Bots
Endpoints for registering bots, checking bot status, initiating purchases, polling purchase approval status, and fetching scheduled tasks.
Register a Bot
Creates a new bot and returns an API key for authentication.
| Method | POST |
| Path | /api/v1/bots/register |
| Auth | None (public endpoint, rate-limited to 3 requests/hour per IP) |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
bot_name | string | Yes | Display name for the bot |
owner_email | string | Yes | Email of the bot's human owner |
description | string | No | Short description of the bot's purpose |
callback_url | string | No | URL for receiving webhooks |
pairing_code | string | No | Pairing code generated by the owner in the dashboard for instant activation |
Response
201 Created — without pairing code (pending owner verification):
{
"bot_id": "bot_a1b2c3d4e5",
"api_key": "cck_live_abc123...",
"claim_token": "clm_xyz789...",
"status": "pending_owner_verification",
"owner_verification_url": "https://creditclaw.com/claim?token=clm_xyz789...",
"webhook_secret": "whsec_...",
"webhook_note": "Save your webhook_secret now — it cannot be retrieved later.",
"important": "Save your api_key now — it cannot be retrieved later. Give the claim_token to your human so they can activate your wallet."
}
201 Created — with pairing code (instantly active):
{
"bot_id": "bot_a1b2c3d4e5",
"api_key": "cck_live_abc123...",
"claim_token": null,
"status": "active",
"paired": true,
"owner_uid": "firebase_uid_...",
"webhook_secret": "whsec_...",
"important": "Save your api_key now — it cannot be retrieved later. Your wallet is already active via pairing code."
}
Important: The
api_keyandwebhook_secretare only returned once at registration. Store them securely — they cannot be retrieved again.
Errors
| Status | Error | Description |
|---|---|---|
| 400 | validation_error | Invalid or missing required fields |
| 400 | invalid_pairing_code | Pairing code is invalid, expired, or already used |
| 409 | duplicate_registration | A bot with this name is already registered for this email |
| 429 | rate_limited | Too many registrations — retry after 1 hour |
Example
curl -X POST https://creditclaw.com/api/v1/bots/register \
-H "Content-Type: application/json" \
-d '{
"bot_name": "ShopperBot",
"owner_email": "owner@example.com",
"description": "Autonomous shopping assistant",
"callback_url": "https://mybot.example.com/webhooks"
}'
Get Bot Status
Returns the bot's current status, active payment rails, spending limits, and master guardrails.
| Method | GET |
| Path | /api/v1/bot/status |
| Auth | Authorization: Bearer cck_live_... |
Response
200 OK — active bot with rails:
{
"bot_id": "bot_a1b2c3d4e5",
"bot_name": "ShopperBot",
"status": "active",
"default_rail": "rail4",
"active_rails": ["card_wallet", "stripe_wallet"],
"rails": {
"card_wallet": {
"status": "active",
"balance_usd": 42.50,
"spending_limits": {
"per_transaction_usd": 50,
"monthly_usd": 500,
"monthly_spent_usd": 127.30,
"monthly_remaining_usd": 372.70
}
},
"stripe_wallet": {
"status": "active",
"balance_usd": 100.00,
"address": "0x..."
}
},
"master_guardrails": {
"per_transaction_usd": 100,
"daily_budget_usd": 200,
"monthly_budget_usd": 1000
},
"pending_messages": 0,
"webhook_status": "active",
"webhook_fail_count": 0
}
200 OK — pending bot (not yet claimed by owner):
{
"bot_id": "bot_a1b2c3d4e5",
"bot_name": "ShopperBot",
"status": "pending",
"default_rail": null,
"message": "Owner has not claimed this bot yet. Share your claim token with your human.",
"rails": {},
"master_guardrails": null
}
The status field can be:
| Status | Meaning |
|---|---|
active | Bot is claimed and has at least one active rail |
pending | Owner hasn't claimed the bot yet |
frozen | Owner has frozen the bot's wallet |
inactive | Bot is claimed but has no active rails |
Example
curl https://creditclaw.com/api/v1/bot/status \
-H "Authorization: Bearer cck_live_abc123..."
Initiate a Purchase
Requests a purchase through the bot's self-hosted card rail. The request goes through guardrail evaluation and may require owner approval.
| Method | POST |
| Path | /api/v1/bot/merchant/checkout |
| Auth | Authorization: Bearer cck_live_... |
| Rate Limit | 30 requests/hour |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
profile_index | number | Yes | Payment profile index to use |
merchant_name | string | Yes | Name of the merchant |
merchant_url | string | Yes | Merchant URL or identifier |
item_name | string | Yes | Name of the item being purchased |
amount_cents | number | Yes | Purchase amount in cents (e.g., 1999 for $19.99) |
category | string | No | Purchase category (e.g., "retail", "saas", "food") |
task_id | string | No | Task ID if fulfilling a scheduled task |
card_id | string | No | Specific card ID (required if bot has multiple active cards) |
Guardrail Evaluation Flow
When a purchase request is submitted, it passes through multiple guardrail checks:
- Wallet status — wallet must be active and not frozen
- Card guardrails — per-transaction limits, daily/monthly budgets
- Profile allowance — per-profile spending limits within the configured window
- Master guardrails — owner-level spending limits (for real profile purchases)
- Approval mode — determines if human approval is required
Response
200 OK — approved immediately:
{
"approved": true,
"missing_digits": "4321",
"expiry_month": "12",
"expiry_year": "2026",
"confirmation_id": "chk_a1b2c3d4e5f6",
"profile_index": 0,
"merchant_name": "Amazon",
"amount_usd": 19.99,
"message": "Checkout approved. Enter the provided card details to complete your purchase."
