Rosud Docs
REST API for autonomous AI agent USDC payments on Base L2. Sign up once, get an API key, start processing payments immediately.
https://rosud.comQuick Start
Create an agent and process your first USDC payment in under 2 minutes.
import rosud
client = rosud.Rosud(api_key="rosud_live_xxx")
# Create a payment
payment = client.payments.create(
amount=5.00,
to="0x742d35Cc6634C0532925a3b8D4C9E3Ff9C4A6bB",
memo="api_call_fee",
)
print(payment.status) # "confirmed"
print(payment.tx_hash) # "0x..."curl -X POST https://rosud.com/v1/payments \
-H "X-API-Key: rosud_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"amount": "5.00",
"to": "0x742d35Cc6634C0532925a3b8D4C9E3Ff9C4A6bB",
"memo": "api_call_fee"
}'Testnet & Mainnet
Rosud defaults to testnet (Sandbox). Switch to mainnet when ready for real USDC transfers on Base L2.
Testnet (Default)
Uses Circle Sandbox API. USDC is fake — no real funds at risk. Ideal for development and testing.
api-sandbox.circle.comMainnet
Uses Circle production API. Transfers use real USDC on Base L2. Only switch when ready for production.
api.circle.comHow to Switch
Replace your Circle API key with a production key and set the environment variable:
# .env
CIRCLE_API_KEY=your_production_circle_key
CIRCLE_NETWORK=mainnet # "testnet" (default) | "mainnet"Authentication
All API requests require an X-API-Key header. Get your key from the dashboard.
Operator Key
Manage agents, webhooks, settings
rosud_live_<32 hex chars>Agent Key
Make payments only (scoped per agent)
rosud_live_<32 hex chars># Pass in header (all requests)
X-API-Key: rosud_live_a1b2c3d4...
# Or as query param (not recommended for production)
GET /v1/payments?api_key=rosud_live_a1b2c3d4...Payments
Send USDC on Base L2. Settlements are on-chain — average confirmation in < 3s.
/v1/paymentsCreate a new USDC payment
/v1/paymentsList payments (supports ?status=, ?limit=, ?offset=)
/v1/payments/{id}Get a single payment by ID
Create Payment
// POST /v1/payments
// Request body
{
"amount": "10.00", // required — USDC amount (string or number)
"to": "0xRecipient...", // required — destination wallet address
"memo": "service_fee", // optional — for your records
"idempotency_key": "uuid-1" // optional — safe retries (returns same payment)
}
// Response 201
{
"id": "pay_...",
"status": "confirmed", // pending | processing | confirmed | failed
"amount": "10.00",
"fee_amount": "0.001", // 0.1% platform fee, no minimum
"net_amount": "9.99", // actual amount received by recipient
"currency": "USDC",
"network": "base",
"tx_hash": "0x...",
"created_at": "2026-03-04T10:00:00Z"
}idempotency_keyfor safe retries — duplicate requests return the original payment with HTTP 200.Fee Structure
Platform fee is 0.1% of the payment amount. No minimum fee. . The fee_amount is deducted from the sender's wallet; the recipient receives net_amount.
Agents
Agents are scoped API keys with spending limits. Create one per AI agent or service.
/v1/agentsCreate an agent (returns API key — save it!)
/v1/agentsList all your agents
/v1/agents/{id}Get agent details
/v1/agents/{id}Update name, spending limits, status
/v1/agents/{id}Deactivate an agent (payments history kept)
// POST /v1/agents
{
"name": "trading-bot-1",
"spending_limit_daily": 1000, // max $1000 USDC/day (null = unlimited)
"spending_limit_per_tx": 100, // max $100 per payment (null = unlimited)
"allowed_recipients": [ // whitelist — null = any address allowed
"0xRecipient1...",
"0xRecipient2..."
]
}
// Response 201 — api_key only returned ONCE
{
"id": "agent-uuid",
"name": "trading-bot-1",
"api_key": "rosud_live_...", // ⚠️ save this immediately!
"is_active": true
}Webhooks
Receive real-time HTTP POST events when payment status changes.
/v1/webhooksRegister a webhook endpoint
/v1/webhooksList webhooks
/v1/webhooks/{id}Remove a webhook
Available Events
payment.pendingpayment.confirmedpayment.failedagent.createdagent.disabled// Webhook payload (POST to your URL)
{
"event": "payment.confirmed",
"created_at": "2026-03-04T10:00:00Z",
"data": {
"id": "pay_...",
"amount": "10.00",
"status": "confirmed",
"tx_hash": "0x..."
