docs.getovra.com/api-reference/checkout/confirm-checkout-after-external-payment-form.md): Mark intent as completed after payment form is filled externally. - [Execute checkout (deduct balance, create transaction)](https://docs.getovra.com/api-reference/checkout/execute-checkout-deduct-balance-create-transaction.md) - [Cancel an unpaid payment request](https://docs.getovra.com/api-reference/claim/cancel-an-unpaid-payment-request.md) - [Create a payment request (Collect)](https://docs.getovra.com/api-reference/claim/create-a-payment-request-collect.md): Pass `counterpartyOwnerId` for an internal Ovra→Ovra request. Omit it for a public request that produces a payer-page link. - [Get payment request detail](https://docs.getovra.com/api-reference/claim/get-payment-request-detail.md) - [List payment requests](https://docs.getovra.com/api-reference/claim/list-payment-requests.md) - [Public payer page for an outbound payment request](https://docs.getovra.com/api-reference/claim/public-payer-page-for-an-outbound-payment-request.md): Public — no authentication required. - [Settle a payment request (internal Ovra→Ovra)](https://docs.getovra.com/api-reference/claim/settle-a-payment-request-internal-ovra→ovra.md): Atomic wallet→wallet debit + credit + ledger + transfer row. - [Confirm CLI pairing from the dashboard (auth required)](https://docs.getovra.com/api-reference/cli-auth/confirm-cli-pairing-from-the-dashboard-auth-required.md) - [Get current CLI session info](https://docs.getovra.com/api-reference/cli-auth/get-current-cli-session-info.md) - [Poll for pairing completion](https://docs.getovra.com/api-reference/cli-auth/poll-for-pairing-completion.md) - [Start CLI browser-pairing flow](https://docs.getovra.com/api-reference/cli-auth/start-cli-browser-pairing-flow.md): Public — used by the Ovra CLI to begin a sign-in handshake. - [Cancel a pending payment request](https://docs.getovra.com/api-reference/collect/cancel-a-pending-payment-request.md) - [Charge an agent's wallet for a Collect run](https://docs.getovra.com/api-reference/collect/charge-an-agents-wallet-for-a-collect-run.md): Server-to-server charge initiated by an agent run. Body shape mirrors the runtime charge schema (amount, recipient, run/idempotency metadata). Idempotent via `Idempotency-Key`. - [Create a payment request (Collect)](https://docs.getovra.com/api-reference/collect/create-a-payment-request-collect.md): Mints a `pr_*` payment request that can be settled internally (counterparty wallet) or via SEPA inbound credit. Returns a SEPA reference (ISO 11649) for external settlement. Aliased as `POST /claim/requests`. - [Get a payment request](https://docs.getovra.com/api-reference/collect/get-a-payment-request.md) - [Get a Verifiable Collect Receipt](https://docs.getovra.com/api-reference/collect/get-a-verifiable-collect-receipt.md) - [Get receipt as application/ld+json](https://docs.getovra.com/api-reference/collect/get-receipt-as-applicationld+json.md): Returns the W3C Verifiable Credential JSON-LD form, signed by the Ovra issuer (see `/.well-known/vi-issuer-jwks`). - [List payment requests](https://docs.getovra.com/api-reference/collect/list-payment-requests.md) - [List Verifiable Collect Receipts](https://docs.getovra.com/api-reference/collect/list-verifiable-collect-receipts.md) - [Mint a one-shot payment token](https://docs.getovra.com/api-reference/collect/mint-a-one-shot-payment-token.md): Issues an opaque `PaymentToken` scheme credential bound to (agent, amount, currency, recipient). Used by agent-side flows that need a single-use, server-verifiable bearer token without exposing card data. - [Public agent Collect endpoint (HTTP 402 surface)](https://docs.getovra.com/api-reference/collect/public-agent-collect-endpoint-http-402-surface.md): Public per-agent endpoint that emits an HTTP 402 challenge when an agent has the Collect profile enabled. Lets external agents discover and settle directly without an Ovra API key. - [Public demo settle (rate-limited, no auth)](https://docs.getovra.com/api-reference/collect/public-demo-settle-rate-limited-no-auth.md): Public endpoint used by the hosted payer page to settle a sandbox PR without any credentials. Hard rate-limited per IP. Production-disabled unless `DEMO_ENABLED=true`. - [Public payer-page payload (no auth)](https://docs.getovra.com/api-reference/collect/public-payer-page-payload-no-auth.md): Returns the sanitized payment-request payload used by the payer-facing page. No credentials required; safe to expose to anyone with the link. - [Refund a settled inbound payment](https://docs.getovra.com/api-reference/collect/refund-a-settled-inbound-payment.md): Inverse of inbound reconciliation. Debits the destination wallet by the original amount, writes the reverse ledger entry, marks `refunded_at`. Refund-of-a-refund is rejected. - [Sandbox — simulate an inbound SEPA credit](https://docs.getovra.com/api-reference/collect/sandbox-—-simulate-an-inbound-sepa-credit.md): Sandbox/demo only. Fires the same `reconcileInboundCredit` pipeline a real `/incoming/inbound-settlement` webhook would. 