Skip to main content
SPENDING CONTROLS

Your agent cannot overspend what you set.

Set an allowance per period and a per-transaction cap on each agent in the dashboard. The backend enforces it on every outbound payment - the agent's code cannot bypass it.

Dashboard view: spend permissions per agent - allowance, per-transaction cap, period

Autonomous agents make mistakes. They retry. They loop. They get prompt-injected. They occasionally try to spend money you did not authorize.

A Blockchain0x spend permission is owner-set in the dashboard and enforced by the backend, not by the agent's code. Every outbound payment is checked against the active permission before the API accepts it, so the agent cannot exceed the limit even if its logic tries. Your code can read the permission over the API to display it or plan around it, but it cannot raise it.

WHAT A SPEND PERMISSION HAS

Four dimensions. Set once. Enforced everywhere.

Allowance over a period

allowance_wei is the total USDC (base units) the agent may send across one period_seconds window. The period is a day (86400), a week (604800), or 30 days (2592000).

Per-transaction cap

per_tx_wei is the largest single outbound payment allowed. It stops one mistaken call from moving more than you intended, independent of the period allowance.

Validity window

start_at and end_at bound when the permission is live. Outside the window it does not authorize spending, so you can pre-stage a budget or let one expire on its own.

Revocation

revoked_at records when a permission was switched off from the dashboard. Revoking takes the allowance to zero immediately for any payment evaluated after it.

DASHBOARD-MANAGED, READ-ONLY VIA THE API

The agent's key cannot raise its own limit.

You create, change, and revoke spend permissions in the dashboard. The API exposes them read-only - there is no endpoint and no SDK method that mutates a permission. That is the whole point: if the agent is prompt-injected or stuck in a loop, it cannot widen its own allowance, because the credential it holds was never granted that power.

When a payment would exceed the active permission, the backend rejects it before anything touches the chain. No funds move. Your agent handles that rejection like any other failed call, and you see the attempt in the dashboard so you can widen the permission if it was legitimate.

READ IT VIA THE API

Fetch the current permission to display or plan around it.

GET /v1/agents/{id}/spend-permissions returns the live values. Use it to show a budget in your UI, or to let the agent check how much room is left before it tries a payment.

READ (CURL)
curl https://api.blockchain0x.com/v1/agents/agt_123/spend-permissions \
  -H "Authorization: Bearer $BLOCKCHAIN0X_API_KEY"
RESPONSE
{
  "allowance_wei": "5000000",
  "per_tx_wei": "1000000",
  "period_seconds": 86400,
  "start_at": "2026-05-15T00:00:00Z",
  "end_at": null,
  "revoked_at": null
}
allowance_wei

Total spend allowed per period, in USDC base units (6 decimals). "5000000" is 5 USDC.

per_tx_wei

Largest single payment allowed, in base units. "1000000" is 1 USDC. A payment over this is rejected even if the period allowance has room.

period_seconds

The window the allowance applies to: 86400 (day), 604800 (week), or 2592000 (30 days).

start_at / end_at

When the permission is active. end_at is null for an open-ended permission.

revoked_at

Null while active; a timestamp once revoked from the dashboard. A revoked permission authorizes nothing.

THE PERIOD

Day, week, or 30 days.

period_seconds takes one of three values. The allowance resets when the period rolls; per_tx_wei applies to every single payment regardless of the period.

86400

1 day

604800

1 week

2592000

30 days

A spend permission is a hard limit, set once, enforced everywhere - not a per-payment approval workflow and not a human-in-the-loop confirmation. If you need approvals or multi-signature, that is a separate, heavier pattern; the permission is the always-on floor under it.

FREQUENTLY ASKED

Five spend-permission questions operators ask.

Can I set or change a spend permission through the API?

No. Spend permissions are read-only over the API. You create, change, and revoke them in the Blockchain0x dashboard, and GET /v1/agents/{id}/spend-permissions lets your code read the current values to display or check them. This is deliberate: the agent's own API key cannot relax its own limits, which is exactly the property you want if the agent is ever prompt-injected or loops. To raise an allowance you need the dashboard.

What happens when a payment would exceed the permission?

The backend rejects it before anything touches the chain - no funds move. Enforcement lives on the backend, not in your agent's code, so the agent cannot route around it even if its logic tries. Read the permission with the GET route to show your agent how much room is left, and handle the rejection from payments.create the way you would any other failed call.

Why are amounts in wei rather than dollars?

Consistency with the rest of the API: every amount is a base-unit string. USDC has 6 decimals, so allowance_wei "5000000" is 5 USDC and per_tx_wei "1000000" is 1 USDC. Strings, not floats - large integers lose precision as JSON numbers, and a base-unit string is unambiguous across languages.

Do spend permissions limit incoming payments?

No. A permission only governs money leaving the wallet. Incoming USDC is never blocked by it - anyone can pay your agent at any time. Think of the permission as a one-way valve on outbound spend; inbound settlement is confirmed separately by the payment.received webhook.

How do I revoke spending fast if something looks wrong?

Revoke the permission in the dashboard - that sets revoked_at and takes the allowance to zero for any payment evaluated afterward. For a harder stop you can also rotate or revoke the agent's API key (apiKeys.rotate / apiKeys.revoke), which cuts off the credential entirely. Both are immediate; the permission revoke is the surgical one, the key revoke is the kill switch.

Spend with limits, not surprises.

Set an allowance and a per-transaction cap in the dashboard. The backend does the rest.