Two portals, two audiences. dashboard.prava.space is the
developer console: sign up, create API keys, manage allowed domains, switch to
production. pay.prava.space is the
Prava Pay dashboard for agent owners: approve agent links, enroll
cards, set spending controls. A developer integrating the API only needs the console; an agent
owner only needs the Prava Pay dashboard.
With Prava, the agent never holds funds or a raw card. It acts against the owner’s account under
the owner’s controls, and only ever receives one-time, scoped credentials at the moment of purchase.
The model
- Agent owner: a dashboard user who owns the account and manages everything at pay.prava.space.
- Cards & addresses: enrolled once and held on the owner’s account.
- Agents: the owner links and approves each agent; every agent gets its own secure identity.
- Shared access: all of an owner’s agents draw on the same cards. There are no per-agent card permissions.
Authorizing agents
An agent is connected through the linking flow: it requests access, and the owner approves it in the browser. From then on an agent is either active or revoked. It’s all-or-nothing, not a permissions matrix. Revoking an agent cuts off its access immediately.Spending controls
These are the controls that actually exist and are enforced:Quota and concurrency are Prava application-level limits. Merchant/amount locking is enforced by
the card network. See Guardrails for the network-level detail.
Cards on the account
Cards are enrolled through Prava’s secure collection (collectPAN or a hosted
page) and tokenized: the number is replaced with a secure stand-in, and the raw card never touches the
app or the agent. Each card carries:
- a status (
active/deleted), - an agentic-commerce flag (
isAgenticCommerceEnrolled) indicating it’s enabled for AI-initiated purchases,
Related
Link an agent
How an owner approves an agent against their account.
Guardrails
The network-level constraints on what an authorized purchase can do.