get_payment_policy
const url = 'https://app.everruns.com/api/v1/payments/policies/example';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://app.everruns.com/api/v1/payments/policies/exampleGet a payment policy by ID.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Payment policy ID
Responses
Section titled “ Responses ”Payment policy
A payment policy — the binding between a paying account and a subject (agent identity, session) that controls which paid calls are authorized and at what spend caps.
object
Capability IDs this policy permits paid calls for. Empty list means no capability gating.
HTTP host allowlist for paid outbound calls. Empty list means no host gating.
Timestamp when this policy was created (RFC 3339).
Prefixed public identifier. See ID Schema.
Maximum cumulative amount (USD) per UTC day. Advisory only — not yet enforced. Stored on the policy for forward compatibility; the payment authority currently checks only max_amount_usd_per_request. None means no per-day cap.
Maximum amount (USD) any single paid request may settle for. Enforced by the payment authority at policy selection. None means no per-request cap.
Maximum cumulative amount (USD) per agent turn. Advisory only — not yet enforced. Stored on the policy for forward compatibility; the payment authority currently checks only max_amount_usd_per_request. None means no per-turn cap.
Free-form metadata attached to this policy.
Owning organization’s prefixed public identifier.
Payment account this policy authorizes spending from.
Preferred settlement rails in priority order; the authority picks the first available.
Threshold (USD) above which a request would require explicit human approval. Advisory only — not yet enforced. Stored on the policy for forward compatibility; no approval gate is wired up yet. None disables the (future) gate.
Current lifecycle status of this policy.
Prefixed identifier of the bound subject.
Class of subject this policy binds to (e.g. agent_identity, session).
Timestamp when this policy was last updated (RFC 3339).
Example
{ "allowed_capabilities": [ "paid_search", "paid_image_gen" ], "allowed_hosts": [ "api.openai.com", "api.anthropic.com" ], "created_at": "2026-04-01T10:00:00Z", "id": "paypol_01933b5a00007000800000000000001", "max_amount_usd_per_day": 50, "max_amount_usd_per_request": 2.5, "max_amount_usd_per_turn": 5, "organization_id": "org_01933b5a000070008000000000000001", "payment_account_id": "payacct_01933b5a00007000800000000000001", "rail_preference": [ "mpp_tempo" ], "require_approval_above_usd": 10, "status": "active", "subject_id": "identity_01933b5a000070008000000000000001", "subject_type": "agent_identity", "updated_at": "2026-05-20T14:00:00Z"}Not found
Standard error response.
Wire shape is RFC 9457 Problem Details:
every error response includes title and status, and may include
detail, code, allowed_actions, retry_after_seconds, instance,
and type. The content type is rewritten to application/problem+json
by [problem_json_content_type].
object
Recovery actions the caller can take next.
Agent-actionable link describing a follow-up the caller can take. Used in two contexts:
- Error recovery —
ErrorResponse.allowed_actionscarriesrels likeretry,retry-later,unarchive,get-existingso the agent knows the right next call after a 4xx/429. - Entity hypermedia —
WithUrls<T>.allowed_actionscarries state-awarerels likecancel,events,self,updateon the entity itself so the agent can follow links instead of reconstructing routes from prose.
The shape is intentionally identical across both contexts; the closed
rel vocabulary documented in specs/api-conventions.md distinguishes
them.
object
Short, agent-readable hint (e.g. “Shorten ‘name’ to <= 200 chars.”, “Cancel the active turn for this session.”).
Absolute (preferred) or relative URL the caller may invoke
directly. Always present on entity hypermedia actions
(WithUrls<T>.allowed_actions); optional on error-recovery
actions (ErrorResponse.allowed_actions) where the matching
operation_id is enough and the URI is implicit from the failed
call.
HTTP method to use against href. Required for entity hypermedia
actions; usually omitted on error-recovery actions where the same
operation is retried with its original method.
OpenAPI operationId the caller should invoke. Lets an MCP client
resolve the call without parsing href.
Link relation describing the action. Closed vocabulary documented
in specs/api-conventions.md — examples: self, cancel, pause,
resume, events, retry, retry-later, unarchive,
get-existing, delete, update.
OpenAPI $ref to the request-body schema, when the action takes one
(e.g. #/components/schemas/UpdateSessionRequest). Lets a tool-calling
agent fetch the input shape without scanning the whole spec.
Stable, machine-readable error code (snake_case).
Human-readable explanation specific to this occurrence.
Request URI for this occurrence.
Seconds the caller should wait before retrying (429 / transient 503).
HTTP status code; mirrors the response status line.
Short, human-readable summary of the problem (e.g. “Not Found”).
RFC 9457 problem type URI. Optional; identifies the problem class.
Example
{ "allowed_actions": [ { "method": "POST" } ], "code": "session_not_found", "detail": "Session session_01933b5a000070008000000000000001 not found in org org_01933b5a000070008000000000000001.", "instance": "/v1/sessions/session_01933b5a000070008000000000000001", "retry_after_seconds": 30, "status": 404, "title": "Session not found", "type": "https://docs.everruns.com/errors/session_not_found"}