404 in production unless `DEMO_ENABLED=true`. - [Settle an internal payment request from a source wallet](https://docs.getovra.com/api-reference/collect/settle-an-internal-payment-request-from-a-source-wallet.md): Caller is the counterparty. Debits `sourceWalletId`, credits the destination wallet, drives PR to `paid`, issues a Verifiable Collect Receipt (JSON-LD VC). Internal-only — external PRs settle via inbound SEPA reconciler. - [Get a single credential grant](https://docs.getovra.com/api-reference/credentials/get-a-single-credential-grant.md) - [Get credential by id](https://docs.getovra.com/api-reference/credentials/get-credential-by-id.md) - [Grant credential issuance scope for an approved intent](https://docs.getovra.com/api-reference/credentials/grant-credential-issuance-scope-for-an-approved-intent.md) - [Issue a credential against a grant](https://docs.getovra.com/api-reference/credentials/issue-a-credential-against-a-grant.md) - [List credential grants (approved scopes for issuing credentials)](https://docs.getovra.com/api-reference/credentials/list-credential-grants-approved-scopes-for-issuing-credentials.md) - [List credentials (one-shot card credentials)](https://docs.getovra.com/api-reference/credentials/list-credentials-one-shot-card-credentials.md) - [Redeem a credential — returns plaintext card data ONCE (one-shot)](https://docs.getovra.com/api-reference/credentials/redeem-a-credential-—-returns-plaintext-card-data-once-one-shot.md): ONE-SHOT. Returns DPAN + cryptogram for the bound merchant. Subsequent redeems return 410 Gone. Sensitive endpoint (3 req/min rate limit). - [Revoke a credential or grant](https://docs.getovra.com/api-reference/credentials/revoke-a-credential-or-grant.md) - [Mint a single-use autofill token](https://docs.getovra.com/api-reference/cua/mint-a-single-use-autofill-token.md): Mints aft_* token (30s TTL, single-use) bound to (intent, card, merchant_origin, amount_cents_max). The CUA harness later redeems via X-CUA-Harness-Secret to fetch the decrypted DPAN + cryptogram for CDP Input.insertText form-fill. The LLM never sees card data. - [Redeem autofill token (harness-only, single-use)](https://docs.getovra.com/api-reference/cua/redeem-autofill-token-harness-only-single-use.md): ONE-SHOT. Returns DPAN + cryptogram. Replays return 410. Requires X-CUA-Harness-Secret header — held by the CUA harness process, never by the LLM. - [Check KYC verification status](https://docs.getovra.com/api-reference/customers/check-kyc-verification-status.md) - [Create customer](https://docs.getovra.com/api-reference/customers/create-customer.md) - [Get current customer (auto-creates if needed)](https://docs.getovra.com/api-reference/customers/get-current-customer-auto-creates-if-needed.md) - [Get customer by ID](https://docs.getovra.com/api-reference/customers/get-customer-by-id.md) - [Get customer wallet balance and IBAN](https://docs.getovra.com/api-reference/customers/get-customer-wallet-balance-and-iban.md) - [Inherit KYC from another customer (dashboard-only org bootstrap)](https://docs.getovra.com/api-reference/customers/inherit-kyc-from-another-customer-dashboard-only-org-bootstrap.md): Dashboard secret only — used during org provisioning. - [Org member-seat limit + current usage for the active plan](https://docs.getovra.com/api-reference/customers/org-member-seat-limit-+-current-usage-for-the-active-plan.md) - [Submit KYC verification](https://docs.getovra.com/api-reference/customers/submit-kyc-verification.md) - [Update customer](https://docs.getovra.com/api-reference/customers/update-customer.md) - [Create a delegation (per-token spend cap)](https://docs.getovra.com/api-reference/delegations/create-a-delegation-per-token-spend-cap.md) - [Get delegation detail](https://docs.getovra.com/api-reference/delegations/get-delegation-detail.md) - [List delegations (also reachable as `/authorizations`)](https://docs.getovra.com/api-reference/delegations/list-delegations-also-reachable-as-`authorizations`.md) - [Redeem a delegation token (public — proof-of-knowledge)](https://docs.getovra.com/api-reference/delegations/redeem-a-delegation-token-public-—-proof-of-knowledge.md): Public