SDK Overview - Ovra

What is @ovra/pay?
How it works
Why not just use the card number?

What is @ovra/pay?

A TypeScript SDK that fills payment forms in your agent’s browser. The agent never sees card credentials.

import * as OvraPay from "@ovra/pay";

OvraPay.configure({ apiKey: "sk_test_..." });
const result = await OvraPay.checkout(page, { intentId: "in_xxx" });

How it works

Your agent navigates to a checkout page
You call OvraPay.checkout(page, { intentId })
The SDK fetches a one-time credential from Ovra API
The credential is used inside page.evaluate() — isolated from agent code
Payment form is filled, agent gets { success: true }

The page object can come from Playwright, Puppeteer, Stagehand, or any framework with page.evaluate().

Why not just use the card number?

When an agent has the card number in its context:

It can appear in LLM logs and training data
It can be leaked in error messages
It can be stored in agent memory
It violates PCI DSS requirements

With @ovra/pay, the card data only exists inside page.evaluate() for the duration of the form fill. It never enters the agent’s JavaScript scope.

⌘I