Documentation Index
Fetch the complete documentation index at: /llms.txt
Use this file to discover all available pages before exploring further.

Skip to main content

Dashboard
Status
Get API Keys
Get API Keys

Get Started

Overview
Environments
Sign up
Quickstart
Production access

Onboarding

Onboarding — pick your path
Onboarding: API Monetization
Onboarding: E-Commerce
Onboarding: Agent Commerce
Onboarding: Recurring Payments

Migration

Migration guides
Migrating from Stripe
Migrating from Circle
Migrating from direct card-network integrations

Authentication

Authentication overview
API keys
Agent tokens
Ed25519 session tokens
Portal tokens
JWT sessions

Core Concepts

Tenants
Accounts
Agents
Wallets
Transfers
Streams
Quotes
Environments (test vs. live)

Guides

Onboard an account
Register an agent
Send a cross-border transfer
Start a money stream
Receive webhooks
Issue a refund
Handle a dispute
Fund a wallet in live mode
Sandbox testing checklist

Recipes

Recipes
Recipes: Transfers & refunds
Recipes: Agents & auth
Recipes: Protocols
Recipes: Webhooks & events

Architecture

Architecture patterns
Event-driven architecture
Queue-backed workers
State-machine modeled architecture

Settlement & Treasury

Settlement overview
Settlement rules
Settlement windows
Reconciliation
Treasury
Scheduled transfers

Protocols

Protocols overview
Which protocol should I use?
UCP (Unified Commerce Protocol)
ACP (Agentic Commerce Protocol)
AP2 (Google Agent Payment Protocol)
x402 (HTTP 402 micropayments)
MPP (Machine Payments Protocol)
A2A (Agent-to-Agent)
MCP (Model Context Protocol)
Card networks (Visa VIC + Mastercard Agent Pay)

Agent Platform

Agent Platform overview
Agent quickstart
KYA tiers
Wallet policies
Ed25519 keypair auth
Persistent SSE connections
A2A agent card
MCP tool catalog
Agent-readable docs (llms.txt)
Scope grants
Kill-switch
Approval workflows

SDKs & Tools

SDKs & tools
Node SDK
CLI
MCP server
Webhook verification

Webhooks

Webhooks
Event catalog
Signature verification
Replay
Local testing

Resources

Rate limits
Error codes
Analytics + Usage
Changelog
Status
Support
Coming soon

Environment setup
Core objects
Transfers
Streams
Auth
Webhooks
Wallet policies
KYA tiers
Protocols (smoke test each you use)
Failure injection
Observability
Dry-run migration
Going live
Tips

Guides

Sandbox testing checklist

Exercise everything in sandbox before going live.

Going live with a payments integration should never be a surprise. Run through this checklist in sandbox before touching pk_live_*.

Environment setup

Sandbox API key (pk_test_*) exported as SLY_API_KEY
SDK installed and sly env ping returns 200 OK
Webhook endpoint running (local tunnel fine — see local testing)
Webhook subscription created with your intended event list
Webhook secret stored in SLY_WEBHOOK_SECRET

Core objects

Create a business account; verify it transitions to verified (instant in sandbox)
Create a person account
Create an agent under each; generate_keypair: true; save credentials
Set wallet policies on each agent
Fund agent wallets via faucet (POST /v1/wallets/:id/fund)

Transfers

Simple internal transfer between two wallets — completes in <10s
cross_border transfer with a quote
Transfer that exceeds balance → INSUFFICIENT_BALANCE
Transfer with expired quote → QUOTE_EXPIRED
Transfer with duplicate idempotency_key → returns original, no double-execution
Batch transfer (at least 5 transfers)
Scheduled transfer (dated 2 minutes in the future) — executes on time

Streams

Open a stream; confirm runway and flow rate
Recipient withdraws accrued balance
Update flow rate mid-stream
Pause + resume
Trigger stream.alert by setting a very small initial_deposit (forces runway to drop fast)
Cancel stream; unused funds return to sender

Auth

Create an API key with a scope subset; confirm out-of-scope endpoints return 403
Revoke an API key; confirm subsequent calls return 401
Ed25519 handshake: request challenge → sign → authenticate → receive sess_*
Use sess_* to call at least one endpoint per protocol
Rotate Ed25519 key; confirm prior sessions invalidate
Revoke Ed25519 key; confirm no new sessions issue

Webhooks

Receive and verify a transfer.completed event
Intentionally break signature verification (wrong secret) — your handler rejects
Replay a failed delivery; confirm your handler dedupes via event_id
Kill your endpoint for 5 minutes; confirm Sly retries on schedule; bring endpoint back; recovery delivers all
Test signature rotation with overlap

Wallet policies

Attempt a transaction above per_tx limit → POLICY_VIOLATION
Attempt a transaction at a blocked merchant → POLICY_VIOLATION
Attempt a transaction above approval_threshold → requires_approval response
Approve the pending approval; transaction executes
Reject an approval; transaction is recorded as rejected
Freeze the wallet; subsequent spends return WALLET_FROZEN
Unfreeze; spending resumes

KYA tiers

Agent starts at tier 0; attempt spend above tier-0 cap → KYA_LIMIT_EXCEEDED
Submit DSD; confirm upgrade to tier 1
Exceed tier-1 daily cap; confirm block
Request enterprise override to tier 2; confirm expanded cap

Protocols (smoke test each you use)

UCP: merchant creates token → buyer settles → webhook confirms settlement
ACP: create checkout → complete payment → receive fulfillment event
AP2: create mandate → execute within scope → execute outside scope (fails)
x402: call gated endpoint → receive 402 → pay → retry with proof → receive 200
A2A: send task to a peer agent → accept → complete → rate
MCP: list tools over /mcp → invoke one

Failure injection

Simulate rail outage: use POST /v1/simulate/rail-failure (sandbox only)
Simulate compliance hit: use POST /v1/simulate/sanctions-hit
Simulate slow webhook endpoint: make your handler sleep 30s, confirm Sly retries

Observability

Every error you handle surfaces code + request_id
Your logs include request_id on all Sly-touched requests
Dashboard shows your test traffic
/v1/events returns the full audit trail for a test agent

Dry-run migration

Before flipping pk_test_* → pk_live_*:

Identify every place in your code that hardcodes URLs, keys, or prefixes
Confirm environment detection works (e.g. pk_live → live URL automatically)
Double-check production-only KYC requirements (sandbox is permissive)
Review rate limits (production has stricter caps than sandbox)
Test that your webhooks’ live URL differs from sandbox URL (no cross-env pollution)

Going live

When every box above is checked:

Generate production pk_live_* key
Run compliance KYB on your organization (if not already done)
Update webhooks with production URLs
Update monitoring + alerts to page on production errors
Deploy with feature flag → enable for 1% of traffic → monitor → ramp

Congratulations. You’re live.

Tips

Keep a dedicated sandbox tenant for integration tests — don’t mix with dev experimentation
Automate the checklist as integration tests — they’re the best regression net you’ll ever have
Re-run this checklist every time you add a feature; sandbox exercise > surprises in prod

Fund a wallet in live mode Recipes

⌘I

x github linkedin

Powered byThis documentation is built and hosted on Mintlify, a developer documentation platform