Clone, customize, and deploy. These templates show the full power of Attesso for different AI payment use cases.
B2B internal tools for software purchasing
Stop chasing managers for credit cards. This Slack bot lets employees request software purchases, routes approvals via passkey, and executes payments automatically.
Employee requests in Slack
"I need a $20/mo Cursor license"
Manager approves via passkey
Clicks approval_url, biometric signature creates mandate
Bot completes purchase
JIT card issued, payment executed, employee notified
import { openai } from "@ai-sdk/openai";
import { generateText, tool } from "ai";
import { z } from "zod";
import { AttessoClient } from "@attesso/sdk";
import { WebClient } from "@slack/web-api";
const attesso = new AttessoClient({
apiKey: process.env.ATTESSO_API_KEY!
});
const slack = new WebClient(process.env.SLACK_BOT_TOKEN);
// The AI tool that executes purchases
const purchaseTool = tool({
description: "Purchase a software license",
parameters: z.object({
item: z.string().describe("What to purchase"),
amount: z.number().describe("Price in cents"),
vendor: z.string().describe("Vendor name"),
mandate_id: z.string().describe("Active mandate ID"),
}),
execute: async ({ item, amount, vendor, mandate_id }) => {
// Check mandate has sufficient remaining_limit
const mandate = await attesso.getMandate(mandate_id);
if (!mandate || mandate.status !== "active") {
return {
success: false,
error: "No active mandate found."
};
}
if (mandate.remaining_limit < amount) {
return {
success: false,
error: "Insufficient remaining_limit."
};
}
// Issue an ephemeral JIT card
const card = await attesso.issueCard(mandate_id, {
amount,
ttl_seconds: 300,
});
return {
success: true,
card_id: card.card_id,
message: `Card issued for ${item}, $${(amount/100).toFixed(2)}`
};
},
});
// Handle incoming Slack messages
export async function handleSlackMessage(event: SlackEvent) {
const { text, user, channel } = event;
const result = await generateText({
model: openai("gpt-4o"),
tools: { purchase: purchaseTool },
system: `You are a procurement assistant. Help
employees purchase software and tools.`,
prompt: text,
});
await slack.chat.postMessage({
channel,
text: result.text,
});
}Autonomous flight search and booking
import { ChatOpenAI } from "@langchain/openai";
import { AgentExecutor, createToolCallingAgent } from "langchain/agents";
import { tool } from "@langchain/core/tools";
import { z } from "zod";
import { AttessoClient } from "@attesso/sdk";
import { Browserbase } from "@browserbase/sdk";
const attesso = new AttessoClient({
apiKey: process.env.ATTESSO_API_KEY!
});
const browser = new Browserbase({
apiKey: process.env.BROWSERBASE_KEY!
});
// Tool to search for flights
const searchFlights = tool(
async ({ origin, destination, date }) => {
const session = await browser.createSession();
const page = await session.newPage();
await page.goto("https://www.google.com/flights");
await page.fill('[aria-label="Origin"]', origin);
await page.fill('[aria-label="Destination"]', destination);
await page.fill('[aria-label="Departure"]', date);
await page.click('button[aria-label="Search"]');
const flights = await page.evaluate(() => {
return Array.from(document.querySelectorAll('.flight-result'))
.slice(0, 5)
.map(el => ({
airline: el.querySelector('.airline')?.textContent,
price: parseInt(el.querySelector('.price')?.textContent?.replace(/\D/g, '') || '0'),
departure: el.querySelector('.departure')?.textContent,
}));
});
await session.close();
return JSON.stringify(flights);
},
{
name: "search_flights",
description: "Search for available flights",
schema: z.object({
origin: z.string(),
destination: z.string(),
date: z.string(),
}),
}
);
// Tool to book flight with Attesso
const bookFlight = tool(
async ({ airline, price, mandate_id }) => {
// Issue an ephemeral JIT card for this purchase
const card = await attesso.issueCard(mandate_id, {
amount: price * 100,
ttl_seconds: 300,
});
const session = await browser.createSession();
const page = await session.newPage();
// Use the virtual card to complete checkout
// Card auto-destructs after use or TTL expiry
await session.close();
return {
success: true,
confirmationNumber: "ABC123",
card_id: card.card_id,
};
},
{
name: "book_flight",
description: "Book and pay for a flight",
schema: z.object({
airline: z.string(),
price: z.number(),
mandate_id: z.string(),
}),
}
);
// Create the agent
const model = new ChatOpenAI({ model: "gpt-4o" });
const agent = createToolCallingAgent({
llm: model,
tools: [searchFlights, bookFlight]
});
const executor = new AgentExecutor({
agent,
tools: [searchFlights, bookFlight]
});
// Example: user already approved a mandate via approval_url
await executor.invoke({
input: "Find me a flight from SFO to JFK under $400",
});An AI agent that actually books flights. Uses LangChain for orchestration, Browserbase for web automation, and Attesso JIT cards for payment.
User approves travel mandate
"Book flights to JFK, max $500, this month"
Bot searches and finds deal
Browses Google Flights, compares options
JIT card issued for purchase
Ephemeral card auto-destructs after use
Attesso issues ephemeral JIT cards that auto-destruct after use or TTL expiry. Each card is scoped to the mandate's spending_limit and MCC restrictions.
Recurring mandate requests with JIT card issuance
Manage recurring subscriptions with mandate requests. Each billing cycle, issue a JIT card for the charge. Revoke the mandate to cancel instantly.
Create mandate request
"$15.99/mo for Netflix" → user gets approval_url
User approves via passkey
Mandate created with spending_limit
Issue JIT card each cycle
Ephemeral card used at Netflix checkout
Revoke to cancel
DELETE /v1/mandates/:id. No more cards can be issued.
This demonstrates the core Attesso concept: permissions, not credentials. The mandate defines what the agent can spend, and revocation is instant and irreversible.
import { AttessoClient } from "@attesso/sdk";
const attesso = new AttessoClient({
apiKey: process.env.ATTESSO_API_KEY!
});
interface SubscriptionConfig {
service: string;
amount: number; // Monthly charge in cents
external_user_id: string;
}
// Request mandate for a recurring subscription
export async function requestSubscription(
config: SubscriptionConfig
) {
// Create mandate request. Default fee mode is markup.
const request = await attesso.createMandateRequest({
amount: config.amount,
external_user_id: config.external_user_id,
validity_window: "30d",
category: `subscription:${config.service}`,
metadata: {
service: config.service,
type: "subscription",
},
});
// Send approval_url to user
return {
request_id: request.id,
approval_url: request.approval_url,
spending_limit: request.spending_limit,
};
}
// After user approves, issue card for this billing cycle
export async function chargeSubscription(
mandate_id: string,
amount: number,
) {
const card = await attesso.issueCard(mandate_id, {
amount,
ttl_seconds: 300,
});
return {
card_id: card.card_id,
number: card.number,
exp_month: card.exp_month,
exp_year: card.exp_year,
cvc: card.cvc,
};
}
// Example: Netflix subscription
const sub = await requestSubscription({
service: "Netflix",
amount: 1599, // $15.99/month
external_user_id: "user_123",
});
console.log(`Approve at: ${sub.approval_url}`);
// After approval, charge each month:
// const card = await chargeSubscription(mandate_id, 1599);
// Use card at Netflix checkout
// Cancel anytime. Revoke the mandate.
export async function cancelSubscription(mandate_id: string) {
await attesso.revokeMandate(mandate_id);
// No further cards can be issued
}All templates are MIT licensed. Clone them, customize them, ship them. Our docs have everything you need to get started.