endpoint — no auth required. The delegation id and an accompanying secret prove the redeemer is authorized. - [Revoke delegation](https://docs.getovra.com/api-reference/delegations/revoke-delegation.md) - [Create dispute for a transaction](https://docs.getovra.com/api-reference/disputes/create-dispute-for-a-transaction.md) - [Get dispute by ID](https://docs.getovra.com/api-reference/disputes/get-dispute-by-id.md) - [List disputes](https://docs.getovra.com/api-reference/disputes/list-disputes.md) - [List evidence for a dispute](https://docs.getovra.com/api-reference/disputes/list-evidence-for-a-dispute.md) - [Resolve or reject a dispute](https://docs.getovra.com/api-reference/disputes/resolve-or-reject-a-dispute.md) - [Submit evidence for a dispute](https://docs.getovra.com/api-reference/disputes/submit-evidence-for-a-dispute.md) - [Attach evidence to an intent](https://docs.getovra.com/api-reference/evidence/attach-evidence-to-an-intent.md) - [List evidence for an intent](https://docs.getovra.com/api-reference/evidence/list-evidence-for-an-intent.md) - [Forecast daily spend (p10/p50/p90)](https://docs.getovra.com/api-reference/forecast/forecast-daily-spend-p10p50p90.md): Returns p10/p50/p90 daily forecast over the requested window for either a single agent or every agent owned by the caller. Each agent reports its own breach state against policy daily/monthly limits. Operator-only — agent tokens are rejected with 403. - [Top up a wallet (manual / sandbox simulate)](https://docs.getovra.com/api-reference/fund/top-up-a-wallet-manual-sandbox-simulate.md): Adds balance to the customer wallet. In sandbox mode set `simulate: true` for instant credit without an external charge. - [Delete all personal data (DSGVO Art. 17 — right to erasure)](https://docs.getovra.com/api-reference/gdpr/delete-all-personal-data-dsgvo-art-17-—-right-to-erasure.md) - [Export all personal data (DSGVO Art. 15)](https://docs.getovra.com/api-reference/gdpr/export-all-personal-data-dsgvo-art-15.md) - [Get consent status](https://docs.getovra.com/api-reference/gdpr/get-consent-status.md) - [Update consent preferences](https://docs.getovra.com/api-reference/gdpr/update-consent-preferences.md) - [API information](https://docs.getovra.com/api-reference/health/api-information.md) - [Health check](https://docs.getovra.com/api-reference/health/health-check.md) - [Approve a pending intent (API key holders only)](https://docs.getovra.com/api-reference/intents/approve-a-pending-intent-api-key-holders-only.md) - [Cancel an intent (cannot cancel completed intents)](https://docs.getovra.com/api-reference/intents/cancel-an-intent-cannot-cancel-completed-intents.md) - [Create spending intent (auto-evaluates policy)](https://docs.getovra.com/api-reference/intents/create-spending-intent-auto-evaluates-policy.md) - [Deny a pending intent](https://docs.getovra.com/api-reference/intents/deny-a-pending-intent.md) - [Get intent by ID](https://docs.getovra.com/api-reference/intents/get-intent-by-id.md) - [List intents](https://docs.getovra.com/api-reference/intents/list-intents.md) - [Verify intent — compare actual vs expected amount/merchant](https://docs.getovra.com/api-reference/intents/verify-intent-—-compare-actual-vs-expected-amountmerchant.md) - [Create API key](https://docs.getovra.com/api-reference/keys/create-api-key.md) - [List API keys for the current owner](https://docs.getovra.com/api-reference/keys/list-api-keys-for-the-current-owner.md) - [Revoke API key](https://docs.getovra.com/api-reference/keys/revoke-api-key.md) - [Create KYC submission](https://docs.getovra.com/api-reference/kyc/create-kyc-submission.md) - [Get current KYC submission status](https://docs.getovra.com/api-reference/kyc/get-current-kyc-submission-status.md) - [Submit KYC for final review](https://docs.getovra.com/api-reference/kyc/submit-kyc-for-final-review.md) - [Trigger identity-document verification](https://docs.getovra.com/api-reference/kyc/trigger-identity-document-verification.md) - [Update KYC submission](https://docs.getovra.com/api-reference/kyc/update-kyc-submission.md) - [Aggregate ledger balance summary](https://docs.getovra.com/api-reference/ledger/aggregate-ledger-balance-summary.md) - [Query the double-entry ledger](https://docs.getovra.com/api-reference/ledger/query-the-double-entry-ledger.md) - [Issue WebAuthn challenge for a new mandate](https://docs.getovra.com/api-reference/mandates/issue-webauthn-challenge-for-a-new-mandate.md): Returns assertion options bound to (`agent_id`, `constraints`, `expires_at`). Requires