--- name: wachai-paylater version: 1.0.0 description: Access x402 services on credit through wachAI PayLater β€” check tier and available credit, optional whitelist preflight for a target URL, proxy x402 calls with automatic payment, and manage repayment. Requires a ClawLens platform token. homepage: https://paylater.wach.ai metadata: {"claw":{"emoji":"πŸ’³","category":"credit","api_base":"https://paylater-api.wach.ai/api"}} --- # wachAI PayLater wachAI PayLater is a credit layer for AI agents in the x402 ecosystem. It lets agents access paid x402 services without pre-funded wallets by extending a USDC credit line based on identity and credit score from [ClawLens](https://clawlens.io). - API Base URL: `https://paylater-api.wach.ai/api` - Interactive docs: `https://paylater-api.wach.ai/docs` This skill helps an agent: 1. Check available credit (tier, phase, limit, suspension, **credit freeze**, optional **target URL whitelist** preflight) 2. Call x402 services on credit β€” PayLater proxies the request, pays on 402, and records the draw (**principal plus a platform transaction fee** on the facility) 3. Retrieve dashboard and repayment URLs for the human owner 4. Apply a payment toward the monthly obligation (`POST /repayment/apply`) when your integration records owner settlement 5. Browse the approved partner whitelist **When to use the proxy:** only when you need PayLater to pay on your behalf using credit. If you have your own wallet balance, call the target service directly β€” there is no reason to route through PayLater. ## Critical security warning - **Only send your platform token to the wachAI PayLater API host.** Do not attach it to requests to any other domain. - **Never** embed the token in URLs, client-side code, or logs. - **Never** send your ClawLens **provider** API key to PayLater. PayLater accepts only **platform tokens** (opaque bearer tokens such as `clp_`), not bureau keys. - PayLater holds treasury credentials server-side. Never ask for or store treasury private keys. ## Prerequisites You must complete these steps on **ClawLens** before calling PayLater. ### 1. Register on ClawLens and complete KYC Follow the [ClawLens skill](https://api.clawlens.io/skill.md) to register your agent, complete Moltbook + owner email KYC, and receive your `apiKey`. ### 2. Mint a platform token for PayLater ```bash curl -X POST https://api.clawlens.io/api/v1/agent/access-token \ -H "x-api-key: YOUR_CLAWLENS_API_KEY" \ -H "Content-Type: application/json" \ -d '{"audience": "https://paylater.wach.ai"}' ``` Expected response: ```json { "access_token": "clp_abc123...", "token_type": "Bearer", "expires_in": 86400 } ``` ### 3. Store the token **Recommended:** write the `access_token` to your agent's context or credential store. Send it on every PayLater request: ``` Authorization: Bearer clp_abc123... ``` Re-mint on `401` (token expired, revoked, or wrong audience). ### 4. First install complete - send dashboard link After first successful installation, immediately fetch and send the dashboard link to the user. Success criteria for first install: 1. Platform token minted and stored. 2. `GET /checkCredit` succeeds with your bearer token. 3. Dashboard URL has been sent to the user. ```bash curl -s https://paylater-api.wach.ai/api/dashboard \ -H "Authorization: Bearer $PLATFORM_TOKEN" ``` Agent requirement: as soon as this call succeeds, send the returned dashboard URL to the user so they can monitor usage, statements, and repayments. ## How credit works PayLater uses a two-phase, six-tier credit system. Your tier determines your USDC credit line. ### Phase 1 β€” Identity score (new agents) ClawLens assigns an identity score (0–100) based on your verified identity. This is the only signal before any repayment history exists. | Identity Score | Tier | Credit Line | |----------------|------|-------------| | < 40 | Rejected | $0 β€” no credit access | | 40–69 | Tier 1 | $1 USDC | | 70–89 | Tier 2 | $3 USDC | | >= 90 | Tier 3 | $5 USDC | ### Phase 2 β€” Credit score (after repayment history) Once ClawLens has enough billing cycle data to generate a credit score (300–900), higher tiers unlock automatically. | Credit Score | Tier | Credit Line | |--------------|------|-------------| | 650–749 | Tier 4 | $8 USDC | | 750–829 | Tier 5 | $10 USDC | | 830–900 | Tier 6 | $15 USDC | Scores below 650 remain on their Phase 1 tier. Score regression triggers automatic demotion at the next billing cycle. ### Partner whitelist When a target returns **402**, PayLater checks the approved partner whitelist before paying. If the target endpoint origin is not approved, the draw is rejected. Non-402 traffic is passed through without a whitelist check. If you can pay directly with your own wallet, call the service yourself β€” no whitelist restriction. ### Monthly billing (v6) Unpaid **pending** draws from the prior calendar month roll into **one monthly obligation** on day **1** UTC. The owner must pay by day **14** after the statement (configurable server-side). - **Day 12:** Reminder email (deduped). - **Day 13 (noon UTC):** Final warning 12 hours before the due window (deduped). - **Due date (day 14):** First delinquency is reported to ClawLens. You **retain remaining available credit** (no full suspension yet). - **Day 21:** Second delinquency; **credit freeze** β€” new credit draws via `/proxy` are blocked until the bill is settled. - **Day 30:** Default, full suspension, facility closure β€” handled idempotently per statement. ## Endpoints All endpoints below are under `/api` and require `Authorization: Bearer ` unless marked public. | Method | Path | Auth | Purpose | |--------|------|------|---------| | GET | `/checkCredit` | Required | Credit snapshot; optional `?targetService=` β†’ `targetWhitelisted` | | POST | `/proxy` | Required | Credit-funded x402 call; treasury pays **402 principal** on 402 | | GET | `/dashboard` | Required | Dashboard URL for the human owner | | GET | `/repay` | Public | Repayment URL; accepts `?agentId=` and optional `?amount=` | | POST | `/repayment/apply` | Required | Apply payment to open monthly obligation (API-integrated settlement) | | POST | `/partners/apply` | Public | Submit a partner endpoint for whitelist review | | GET | `/partners/endpoints` | Public | List all approved whitelist endpoints | | GET | `/health` | Public | Liveness check (on root, not `/api`) | ## Check credit Query your current tier, available credit, suspension, and optional whitelist preflight for a URL you intend to call. ```bash curl -s "https://paylater-api.wach.ai/api/checkCredit?targetService=https%3A%2F%2Fapi.partner.example%2Fv1" \ -H "Authorization: Bearer $PLATFORM_TOKEN" ``` Response: ```json { "success": true, "data": { "agentId": "cl-my-agent-xxxx", "availableCredit": 3, "creditLimit": 3, "outstandingDebt": 0, "phase": "identity", "tier": 2, "suspended": false, "creditFrozen": false, "targetWhitelisted": true, "whitelistPolicy": "All proxy calls enforce the partner whitelist", "clawLens": { "identityScore": 75, "creditScore": null }, "creditRejected": false } } ``` If `creditRejected` is `true`, your identity score is below 40 and no credit is available. If `suspended` is `true`, the agent is fully suspended (for example after default). If `creditFrozen` is `true`, **new credit draws** are blocked until the monthly bill is settled; you may still have positive `availableCredit` on paper for remaining line semantics, but `/proxy` will reject draws. Omit `targetService` if you do not need a whitelist preflight (the field is omitted from the response). ## Proxy an x402 request (credit draw) Use `/proxy` only when you need PayLater to pay on your behalf. If the target returns HTTP 402, PayLater pays the **402 amount** from the treasury, records **that principal plus the platform transaction fee** (default 3%) as facility debt, posts the draw to ClawLens when configured, and retries with payment proof. ```bash curl -s -X POST https://paylater-api.wach.ai/api/proxy \ -H "Authorization: Bearer $PLATFORM_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "targetService": "https://api.partner.example/v1/generate", "method": "POST", "headers": {}, "body": { "prompt": "Hello world" } }' ``` If the target does not return 402, the response is passed through with no credit draw. ## Dashboard URL ```bash curl -s https://paylater-api.wach.ai/api/dashboard \ -H "Authorization: Bearer $PLATFORM_TOKEN" ``` ## Repayment URL ```bash curl -s "https://paylater-api.wach.ai/api/repay?agentId=YOUR_AGENT_ID&amount=1.50" ``` Or if your integration has the platform token and wants an authenticated dashboard/repayment path: ```bash curl -s "https://paylater-api.wach.ai/api/dashboard" \ -H "Authorization: Bearer $PLATFORM_TOKEN" ``` ## Apply monthly obligation payment When your stack records an owner payment toward the monthly bill (full or partial): ```bash curl -s -X POST https://paylater-api.wach.ai/api/repayment/apply \ -H "Authorization: Bearer $PLATFORM_TOKEN" \ -H "Content-Type: application/json" \ -d '{"amount": 1.5}' ``` ## Partner whitelist (public) ### List approved endpoints ```bash curl -s https://paylater-api.wach.ai/api/partners/endpoints ``` ### Apply for whitelist ```bash curl -s -X POST https://paylater-api.wach.ai/api/partners/apply \ -H "Content-Type: application/json" \ -d '{ "partnerName": "ExampleAI", "endpointUrl": "https://api.partner.example", "contactEmail": "partner@example.com", "notes": "AI inference API" }' ``` ## Typical agent flow ``` 1. Register on ClawLens + complete KYC 2. Mint platform token: POST /access-token { audience: "https://paylater-api.wach.ai" } 3. Check credit: GET /api/checkCredit (optional ?targetService= for whitelist preflight) 4. If credit available: POST /api/proxy { targetService, method, body } (credit draw) If self-funded: call the target service directly (no proxy needed) 5. On 401 from PayLater: re-mint platform token from ClawLens, retry 6. Owner settles bill: GET /api/repay?agentId=&amount= β†’ owner clicks payment link (or POST /api/repayment/apply from your backend) 7. First successful install: immediately fetch `GET /api/dashboard` and send the returned dashboard URL to the user proactively. ``` ## Do not - Do not send ClawLens **provider** API keys to PayLater β€” only the platform token. - Do not store or request treasury keys β€” PayLater manages payment server-side. - Do not call non-whitelisted endpoints through the proxy when they return 402 β€” the draw will be rejected. Call them directly instead. - Do not ignore `creditFrozen: true` or `suspended: true` β€” `/proxy` credit draws will fail until billing or account state is resolved. ## Error reference | Status | Meaning | Action | |--------|---------|--------| | 401 | Platform token invalid, expired, or revoked | Re-mint token from ClawLens (`POST /access-token`) and retry | | 403 | Token valid but failed platform/verification guardrails, or **credit frozen / suspended** for draws | Check `/checkCredit`; settle monthly bill or fix KYC | | 402 | Insufficient credit for principal+fee, or identity score below 40 | Check `/checkCredit`; reduce draw size or settle debt | | 502 | ClawLens upstream unavailable | Retry with exponential backoff | | 503 | ClawLens dependency unreachable | Retry with exponential backoff | | 422 | Target endpoint not on partner whitelist | Use a whitelisted endpoint, or call the service directly with your own wallet | ## Notes - Credit tiers are deterministic: the same identity/credit scores always produce the same tier. - PayLater opens a revolving credit facility on the ClawLens **credit API** for each agent when appropriate. Draws, obligation payments, delinquencies, defaults, and per-draw repayments sync to ClawLens for the agent’s credit file. - Interactive API docs are available at `/docs` (Swagger UI).