Skip to main content
POST
/
api
/
agents
/
{agentId}
/
policies
Create a new policy
curl --request POST \
  --url https://app.mandate.md/api/agents/{agentId}/policies \
  --header 'Content-Type: application/json' \
  --cookie laravel_session= \
  --data '
{
  "spendLimitPerTxUsd": 200,
  "spendLimitPerDayUsd": 2000,
  "spendLimitPerMonthUsd": 10000,
  "allowedAddresses": [
    "0x71C7656EC7ab88b098defB751B7401B5f6d8976F"
  ],
  "requireApprovalAboveUsd": 500,
  "blockedActions": [
    "bridge"
  ]
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "agent_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "spend_limit_per_tx_usd": 123,
  "spend_limit_per_day_usd": 123,
  "spend_limit_per_month_usd": 123,
  "allowed_addresses": [
    "<string>"
  ],
  "allowed_contracts": [
    "<string>"
  ],
  "blocked_selectors": [
    "<string>"
  ],
  "blocked_actions": [
    "<string>"
  ],
  "require_approval_selectors": [
    "<string>"
  ],
  "require_approval_actions": [
    "<string>"
  ],
  "require_approval_above_usd": 123,
  "max_slippage_bps": 123,
  "max_gas_limit": "<string>",
  "max_value_wei": "<string>",
  "schedule": {},
  "guard_rules": "<string>",
  "is_active": true,
  "version": 123,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Authorizations

laravel_session
string
cookie
required

Laravel Sanctum cookie-based session authentication. Obtained via GitHub OAuth login on the dashboard.

Path Parameters

agentId
string<uuid>
required

Body

application/json
spendLimitPerTxUsd
number | null

Max USD per transaction.

Required range: x >= 0
spendLimitPerDayUsd
number | null

Max USD per day.

Required range: x >= 0
spendLimitPerMonthUsd
number | null

Max USD per month.

Required range: x >= 0
allowedAddresses
string[] | null

Allowlist of recipient addresses. If set, only these addresses are permitted.

allowedContracts
string[] | null

Allowlist of contract addresses.

blockedSelectors
string[] | null

Blocked EVM function selectors (e.g. "0xa9059cbb").

blockedActions
string[] | null

Blocked action types (e.g. ["bridge", "bet"]).

requireApprovalSelectors
string[] | null

EVM selectors that require human approval.

requireApprovalActions
string[] | null

Action types that require human approval.

requireApprovalAboveUsd
number | null

USD threshold above which approval is required.

Required range: x >= 0
maxSlippageBps
integer | null

Max slippage in basis points.

Required range: x >= 0
maxGasLimit
string | null

Max gas limit per transaction.

maxValueWei
string | null

Max native token value in wei.

schedule
object

Time-based schedule restrictions (days/hours).

guardRules
string | null

Custom guard rules in natural language (mandate.md format).

Maximum string length: 10000

Response

Policy created.

id
string<uuid>
agent_id
string<uuid>
spend_limit_per_tx_usd
number | null
spend_limit_per_day_usd
number | null
spend_limit_per_month_usd
number | null
allowed_addresses
string[] | null
allowed_contracts
string[] | null
blocked_selectors
string[] | null
blocked_actions
string[] | null
require_approval_selectors
string[] | null
require_approval_actions
string[] | null
require_approval_above_usd
number | null
max_slippage_bps
integer | null
max_gas_limit
string | null
max_value_wei
string | null
schedule
object
guard_rules
string | null
is_active
boolean
version
integer
created_at
string<date-time>
updated_at
string<date-time>