the owner to have at least one enrolled passkey. - [List active payment mandates](https://docs.getovra.com/api-reference/mandates/list-active-payment-mandates.md) - [Mint a payment mandate after passkey ceremony](https://docs.getovra.com/api-reference/mandates/mint-a-payment-mandate-after-passkey-ceremony.md): Verifies the WebAuthn assertion (bound to (agent, constraints, expires_at) via `/options`), inserts an `active` mandate row, fires audit event. - [Revoke a payment mandate](https://docs.getovra.com/api-reference/mandates/revoke-a-payment-mandate.md) - [Submit a merchant onboarding application](https://docs.getovra.com/api-reference/merchant-applications/submit-a-merchant-onboarding-application.md): Gated by `X-Dashboard-Secret`. Idempotent on `email` — repeat submissions UPSERT non-null fields. Used by the landing page form on getovra.com. - [Create a merchant (one-shot mer_sk_* reveal)](https://docs.getovra.com/api-reference/merchants-registry/create-a-merchant-one-shot-mer_sk_*-reveal.md): Invite-code-gated onboarding. Returns merchant_secret_key once; subsequent reads never expose the key or its hash. JWK is validated as RSA-OAEP-256 + A256GCM only. - [Get merchant detail (without key hash)](https://docs.getovra.com/api-reference/merchants-registry/get-merchant-detail-without-key-hash.md) - [List merchants](https://docs.getovra.com/api-reference/merchants-registry/list-merchants.md) - [List all MCC codes, optionally filtered by category or risk](https://docs.getovra.com/api-reference/merchants/list-all-mcc-codes-optionally-filtered-by-category-or-risk.md) - [Look up MCC code details](https://docs.getovra.com/api-reference/merchants/look-up-mcc-code-details.md) - [Resolve merchant name to MCC code and metadata](https://docs.getovra.com/api-reference/merchants/resolve-merchant-name-to-mcc-code-and-metadata.md) - [Suggest MCC allowlist for a given purpose](https://docs.getovra.com/api-reference/merchants/suggest-mcc-allowlist-for-a-given-purpose.md) - [Add an MPP merchant protection rule (allowlist / denylist)](https://docs.getovra.com/api-reference/mpp/add-an-mpp-merchant-protection-rule-allowlist-denylist.md) - [Delete a protection rule](https://docs.getovra.com/api-reference/mpp/delete-a-protection-rule.md) - [Discover MPP-capable merchants for an agent](https://docs.getovra.com/api-reference/mpp/discover-mpp-capable-merchants-for-an-agent.md) - [Execute an MPP intent (mint credential and present to merchant)](https://docs.getovra.com/api-reference/mpp/execute-an-mpp-intent-mint-credential-and-present-to-merchant.md) - [Get MPP intent status](https://docs.getovra.com/api-reference/mpp/get-mpp-intent-status.md) - [List MPP settlements](https://docs.getovra.com/api-reference/mpp/list-mpp-settlements.md) - [List protection rules](https://docs.getovra.com/api-reference/mpp/list-protection-rules.md) - [Mint an MPP credential from a 402 challenge](https://docs.getovra.com/api-reference/mpp/mint-an-mpp-credential-from-a-402-challenge.md): Low-level credential mint. Caller has already parsed the 402 challenge from the merchant; passes the raw WWW-Authenticate value here. Returns a base64url-nopad JWE credential ready to present as Authorization: Payment . - [One-shot MPP pay (handle 402 + mint + present + verify)](https://docs.getovra.com/api-reference/mpp/one-shot-mpp-pay-handle-402-+-mint-+-present-+-verify.md): High-level orchestrator. Fetches the URL, parses the 402 WWW-Authenticate Payment challenge, mints a JWE-wrapped credential bound to the supplied intent + card, retries the request with Authorization: Payment, and returns the merchant body + the Payment-Receipt that proves settlement. - [Parse an HTTP 402 challenge and create an Ovra intent](https://docs.getovra.com/api-reference/mpp/parse-an-http-402-challenge-and-create-an-ovra-intent.md) - [Settle an MPP payment](https://docs.getovra.com/api-reference/mpp/settle-an-mpp-payment.md): Settles a payment initiated via the Machine Payments Protocol (HTTP 402). The agent creates and approves an Ovra intent, then the receiving service calls this endpoint to complete the settlement. Intent IDs are crypto-random and single-use — knowing the ID proves the agent authorized the payment (sa… - [Verify an MPP receipt (payer-side cross-check)](https://docs.getovra.com/api-reference/mpp/verify-an-mpp-receipt-payer-side-cross-check.md) - [Verify and consume an MPP credential](https://docs.getovra.com/api-reference/mpp/verify-and-consume-an-mpp-credential.md): Merchant-side endpoint. Atomically consumes the credential via CAS, drives the intent FSM to