Invoke Intent

Overview

The invokeIntent() method generates payment tokens (virtual card number, expiry, and CVV) from a previously registered intent. These are single-use credentials scoped to the mandate constraints — right merchant, right amount range, right time window.

No additional authentication required: The intent was already authorized with Passkey during registration. Invoking does not trigger another prompt.

Method Signature

prava.invokeIntent(params: InvokeIntentParams): Promise<PaymentTokens>

Parameters

params

InvokeIntentParams

required

Show properties

intentId

string

required

The intent ID from registerIntent()

merchant

string

required

Merchant name (must match the registered intent)

amount

number

required

Transaction amount (must be ≤ registered amount)

itemCount

number

Number of items

Return Value

tokens

PaymentTokens

Show properties

pan

string

Virtual card number for checkout

expMonth

number

Expiration month

expYear

number

Expiration year

cvv

string

Single-use CVV

Example

import { PravaSDK } from '@prava-sdk/core';

const prava = new PravaSDK({ publishableKey: 'pk_live_xxx' });

const tokens = await prava.invokeIntent({
  intentId: 'int_m7kx9...',
  merchant: 'Uber Eats',
  amount: 22.50,
  itemCount: 1,
});

// Use these tokens to complete the purchase
console.log(tokens.pan);       // "4811 7293 0012 3456" (virtual card number)
console.log(tokens.expMonth);  // 2
console.log(tokens.expYear);   // 28
console.log(tokens.cvv);       // "491"

Flow Diagram

Payment Tokens Explained

Payment Tokens are single-use virtual card credentials generated from the card network. They’re scoped to the mandate constraints — right merchant, right amount range, right time window. If anything is out of bounds, the invocation fails.

Field	What it is
`pan`	Virtual card number — use as card number at checkout
`expMonth` / `expYear`	Token expiration date
`cvv`	Single-use CVV — changes with every invocation

Single-use only: Payment tokens can be used exactly once. If checkout fails, you must invoke the intent again (if useLimit allows).

Error Handling

Code	Cause	Resolution
`INTENT_EXPIRED`	Intent past its `expiresAt` date	Register a new intent
`INTENT_LIMIT_REACHED`	`useLimit` exhausted	Register a new intent
`MANDATE_VIOLATION`	Amount/merchant doesn’t match mandate	Check intent constraints
`CARD_NOT_FOUND`	Card was removed	Re-enroll card and create new intent

Security Considerations

Never log or store payment tokens: Even though the agent creds are scoped still the pan and cvv are sensitive. best practice is to not write them to logs, databases, or error messages.

Tokens are merchant-specific: The card network validates that the merchant receiving the payment matches the mandate. Mismatches will be declined.

Getting Started

SDK Reference

Card Management

Intent Management

Payment Execution

Overview

Method Signature

Parameters

Return Value

Example

Flow Diagram

Payment Tokens Explained

Error Handling

Security Considerations

Next Steps

Browser Automation

Update Intent

Getting Started

SDK Reference

Card Management

Intent Management

Payment Execution

​Overview

​Method Signature

​Parameters

​Return Value

​Example

​Flow Diagram

​Payment Tokens Explained

​Error Handling

​Security Considerations

​Next Steps

Browser Automation

Update Intent

Overview

Method Signature

Parameters

Return Value

Example

Flow Diagram

Payment Tokens Explained

Error Handling

Security Considerations

Next Steps