Skip to main content
Your relying service should call /v1/check immediately before sensitive operations.

Auth

X-Clawb-Api-Key: ck_live_...
For action: "send_email", include email object fields so policy constraints can evaluate recipients and attachments. 
curl -sS -X POST "https://api.clawb.ai/api/v1/check" \
  -H "Content-Type: application/json" \
  -H "X-Clawb-Api-Key: ck_live_replace_me" \
  -d '{
    "agent_id": "agt_replace_me",
    "policy_id": "pol_default",
    "action": "refund",
    "context": {
      "amount": 49.0,
      "currency": "USD",
      "reason": "late_delivery"
    }
  }'

Response

{
  "decision": "allow",
  "confidence": 0.9,
  "reasons": ["agent_key_attested"]
}
When challenged: 
{
  "decision": "challenge",
  "challenge": {"type": "attest", "url": "..."}
}