completed, writes the transactions row with rail='mpp', and emits the Payment-Receipt. Authenticated by the merchant secret key (X-Merchant-Key). Errors use RFC 9457 Problem Details. - [Verify by challenge ID (merchant-convenience)](https://docs.getovra.com/api-reference/mpp/verify-by-challenge-id-merchant-convenience.md): Same behavior as /v1/mpp/credentials/{id}/verify but accepts the outer challenge.id from the decrypted credential envelope rather than the issuer's internal mppc_* id. - [Activate an onboarded organization](https://docs.getovra.com/api-reference/onboarding/activate-an-onboarded-organization.md) - [Create an onboarding submission](https://docs.getovra.com/api-reference/onboarding/create-an-onboarding-submission.md) - [Get onboarding submission](https://docs.getovra.com/api-reference/onboarding/get-onboarding-submission.md) - [Update onboarding submission (in-progress only)](https://docs.getovra.com/api-reference/onboarding/update-onboarding-submission-in-progress-only.md) - [Validate onboarding submission server-side](https://docs.getovra.com/api-reference/onboarding/validate-onboarding-submission-server-side.md) - [Aggregate outcome stats (success rate per agent)](https://docs.getovra.com/api-reference/outcomes/aggregate-outcome-stats-success-rate-per-agent.md) - [Get a single outcome](https://docs.getovra.com/api-reference/outcomes/get-a-single-outcome.md) - [List outcomes (agent-reported success / failure events)](https://docs.getovra.com/api-reference/outcomes/list-outcomes-agent-reported-success-failure-events.md) - [Record an outcome](https://docs.getovra.com/api-reference/outcomes/record-an-outcome.md) - [Get a Pass-Through Token (metadata only)](https://docs.getovra.com/api-reference/pass-through/get-a-pass-through-token-metadata-only.md): Never returns plaintext credentials on reads — only the metadata envelope. - [List Pass-Through Tokens (metadata only)](https://docs.getovra.com/api-reference/pass-through/list-pass-through-tokens-metadata-only.md) - [Provision a Pass-Through Network Token (D-25)](https://docs.getovra.com/api-reference/pass-through/provision-a-pass-through-network-token-d-25.md): Universal rail for merchants without MPP/ACP/TAP integration. Returns an agent-bound Network Token (`dpan`, `cvv`, `cryptogram`) scoped to a single merchant, a single amount ceiling, and a TTL. The Visa/MC network itself declines anything outside the scope — no browser runtime required. - [Revoke a Pass-Through Token](https://docs.getovra.com/api-reference/pass-through/revoke-a-pass-through-token.md) - [Begin passkey enrollment](https://docs.getovra.com/api-reference/passkeys/begin-passkey-enrollment.md): Returns `PublicKeyCredentialCreationOptions` for `navigator.credentials.create()`. When the owner already has ≥1 passkey, additionally issues an assertion challenge bound to a fresh enrollment nonce (fresh-auth gate). - [Complete passkey enrollment](https://docs.getovra.com/api-reference/passkeys/complete-passkey-enrollment.md): Verifies the `RegistrationResponseJSON` from `navigator.credentials.create()`. When the owner already had ≥1 passkey, the WebAuthn assertion bound to `enrollmentNonce` MUST be supplied so a session-thief cannot silently pivot to attacker hardware. - [Issue an owner-ceremony assertion challenge](https://docs.getovra.com/api-reference/passkeys/issue-an-owner-ceremony-assertion-challenge.md): Returns a fresh `PublicKeyCredentialRequestOptions` bound to (purpose, payload). Supported owner purposes: `loosen_policy`, `revoke_passkey`. - [List the owner's active passkeys](https://docs.getovra.com/api-reference/passkeys/list-the-owners-active-passkeys.md) - [Per-intent assertion challenge](https://docs.getovra.com/api-reference/passkeys/per-intent-assertion-challenge.md): Returns `PublicKeyCredentialRequestOptions` bound to the intent. The resulting assertion is submitted to `POST /intents/{id}/approve` via the `passkeyAssertion` field. - [Revoke a passkey](https://docs.getovra.com/api-reference/passkeys/revoke-a-passkey.md): Phase 14.1 assertion-gated: - 1 passkey total: revoke without assertion (chicken-and-egg). - ≥2 passkeys: caller MUST supply a WebAuthn assertion from a DIFFERENT enrolled passkey. Self-revoke returns 403. - [Apply a policy template to an agent](https://docs.getovra.com/api-reference/policies/apply-a-policy-template-to-an-agent.md) - [Apply a preset directly to an agent](https://docs.getovra.com/api-reference/policies/apply-a-preset-directly-to-an-agent.md) - [Create a policy from a built-in preset](https://docs.getovra.com/api-reference/policies/create-a-policy-from-a-built-in-preset.md) - [Create