Agent Cards - Nevermined Documentation

Enroll a Visa, Stripe, or Braintree card. Create a delegation that caps how much can be spent. Your agents charge it directly via x402 — no checkout pages, no human in the loop. Manage everything at pay.nevermined.app.

Card Enrollment

Enroll Visa, Stripe, or Braintree cards

Delegations

Set spending limits and expiration

Delegation Selection

Auto-resolve which card to charge

How It Works

Enroll a card

Add a Visa, Stripe, or Braintree card at pay.nevermined.app. Card data is tokenized in the browser by the provider’s PCI-compliant capture (VGS Collect for Visa and Stripe, Braintree Drop-in for Braintree). NVM Pay never stores raw card numbers.

Create a delegation

Set the spending limit, duration, and (optionally) max transactions. Visa delegations also require a per-delegation passkey approval that binds the limits to your device. Optionally link the delegation to a specific API key for automatic routing.

Agents charge it

Agents call the NVM Pay API with their API key. NVM Pay resolves the right delegation and generates an x402 token. The resource server verifies, executes, and settles.

Payment Flow

Agent (no token)
  |
  |-> Resource Server returns 402 + payment-required header
  |
  |-> Agent calls NVM Pay: POST /api/v1/x402/access-token
  |     |-> Resolves delegation -> generates x402 token (scheme: nvm:card-delegation)
  |
  |-> Agent retries with payment-signature header
  |
  |-> Resource Server:
        |-> POST /verify -> validates token, delegation, usage
        |-> Executes workload
        |-> POST /settle -> charges card, returns payment-response

One delegation model, three networks

All three providers share the same nvm:card-delegation x402 scheme and the same POST /api/v1/delegation/create endpoint. The network field on the delegation (stripe, braintree, or visa) is set by the card you choose and routes settlement to the right PSP.

Visa

PAN tokenized by VGS Credential Management Platform (CMP) into a Visa Agentic Token. Each delegation requires a one-time WebAuthn/passkey device-binding ceremony enforced by Visa VTS. Settlement runs through Stripe Connect against the seller’s connected account.

Stripe

Card captured via VGS Collect and confirmed against a Stripe SetupIntent. No passkey. Settlement runs through Stripe PaymentIntents directly.

Braintree

Card captured via Braintree Drop-in, exchanged for a vaulted paymentMethodToken. Settlement runs through transaction.sale against the seller’s per-currency OAuth-connected Braintree merchant account.

The Visa Agentic Tokens flow replaces the earlier VTS/VIC + mandate endpoints. There is no longer a separate “mandate” object — a Visa delegation is just a nvm:card-delegation record with provider: 'visa'.

Key Concepts

Concept	Description
Delegation	A scoped spending authorization on an enrolled card. Defines the spending limit, max transactions, and expiration. Same concept across Visa, Stripe, and Braintree.
Visa Agentic Token	The CMP-issued identifier (`vat_…`) that replaces the real PAN. Stored as the delegation’s `providerPaymentMethodId` for Visa cards.
Device binding	A per-delegation WebAuthn/passkey ceremony required by Visa VTS. Produces a single-use `assuranceData` blob bound to the spending limit, duration, and merchant context. Browser-only.
Spending Ceiling	Per-card cumulative limit across all active delegations (default $10.00).
API Key Linking	Link a delegation to a specific API key so agents automatically use the right one.
x402 Token	Payment token used in the `payment-signature` HTTP header (`nvm:card-delegation` scheme).

SDK consumption

The TypeScript and Python SDKs treat all three networks identically. Pass the delegationId to DelegationConfig and the SDK auto-resolves the scheme + network from the plan and the delegation record:

TypeScript
Python

import { Payments } from '@nevermined-io/payments'

const payments = Payments.getInstance({
  nvmApiKey: process.env.NVM_API_KEY,
  environment: 'sandbox',
})

// Works the same for Stripe, Braintree, and Visa delegations.
const token = await payments.x402.getX402AccessToken(
  'plan_abc123',
  undefined, // agentId — pass when the plan has multiple agents
  {
    delegationConfig: {
      delegationId: 'deleg-8f14e45f-ce34-4797-b88e-968374b0d4b6',
    },
  },
)

import os
from payments_py import Payments
from payments_py.x402 import DelegationConfig, X402TokenOptions

payments = Payments(
    api_key=os.environ.get("NVM_API_KEY"),
    environment="sandbox",
)

# Works the same for Stripe, Braintree, and Visa delegations.
token = payments.x402.get_x402_access_token(
    plan_id="plan_abc123",
    token_options=X402TokenOptions(
        delegation_config=DelegationConfig(
            delegation_id="deleg-8f14e45f-ce34-4797-b88e-968374b0d4b6",
        ),
    ),
)

For Visa, delegationId reuse is the only SDK path. createDelegation with provider='visa' cannot run from a non-browser context — the backend rejects it without consumerPrompt + assuranceData, both of which require the WebAuthn ceremony embedded by Visa VTS in the webapp. The SDK rejection surfaces as PaymentsError.code = 'BCK.VISA.0014'.

Environments

Sandbox — Testing and development. Visa runs against VGS sandbox + VTS test PANs; Stripe in test mode; Braintree on sandbox merchants.
Live — Production. Real payments through Visa, Stripe, and Braintree.

You need an NVM API Key. Set it as NVM_API_KEY.

What’s Next?

Enroll a Card

Set up your first payment card

Create a Delegation

Define spending limits, usage caps, and expiration

Documentation Index

Card Enrollment

Delegations

Delegation Selection

​How It Works

​Payment Flow

​One delegation model, three networks

Visa

Stripe

Braintree

​Key Concepts

​SDK consumption

​Environments

​What’s Next?

Enroll a Card

Create a Delegation

How It Works

Payment Flow

One delegation model, three networks

Key Concepts

SDK consumption

Environments

What’s Next?