Testing Spending Policies
This guide focuses on policy semantics: how rules, actions, and priorities combine, and how to prove it with a three-tier threshold test that approves, requires approval, or denies payments based on amount. For environment choices (agent sandbox vs testnet), counterparty and time-window scenarios, and production migration, see Testing Payments Safely.Prerequisites
A Conto account and organization
An active agent with a linked, funded wallet and an SDK key in
CONTO_API_KEY. The Quickstart walks through creating the wallet, connecting the agent, and generating the keyWhat You’ll Build
| Amount Range | Expected Result | Policy |
|---|---|---|
| 10 | Approved automatically | Under all thresholds |
| 15 | Requires approval | Exceeds approval threshold |
| $15+ | Denied | Exceeds max transaction amount |
Step 1: Verify Your Setup
Before creating policies, confirm the agent is correctly configured:agent.statusis"ACTIVE"walletsarray is not empty
Step 2: Create Policies
Create two policies to test different enforcement behaviors.Policy A: Spend Limit
Create the policy
Go to Policies in the sidebar and click Create Policy.
- Name: “Manual Spend Test”
- Description: “Deny transactions over $15”
- Policy Type: SPEND_LIMIT
Add a rule
| Field | Value |
|---|---|
| Rule Type | MAX_AMOUNT |
| Operator | LTE |
| Value | 15 |
| Action | ALLOW |
How rule actions work:
ALLOW+LTE $15means: “Allow transactions where the amount is ≤ $15”- Transactions that do NOT match the ALLOW condition are implicitly denied
DENY+GT $15achieves the same effect: “Deny transactions where amount > $15”REQUIRE_APPROVAL+GT $10means: “Require manual approval when amount > $10”
Policy B: Approval Threshold
Create the policy
- Name: “Manual Approval Test”
- Description: “Require approval for transactions over $10”
- Policy Type: APPROVAL_THRESHOLD
Step 3: Assign Policies to the Agent
You can re-run the
GET /api/sdk/setup call from Step 1 to confirm policies now shows both assigned policies.
Step 4: Run Test Transactions
Usecurl or any HTTP client to test the three scenarios.
Test 1: $5 Payment (Expect: APPROVED)
Test 2: $12 Payment (Expect: REQUIRES_APPROVAL)
Test 3: $20 Payment (Expect: DENIED)
Step 5: Execute an Approved Payment
If Test 1 returnedAPPROVED, you can execute it onchain:
txHash and an explorer URL to verify onchain.
Using the SDK Instead of curl
The same three tests in TypeScript (conto.payments.request with amounts 5, 12, and 20) are shown in the Quickstart’s SDK step.
Editing Wallet Limits After Setup
If you need to change wallet spending limits after the initial setup:- Go to the agent detail page
- Open the Overview or Wallets tab
- Click the pencil icon next to the wallet
- Update per-transaction, daily, weekly, or monthly limits
- Click Save Changes
How Policy Evaluation Works
Conto evaluates wallet-level limits first, then policy rules with AND logic. The first DENY stops evaluation. Org-level policies stack with agent-level policies. See Policy Overview for the full reference.Troubleshooting
These accordions cover policy-semantics issues. For setup issues (lost SDK keys, unfunded wallets), see the Quickstart troubleshooting; for environment and scenario issues, see Testing Payments Safely.Payment denied but I expected REQUIRES_APPROVAL
Payment denied but I expected REQUIRES_APPROVAL
Multiple policies are evaluated with AND logic. If one policy denies while another would require approval, the denial takes priority. Check which policies are assigned in the Permissions tab.
Wrong policy is triggering
Wrong policy is triggering
Policies at the same priority level are all evaluated. If both an approval threshold (
>$10)
and a spend limit (>$15) match, DENY wins over REQUIRES_APPROVAL. Priority changes sort
order only; it does not override a failing rule.Organization policies are overriding my agent policies
Organization policies are overriding my agent policies
Org-level policies apply to all agents. If a Starter policy caps transactions at 100, the $25 cap wins. Check with your org admin.
Next Steps
Policy Types
Explore all available policy rule types
SDK Reference
Full SDK payment methods and options
Time Windows
Restrict payments to specific hours and days
Counterparties
Allowlist and blocklist recipient addresses