standalone policy template](https://docs.getovra.com/api-reference/policies/create-standalone-policy-template.md) - [Delete standalone policy (cannot delete agent-bound policies)](https://docs.getovra.com/api-reference/policies/delete-standalone-policy-cannot-delete-agent-bound-policies.md) - [Draft a policy from a natural-language prompt (LLM-assisted)](https://docs.getovra.com/api-reference/policies/draft-a-policy-from-a-natural-language-prompt-llm-assisted.md) - [Get a single built-in policy preset](https://docs.getovra.com/api-reference/policies/get-a-single-built-in-policy-preset.md) - [Get the effective policy for an agent](https://docs.getovra.com/api-reference/policies/get-the-effective-policy-for-an-agent.md) - [List built-in policy presets](https://docs.getovra.com/api-reference/policies/list-built-in-policy-presets.md) - [List standalone policies](https://docs.getovra.com/api-reference/policies/list-standalone-policies.md) - [Toggle a single policy field on an agent's effective policy](https://docs.getovra.com/api-reference/policies/toggle-a-single-policy-field-on-an-agents-effective-policy.md) - [Update agent policy (API key or dashboard only)](https://docs.getovra.com/api-reference/policies/update-agent-policy-api-key-or-dashboard-only.md) - [List the caller's push subscriptions](https://docs.getovra.com/api-reference/push-subscriptions/list-the-callers-push-subscriptions.md) - [Revoke a push subscription](https://docs.getovra.com/api-reference/push-subscriptions/revoke-a-push-subscription.md) - [Upsert a Web Push subscription](https://docs.getovra.com/api-reference/push-subscriptions/upsert-a-web-push-subscription.md): Browser flow — after `pushManager.subscribe()` resolves, POST the `PushSubscriptionJSON` here. Upserts on (userId, endpoint). - [VAPID public key for Web Push](https://docs.getovra.com/api-reference/push-subscriptions/vapid-public-key-for-web-push.md) - [Delete receipt](https://docs.getovra.com/api-reference/receipts/delete-receipt.md) - [Download original receipt file](https://docs.getovra.com/api-reference/receipts/download-original-receipt-file.md) - [Get PDF rendering of the receipt](https://docs.getovra.com/api-reference/receipts/get-pdf-rendering-of-the-receipt.md) - [Get receipt metadata](https://docs.getovra.com/api-reference/receipts/get-receipt-metadata.md) - [Get receipt thumbnail](https://docs.getovra.com/api-reference/receipts/get-receipt-thumbnail.md) - [List receipts for a transaction](https://docs.getovra.com/api-reference/receipts/list-receipts-for-a-transaction.md) - [Upload receipt for a transaction](https://docs.getovra.com/api-reference/receipts/upload-receipt-for-a-transaction.md) - [Refund a completed transaction](https://docs.getovra.com/api-reference/refunds/refund-a-completed-transaction.md) - [Aggregate risk summary](https://docs.getovra.com/api-reference/risk/aggregate-risk-summary.md) - [Get risk-engine configuration](https://docs.getovra.com/api-reference/risk/get-risk-engine-configuration.md) - [List policy violations (denied intents / blocked authorizations)](https://docs.getovra.com/api-reference/risk/list-policy-violations-denied-intents-blocked-authorizations.md) - [List risk alerts](https://docs.getovra.com/api-reference/risk/list-risk-alerts.md) - [List risk events across all agents](https://docs.getovra.com/api-reference/risk/list-risk-events-across-all-agents.md) - [List risk events for a single agent](https://docs.getovra.com/api-reference/risk/list-risk-events-for-a-single-agent.md) - [Manually unfreeze an agent that risk auto-froze](https://docs.getovra.com/api-reference/risk/manually-unfreeze-an-agent-that-risk-auto-froze.md) - [Update alert state (acknowledge / dismiss / resolve)](https://docs.getovra.com/api-reference/risk/update-alert-state-acknowledge-dismiss-resolve.md) - [Update risk-engine configuration](https://docs.getovra.com/api-reference/risk/update-risk-engine-configuration.md) - [Create a workflow run](https://docs.getovra.com/api-reference/runs/create-a-workflow-run.md) - [Get run detail](https://docs.getovra.com/api-reference/runs/get-run-detail.md) - [List agent workflow runs (also reachable as `/workflows`)](https://docs.getovra.com/api-reference/runs/list-agent-workflow-runs-also-reachable-as-`workflows`.md) - [Update run (status, metadata)](https://docs.getovra.com/api-reference/runs/update-run-status-metadata.md) - [Advance an incident's status](https://docs.getovra.com/api-reference/security-incidents/advance-an-incidents-status.md) - [Classify an incident (set