Agentic Card Issuing: From KYB to First Transaction
A comprehensive tutorial on navigating the KYB process, creating virtual cards for agents, and handling authorization webhooks.
Enabling agents to handle financial transactions requires a robust infrastructure for card issuance and compliance. Anima integrates with Stripe Issuing to provide virtual cards for AI agents, while automating the complex Know Your Business (KYB) requirements.
Navigating KYB Verification#
Before an organization can issue cards, it must undergo KYB verification. This process is managed through Anima's compliance module, which tracks the state of your Stripe Custom Connect account.
KYB verification states typically follow this lifecycle:
not_started → pending → approved.
import { Anima } from "@anima/sdk";
const am = new Anima(process.env.AM_API_KEY);
// Check current compliance status
const compliance = await am.compliance.getStatus();
if (compliance.status === "not_started") {
const onboarding = await am.compliance.createOnboardingLink({
returnUrl: "https://your-dashboard.com/kyb-complete",
refreshUrl: "https://your-dashboard.com/kyb-retry"
});
console.log(`Open this link to start KYB: ${onboarding.url}`);
}Creating Your First Virtual Card#
Once your organization is approved, you can issue cards to specific agent identities. These cards are linked to your funding source but scoped to the agent's spending limits and merchant category codes (MCCs).
const card = await am.cards.create({
identityId: "agent_456",
amount_cents: 5000, // $50.00 limit
currency: "usd",
spending_controls: {
allowed_categories: ["software", "cloud_services"]
}
});
console.log(`Card created: **** **** **** ${card.last4}`);Handling Authorization Webhooks#
When an agent uses its card at a merchant, Stripe sends an authorization request. You must respond to this request within a strict 2-second deadline to either approve or decline the transaction.
import express from "express";
const app = express();
app.use(express.json());
app.post("/webhooks/cards/auth", async (req, res) => {
const { transaction_id, amount, merchant_name } = req.body;
// Decide whether to approve the transaction
const isApproved = amount < 2500 && merchant_name.includes("AWS");
return res.json({
approved: isApproved,
reason: isApproved ? "Authorized merchant" : "Exceeds limit"
});
});Managing Card Lifecycles#
Cards issued via Anima are designed for short-lived tasks or recurring agent expenses. You can programmatically close a card once a specific objective is met, reducing the window of potential misuse.
// Close the card after use
await am.cards.close(card.id);
// List transactions for a specific agent
const history = await am.cards.getTransactions({
identityId: "agent_456",
status: "SETTLED"
});Security and Compliance Notes#
All card data handled by Anima is encrypted at rest and in transit. While agents can access their own card details for programmatic checkout via the SDK, human administrators must use Multi-Factor Authentication (MFA) to view full card numbers or CVVs in the management console.
Adhering to the 2-second timeout for authorization webhooks is mandatory. We recommend using high-performance serverless functions or dedicated webhook listeners with low latency to ensure reliable transaction processing. Failing to respond within the window will result in an automatic decline for security.