}
202 Accepted — pending owner approval:
{
"approved": false,
"status": "pending_confirmation",
"confirmation_id": "chk_a1b2c3d4e5f6",
"profile_index": 0,
"merchant_name": "Amazon",
"amount_usd": 19.99,
"expires_at": "2025-01-15T12:30:00.000Z",
"message": "This purchase requires owner approval. Poll /api/v1/bot/merchant/checkout/status to check the result."
}
When you receive a 202, poll the checkout status endpoint until the status resolves.
Errors
| Status | Error | Description |
|---|---|---|
| 400 | validation_error | Invalid request body |
| 400 | card_id_required | Bot has multiple active cards — specify card_id |
| 400 | invalid_profile | No permissions found for the given profile index |
| 402 | insufficient_funds | Wallet balance is too low |
| 403 | wallet_not_active | Wallet is not active |
| 403 | wallet_frozen | Wallet has been frozen by the owner |
| 403 | card_not_active | No active self-hosted card for this bot |
| 403 | card_guardrail_violation | Purchase violates card-level spending guardrails |
| 403 | allowance_exceeded | Purchase would exceed the profile's allowance window |
| 403 | master_budget_exceeded | Purchase would exceed the owner's master budget |
| 404 | card_not_found | Specified card_id not found or not linked to this bot |
Example
curl -X POST https://creditclaw.com/api/v1/bot/merchant/checkout \
-H "Authorization: Bearer cck_live_abc123..." \
-H "Content-Type: application/json" \
-d '{
"profile_index": 0,
"merchant_name": "Amazon",
"merchant_url": "https://amazon.com/dp/B09XYZ",
"item_name": "USB-C Hub",
"amount_cents": 2499,
"category": "retail"
}'
Check Purchase Status
Poll this endpoint to check whether a pending purchase has been approved, denied, or expired.
| Method | GET |
| Path | /api/v1/bot/merchant/checkout/status |
| Auth | Authorization: Bearer cck_live_... |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
confirmation_id | string | Yes | The confirmation_id returned from the checkout request |
Response
200 OK — approved:
{
"confirmation_id": "chk_a1b2c3d4e5f6",
"status": "approved",
"amount_usd": 24.99,
"merchant_name": "Amazon",
"item_name": "USB-C Hub",
"missing_digits": "4321",
"expiry_month": "12",
"expiry_year": "2026",
"message": "Purchase approved. Use the provided card details to complete checkout."
}
200 OK — pending:
{
"confirmation_id": "chk_a1b2c3d4e5f6",
"status": "pending",
"amount_usd": 24.99,
"merchant_name": "Amazon",
"item_name": "USB-C Hub",
"message": "Waiting for owner approval."
}
200 OK — denied:
{
"confirmation_id": "chk_a1b2c3d4e5f6",
"status": "denied",
"amount_usd": 24.99,
"merchant_name": "Amazon",
"item_name": "USB-C Hub",
"message": "Purchase was denied by the owner."
}
The status field can be:
| Status | Meaning |
|---|---|
pending | Waiting for owner to approve or deny |
approved | Owner approved — card details are included in the response |
denied | Owner denied the purchase |
expired | Approval window expired (15 minutes) |
Example
curl "https://creditclaw.com/api/v1/bot/merchant/checkout/status?confirmation_id=chk_a1b2c3d4e5f6" \
-H "Authorization: Bearer cck_live_abc123..."
Recommended polling pattern: Check every 5 seconds for the first minute, then every 15 seconds until expiry.
Fetch Next Task
Retrieves the next scheduled task for the bot, if any are available. Tasks are generated by the obfuscation engine and represent purchases the bot should execute.
| Method | POST |
| Path | /api/v1/bot/tasks/next |
| Auth | Authorization: Bearer cck_live_... |
Response
200 OK — task available:
{
"has_task": true,
"task_type": "purchase",
"task_id": "task_42",
"instructions": {
"profile_index": 1,
"merchant_name": "CloudServe Pro",
"merchant_url": "/merchant/cloudserve-pro",
"item_name": "Monthly hosting plan",
"amount_cents": 1299,
"category": "saas"
},
"message": "Purchase \"Monthly hosting plan\" from CloudServe Pro using Payment Profile #1."
}
200 OK — no tasks:
{
"has_task": false,
"message": "No tasks at this time. Check back later."
}
When a task is returned, fulfill it by calling the checkout endpoint with the provided instructions and including the task_id in the request body.
Example
curl -X POST https://creditclaw.com/api/v1/bot/tasks/next \
-H "Authorization: Bearer cck_live_abc123..."
Related
- Authentication — how to get and use API keys
- Wallets — check balance and request top-ups
- Webhooks — receive async notifications for purchases and approvals
- Quick Start — end-to-end bot setup walkthrough