is_major)](https://docs.getovra.com/api-reference/security-incidents/classify-an-incident-set-is_major.md) - [Create an ICT incident](https://docs.getovra.com/api-reference/security-incidents/create-an-ict-incident.md): Gated by `X-Dashboard-Secret`. Internal ops + monitoring systems POST here when an ICT issue is detected. Major incidents must trigger the DORA 3-stage notification timer. - [Get an ICT incident](https://docs.getovra.com/api-reference/security-incidents/get-an-ict-incident.md) - [List recent ICT incidents](https://docs.getovra.com/api-reference/security-incidents/list-recent-ict-incidents.md) - [Begin a device session (RFC 8628)](https://docs.getovra.com/api-reference/sessions/begin-a-device-session-rfc-8628.md): SDK / CLI / MCP-side. Idempotent — returns the existing pending row when present. Pairs the API key or agent token to a device identifier; the operator finishes the ceremony via `/verify-options` + `/verify`. - [Issue WebAuthn assertion options bound to a user_code](https://docs.getovra.com/api-reference/sessions/issue-webauthn-assertion-options-bound-to-a-user_code.md): Dashboard-side. Looks up the pending session by `user_code`, issues a WebAuthn challenge bound to `verify_session` + `{ user_code }`. Requires the owner to have at least one enrolled passkey. - [List the owner's device sessions](https://docs.getovra.com/api-reference/sessions/list-the-owners-device-sessions.md) - [Poll a pending session for verification status](https://docs.getovra.com/api-reference/sessions/poll-a-pending-session-for-verification-status.md) - [Revoke a device session](https://docs.getovra.com/api-reference/sessions/revoke-a-device-session.md) - [Verify the passkey assertion and flip the session](https://docs.getovra.com/api-reference/sessions/verify-the-passkey-assertion-and-flip-the-session.md) - [Get statement detail](https://docs.getovra.com/api-reference/statements/get-statement-detail.md) - [List billing statements](https://docs.getovra.com/api-reference/statements/list-billing-statements.md) - [Statement PDF download](https://docs.getovra.com/api-reference/statements/statement-pdf-download.md) - [Clear transaction comment](https://docs.getovra.com/api-reference/transactions/clear-transaction-comment.md) - [Get transaction by ID](https://docs.getovra.com/api-reference/transactions/get-transaction-by-id.md) - [List receipts for a transaction](https://docs.getovra.com/api-reference/transactions/list-receipts-for-a-transaction.md) - [List transactions](https://docs.getovra.com/api-reference/transactions/list-transactions.md) - [List transactions for a specific card](https://docs.getovra.com/api-reference/transactions/list-transactions-for-a-specific-card.md) - [Set / update transaction comment (alias of memo)](https://docs.getovra.com/api-reference/transactions/set-update-transaction-comment-alias-of-memo.md) - [Update transaction memo](https://docs.getovra.com/api-reference/transactions/update-transaction-memo.md) - [Create transfer (internal wallet→wallet or external SEPA)](https://docs.getovra.com/api-reference/transfers/create-transfer-internal-wallet→wallet-or-external-sepa.md) - [Get transfer detail](https://docs.getovra.com/api-reference/transfers/get-transfer-detail.md) - [List transfers (also reachable as `/payments`)](https://docs.getovra.com/api-reference/transfers/list-transfers-also-reachable-as-`payments`.md) - [Split a single source amount across multiple destinations](https://docs.getovra.com/api-reference/transfers/split-a-single-source-amount-across-multiple-destinations.md) - [Close wallet (terminal)](https://docs.getovra.com/api-reference/wallets/close-wallet-terminal.md) - [Create wallet](https://docs.getovra.com/api-reference/wallets/create-wallet.md) - [Get wallet by id](https://docs.getovra.com/api-reference/wallets/get-wallet-by-id.md) - [List wallets (also reachable as `/accounts`)](https://docs.getovra.com/api-reference/wallets/list-wallets-also-reachable-as-`accounts`.md) - [Update wallet (name / purpose / default flag)](https://docs.getovra.com/api-reference/wallets/update-wallet-name-purpose-default-flag.md) - [Create webhook subscription](https://docs.getovra.com/api-reference/webhooks/create-webhook-subscription.md) - [Delete webhook subscription](https://docs.getovra.com/api-reference/webhooks/delete-webhook-subscription.md) - [Get webhook by ID](https://docs.getovra.com/api-reference/webhooks/get-webhook-by-id.md) - [List recent deliveries for a webhook subscription](https://docs.getovra.com/api-reference/webhooks/list-recent-deliveries-for-a-webhook-subscription.md) - [List webhook