Let customers send agents to buy from you.

Lipafy is the checkout layer for delegated commerce. Customers set the rules, agents make the request, providers get paid — built for the way money actually moves.

Create your account Browse capabilities
AGENT
> lipafy.request()
INTENT
POLICY CHECK
LIPAFY/APPROVE
KES 900
SETTLEMENT
BALANCE
4,3103,410 KES
RECEIPT

User-approved spend

Daily caps, per-transaction caps, allow-lists, and explicit human approvals on the requests that matter.

Wallet & Rails ready

Top up via push prompts, hold funds for approvals, refund failed calls, and settle providers from one ledger.

Signed receipts

Every completed call produces a verifiable record — linked back to the agent, mandate, and approval that allowed it.

A checkout layer for services that do real work.

One API surface for the three sides of a delegated purchase. Each side gets clean primitives and predictable money movement.

Providers

Sell your service as a paid capability.

Set a price, define inputs, receive requests with full context, and reconcile every completed job.

capabilitiespricing rulessettlements
Agent builders

Spend money without holding it.

Scoped API keys, idempotent charges, and x402-aware error responses so your agent knows exactly why a call was blocked.

scoped keysbudgetsx402 errors
Customers

Approve what matters, automate the rest.

Limits, mandates, and explicit approvals you can revoke any time. A clear record of who asked, what was bought, and what it cost.

limitsapprovalsreceipts
Capabilities · find

One namespace for every provider in your stack.

Discover paid capabilities the same way you’d search a package registry. Pricing, latency, and provenance are in the result.

Use
foodlocal-lunchKES 600–900
fooddinner-fastKES 800–1.4k
rideairport-pickupKES 2.1k–2.8k
errandpharmacy-runKES 200+items
API · charge

One charge. One receipt. One source of truth.

Charges resolve atomically. The response includes a signed receipt and the wallet balance change in the same call.

POST /gateway/charge200 OK
POST /gateway/food.local-lunch/order
Authorization: Bearer lip_live_…

{
  "budget": "900",
  "currency": "KES",
  "delivery_time": "13:00",
  "on_behalf_of": "usr_ow3nz"
}

// X-Payment-Receipt: rcpt_84e…
// wallet.balance: 4,310 ? 3,470 KES

The everyday flow

Ask, approve, pay, settle.

Lipafy is built around how people actually delegate — in plain language, with checkpoints where they need them and silence where they don’t.

Customer App
$
STEP 01

Customer gives the instruction

Budget, timing, provider, and constraints are captured before money moves.

AI Agent
01await intercept()
02if (intent === 'PAY') {
03  request_auth()
04}
STEP 02

Agent requests permission

High-value or sensitive calls pause for an explicit human approval over SSE.

Lipafy
~ %lipafy run
rules · hold · check · settle
STEP 03

Lipafy checks the rules

Limits, allow-lists, mandates, wallet balance, and expiry are enforced automatically.

Provider
Capability
$waiting...
STEP 04

Provider completes the job

The customer gets a signed receipt; the provider gets a clean settlement trail.

providersigned receiptcustomer

Trust is the product

Nobody should hand an agent a blank cheque.

Every transaction passes through four guardrails. They’re tunable per customer, per agent, per provider — and visible in every receipt.

M-Pesa Daraja SIWE · OAuth 2.1 · PKCE AP2 IntentMandates

Spend limits

Daily caps, per-transaction caps, and category allow/block lists per key.

Human approvals

Pause risky calls until the customer says yes — over SSE, with one-tap deny.

Signed receipts

Every successful call leaves a verifiable record linked to wallet, agent, and mandate.

Local settlement

Providers get paid via M-Pesa B2C at the end of each settlement period.

Ready for the next purchase?

Put a safer payment layer between customers, agents, and providers.

Start with LipafyRead the docs