Developer Platform API

Base URL: https://api.icme.io/v1

Authentication: X-API-Key: YOUR_KEY

Accounts

POST /v1/createUserX402

Create an account via x402 USDC payment on Base. $5.00 one-time fee. No API key required.

The x402 middleware handles payment automatically. Send the request — if unpaid, you'll receive a 402 with payment requirements. Pay $5.00 USDC on Base, then retry with the Payment-Signature header. Returns API key and 325 starting credits.

json

{"username": "my-agent"}

json

{
  "user_id": "uuid",
  "username": "my-agent",
  "api_key": "sk-smt-my-agent-...",
  "credits": 325,
  "message": "Account created with 325 starting credits. Save your api_key — it will not be shown again."
}

Save your api_key immediately. It is shown only once. Use it as the X-API-Key header for all authenticated endpoints.

POST /v1/createUserCard

Create an account via card payment. No crypto required. Returns a Stripe Checkout URL.

json

json

After paying, call GET /v1/session/{session_id} to retrieve your API key.

POST /v1/createUser

Create an account via USDC on Base (Stripe deposit flow). $5.00 one-time fee. Gives 325 credits.

json

Call without stripe_payment_intent_id to receive a deposit address. Send exactly $5.00 USDC to payTo on Base, then retry with stripe_payment_intent_id.

POST /v1/topUpX402

Add 500 credits via x402 USDC payment on Base. $5.00. Requires X-API-Key header.

No request body needed. The x402 middleware handles payment — retry with Payment-Signature after paying.

json

POST /v1/topUpCard

Add credits via card payment. No crypto required. Returns a Stripe Checkout URL.

json

After paying, call GET /v1/session/{session_id} to confirm credits were added.

POST /v1/topUp

Add credits via USDC on Base (Stripe deposit flow). Call with empty body to see tiers and current balance.

json

GET /v1/session/{session_id}

Poll after a card payment to retrieve account info or confirm credits. No API key required.

Returns status: pending while payment is processing, status: complete once done. For signup, the response includes api_key — save it, it will not be shown again.

Policy

POST /v1/makeRules

Compile a natural language policy to formal logic. Streams via SSE. 300 credits.

Write your guardrail policy in plain English. Preflight compiles it to SMT-LIB formal logic and returns a policy_id + scenarios for review.

scenarios are generated by ICME Preflight from your compiled rules, sorted to surface the most likely-to-be-wrong variable combinations first. Review them before using the policy in production. See Battle Testing Rules.

GET /v1/policy/{id}/scenarios

Retrieve saved scenarios for a policy. Scenarios are refreshed after each refinePolicy call.

POST /v1/submitScenarioFeedback

Submit thumbs-up or thumbs-down feedback on a scenario. Returns immediately — no SSE.

• approved: true — saves a test case with the expected result. No rebuild.

• approved: false — saves a test case and queues the annotation for the next refinePolicy call. Requires annotation explaining why the scenario is wrong. Be specific — name the variables, the values, and which rule is violated.

POST /v1/refinePolicy

Apply all queued thumbs-down annotations in a single rebuild. Streams via SSE.

Batches all pending annotations, submits them to ICME Preflight, polls until the build completes, compiles new SMT, updates the guardrail in place, and writes the refined policy back to the database. Your policy_id does not change.

POST /v1/runPolicyTests

Run all saved test cases against the compiled policy.

test_case_ids is optional. If omitted, all saved test cases for the policy are run.

Relevance Screening

Free relevance screen. Checks whether an action touches any of your policy variables before running a paid check. No credits charged. Requires X-API-Key header.

threshold is optional. Default 0.0, meaning any match triggers should_check: true. Raise it to skip actions that only touch a small fraction of your policy.

should_check: true means the action is relevant to your policy. Run checkIt before executing. should_check: false means zero variables matched. Proceed without a paid check.

Use before every checkIt call to avoid paying for irrelevant actions like reading files, formatting text, or summarizing content.

Checking Actions

POST /v1/checkItPaid

Check an agent action against a compiled policy via x402 payment. $0.10 per call. No API key required.

json

json

result is SAT (permitted) or UNSAT (blocked). Every decision returns a check_id which serves as a cryptographic audit receipt.

Writing action strings: End every action string with an explicit claim — "Therefore this transfer is permitted." State every policy variable explicitly in the action. Do not rely on the extractor to infer missing values.

POST /v1/checkIt

Check an agent action against a compiled policy. 1 credit. Requires X-API-Key header.

Same as checkItPaid but authenticated via API key and deducts 1 credit. Returns SSE stream with progress and final result. This is the cheapest path if you already have credits from signup (325 free) or topUp.

json

POST /v1/verify

Check structured values directly against a policy. No LLM extraction. 1 credit. Requires X-API-Key header.

Returns a minimal ALLOWED or BLOCKED verdict.

json

json

POST /v1/verifyPaid

Check any policy with no account. $0.10 per call via USDC on Base (Stripe deposit flow). No API key required.

json

Call without payment header to receive a deposit address. Send exactly $0.10 USDC to payTo on Base, then retry.

ZK Proofs

POST /v1/verifyProof

Verify a zero-knowledge proof from a prior checkIt/checkItPaid call. No additional cost — the proof generation was paid for by the original check. Wait a few minutes after the check for the proof to be ready.

Single-use: each proof can only be verified once. Subsequent calls return 409.

json

GET /v1/proof/{id}

Retrieve proof metadata including validity, trace length, and timing. Add ?include_bytes=true to include the raw proof hex.

GET /v1/proof/{id}/download

Download raw ZK proof binary. Single-use — marks the proof as consumed.

Payment Flows

x402 (Recommended for Agents)

Fully autonomous — no accounts, no API keys for checkItPaid and createUserX402.

1. Call the endpoint → receive 402 with payment requirements in the response body

2. Sign and submit USDC payment on Base

3. Retry the request with Payment-Signature header

x402 client libraries (@x402/fetch, x402-reqwest, agentcash) handle this automatically.

Card

1. Call /v1/createUserCard or /v1/topUpCard

2. Open checkout_url — pay with card, Apple Pay, etc.

3. Poll GET /v1/session/{session_id} to confirm and retrieve your API key or updated balance

USDC on Base (Stripe Deposit)

1. Call endpoint without stripe_payment_intent_id → receive 402 with payTo address

2. Send exact USDC amount to payTo on Base (eip155:8453)

3. Retry request with stripe_payment_intent_id set

Amounts must be exact. Each PaymentIntent is single-use.

Credit Budget

After signup you have 325 credits — enough for 1 policy + 25 checks.

Live Demo Policy

Policy ID: f6e3cd15-9e28-45c4-9f4c-683edd63e468

Try checkItPaid against this policy for $0.10:

bash

Discovery

Your server exposes two discovery documents for x402scan and agent tooling:

• GET /openapi.json — OpenAPI 3.1.0 spec with info.guidance for agent onboarding

• GET /.well-known/x402 — x402 v1 fallback listing payable resources

x402scan listing: x402scan.com/server/a90f142f-33fd-4a22-a57f-1772f85d72f5