subscriptions](https://docs.getovra.com/api-reference/webhooks/list-webhook-subscriptions.md) - [Send a test event to a webhook subscription](https://docs.getovra.com/api-reference/webhooks/send-a-test-event-to-a-webhook-subscription.md) - [Public Ed25519 JWKS for an agent (RFC 7517)](https://docs.getovra.com/api-reference/well-known/public-ed25519-jwks-for-an-agent-rfc-7517.md): Phase 8 Trusted Agent Protocol prep. Returns the agent's current Ed25519 public JWK as a single-element JWKS. No authentication required — public keys are not sensitive. Cached 5 minutes. - [Verify a Verifiable Collect Receipt (no auth)](https://docs.getovra.com/api-reference/well-known/verify-a-verifiable-collect-receipt-no-auth.md): Public no-auth endpoint. Accepts a JSON-LD Verifiable Collect Receipt and returns whether it is cryptographically valid against the current issuer JWKS (`/.well-known/vi-issuer-jwks`). Used by external auditors, merchants, and partner verifiers. Rate-limited per IP. - [Accounts](https://docs.getovra.com/concepts/accounts.md): EUR wallets with dedicated IBANs, hierarchical structure, and a full ledger. - [Agents](https://docs.getovra.com/concepts/agents.md): First-class entities that own cards, tokens, transactions, and a policy. - [Cards](https://docs.getovra.com/concepts/cards.md): Virtual Visa cards, instantly. Multiple per agent, never visible to the model. - [Checkout runtime](https://docs.getovra.com/concepts/checkout-runtime.md): How agents orchestrate payment execution at the merchant. - [Collect](https://docs.getovra.com/concepts/collect.md): Collect payments for work your agents deliver. - [Compliance](https://docs.getovra.com/concepts/compliance.md): EU-regulated payment infrastructure via licensed partners. GDPR by design. - [Control](https://docs.getovra.com/concepts/control.md): Spending policies and guardrails that enforce themselves. - [CUA](https://docs.getovra.com/concepts/cua.md): Tokenized browser autofill — the model never sees the card. - [Disputes](https://docs.getovra.com/concepts/disputes.md): File and resolve chargebacks against agent transactions. - [Funding](https://docs.getovra.com/concepts/funding.md): How EUR enters Ovra and reaches your agents. - [Intelligence](https://docs.getovra.com/concepts/intelligence.md): Spend analytics, risk scoring, anomaly detection, and audit trails. - [Intents](https://docs.getovra.com/concepts/intents.md): The approval-bearing primitive. No money moves without an approved intent. - [MPP](https://docs.getovra.com/concepts/mpp.md): Machine Payments Protocol — agents pay merchants over HTTP with a JWE-wrapped network token. - [Pay](https://docs.getovra.com/concepts/pay.md): Agents pay anyone for anything with scoped virtual cards. - [Policies](https://docs.getovra.com/concepts/policies.md): Declarative spending rules. Server-enforced. Agents cannot bypass their own rules. - [Sandbox](https://docs.getovra.com/concepts/sandbox.md): What's simulated, what's real, and how to know which API mode you're in. - [Transactions](https://docs.getovra.com/concepts/transactions.md): The immutable record every settled charge produces. - [Webhooks](https://docs.getovra.com/concepts/webhooks.md): Signed HTTPS notifications for ~50 event types, with plan-tier retry policies. - [Claude Desktop](https://docs.getovra.com/integrations/claude-desktop.md): Use Ovra inside Claude Desktop with one block of JSON config. - [CrewAI](https://docs.getovra.com/integrations/crewai.md): Give a CrewAI team Ovra payment capabilities with role separation. - [LangGraph](https://docs.getovra.com/integrations/langgraph.md): Use Ovra with LangGraph for stateful agent payment workflows. - [OpenAI Agents SDK](https://docs.getovra.com/integrations/openai-agents.md): Connect Ovra MCP to the OpenAI Agents SDK for autonomous payments. - [Introduction](https://docs.getovra.com/introduction.md): European payment infrastructure for AI agents. - [MCP overview](https://docs.getovra.com/mcp/overview.md): 19 action-multiplexed tools that give any LLM client full access to Ovra. - [MCP setup](https://docs.getovra.com/mcp/setup.md): Connect @ovra/mcp to any MCP-compatible client in under a minute. - [MCP tools reference](https://docs.getovra.com/mcp/tools.md): Every action and parameter for the 19 ovra_* tools. - [Pricing](https://docs.getovra.com/pricing.md): Free, Starter, Business, Enterprise. Honest limits, no surprise fees. - [Quickstart](https://docs.getovra.com/quickstart.md): Sign up, get an API key, and run a sandbox payment in five minutes. ## OpenAPI Specs - [openapi](https://docs.getovra.com/openapi.yaml)