Purchase Intents API

Build governed buy-online flows with Dino purchase intents.

Use Dino purchase intents when you want a structured buy-online lifecycle instead of direct one-step spend calls.

#Endpoint flow

  1. POST /v1/purchase-intents — create intent
  2. POST /v1/purchase-intents/:id/authorize — run policy/approval
  3. POST /v1/purchase-intents/:id/issue-payment-credential — issue one-time exact-amount payment handle
  4. GET /v1/purchase-intents/:id — read current status

#Example: create

curl -sS -X POST "https://api.dino.id/v1/purchase-intents" \
  -H "Authorization: Bearer YOUR_DINO_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: $(uuidgen)" \
  -d '{
    "product_url": "https://example.com/products/demo-item",
    "quantity": 1,
    "currency": "usd",
    "max_total_cents": 5000,
    "buyer": {
      "first_name": "John",
      "last_name": "Doe",
      "email": "john@example.com",
      "phone": "+15551234567",
      "address1": "123 Main St",
      "city": "New York",
      "province": "NY",
      "postal_code": "10001",
      "country": "US"
    }
  }'

#Example: authorize

curl -sS -X POST "https://api.dino.id/v1/purchase-intents/INTENT_ID/authorize" \
  -H "Authorization: Bearer YOUR_DINO_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "expected_total_cents": 4599,
    "merchant_name": "example.com",
    "reason": "Authorize online purchase"
  }'

Authorization outcomes:

  • approved
  • declined
  • needs_approval

#Example: issue one-time exact-amount credential

curl -sS -X POST "https://api.dino.id/v1/purchase-intents/INTENT_ID/issue-payment-credential" \
  -H "Authorization: Bearer YOUR_DINO_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "provider":"stripe_proxy_card",
    "credential_mode":"one_time_exact_amount",
    "ttl_seconds":900,
    "merchant_lock":"example.com"
  }'

Response fields include:

  • payment_credential_handle
  • one_time_exact_amount
  • approved_amount_cents
  • credential_expires_at

#Webhook events

Purchase-intent lifecycle events:

  • purchase_intent.created
  • purchase_intent.authorized
  • purchase_intent.needs_approval
  • purchase_intent.declined
  • purchase_intent.execution_started
  • purchase_intent.completed
  • purchase_intent.failed

See Agent Spend Webhooks for signature verification and retry behavior.

#Suggested integration shape

Keep the model boundary narrow:

  • create intent
  • authorize intent
  • read status

Then route execution through your adapter runtime using Dino-issued credential handles.