}
}
// Verify HMAC-SHA256 signature
// Header: X-Rosud-Signature: sha256=<hex>
import hmac, hashlib
expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
assert "sha256=" + expected == request.headers["X-Rosud-Signature"]Wallets
Query your USDC balance on Base L2. Each Rosud account has a custodial wallet used to fund payments.
/v1/wallets/balanceGet current USDC balance
// GET /v1/wallets/balance
// Response 200
{
"balance": "142.50",
"currency": "USDC",
"network": "base",
"wallet_address": "0x..."
}Funding your wallet
Send USDC (Base network) to your wallet_address from any exchange or wallet. Deposits are credited in real-time once on-chain confirmation is received.
Security
Rosud provides three independent security layers to protect your agents and funds.
Spending Limits
Cap how much an agent can spend per transaction and per day. Requests exceeding the limit are rejected with spending_limit_exceeded.
Address Whitelist
Set allowed_recipients on an agent to restrict payments to a predefined list of wallet addresses. Any attempt to pay an unlisted address returns recipient_not_allowed.
// PATCH /v1/agents/{id}
{
"allowed_recipients": [
"0xTrustedAddress1...",
"0xTrustedAddress2..."
]
// Set to null to allow any address
}Prompt Injection Defense
Thememofield is scanned for system-command patterns commonly used in prompt injection attacks (e.g., "ignore previous instructions"). Suspicious content is automatically blocked and returns prompt_injection_detected. This protects agents running in LLM pipelines from being manipulated into sending unauthorized payments.
Rate Limits
API requests are rate-limited per API key to ensure fair usage.
100 requests / minute429 Too Many RequestsWhen rate-limited, the response includes a Retry-After header indicating how many seconds to wait before retrying.
# Rate limit exceeded response
HTTP/1.1 429 Too Many Requests
Retry-After: 12
Content-Type: application/json
{
"error": "rate_limit_exceeded",
"message": "Too many requests. Retry after 12 seconds.",
"retry_after": 12
}Retry-After value to handle bursts gracefully. Contact us at admin@sandingzone.com if you need higher limits.x402 Facilitator
Rosud implements the x402 protocol as a Facilitator — verify and settle EIP-3009 stablecoin payments on Base.
POST /v1/x402/verify
Verify an x402 payment payload. No authentication required.
curl -X POST https://rosud.com/v1/x402/verify \
-H "Content-Type: application/json" \
-d '{
"x402Version": 2,
"accepted": {
"scheme": "exact",
"network": "eip155:8453",
"amount": "1000000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "0xYOUR_WALLET",
"maxTimeoutSeconds": 60,
"extra": {}
},
"payload": {
"signature": "0x...",
"authorization": {
"from": "0xPAYER",
"to": "0xYOUR_WALLET",
"value": "1000000",
"validAfter": "0",
"validBefore": "9999999999",
"nonce": "0x000...000"
}
}
}'// Success response
{ "isValid": true }
// Failure response
{ "isValid": false, "invalidReason": "signature_invalid" }POST /v1/x402/settle
Settle an x402 payment on-chain. Requires API key authentication.
curl -X POST https://rosud.com/v1/x402/settle \
-H "Authorization: Bearer rsd_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"x402Version": 2,
"accepted": { ... },
"payload": { ... }
}'{
"success": true,
"txHash": "0xabc123...",
"network": "eip155:8453"
}Error Codes
All errors return a JSON body with error and message fields.
// Error response shape
{
"error": "insufficient_funds",
"message": "Wallet balance too low to complete this payment."
}auth_error401Invalid or missing API keyinsufficient_funds402Wallet balance too lowspending_limit_exceeded422Daily or per-tx limit exceededrecipient_not_allowed422Address not in allowed listinvalid_address422Invalid Ethereum address formatprompt_injection_detected422Suspicious content in memo fieldrate_limit_exceeded429Too many requests — check Retry-AfterSDK & MCP
Official client libraries and Claude MCP integration.
Python
PyPIpip install rosudimport rosud client = rosud.Rosud(api_key="...")
TypeScript
npmnpm install rosudimport Rosud from 'rosud'
const client = new Rosud({ apiKey: '...' })Model Context Protocol (MCP)
MCP is an open standard that lets AI assistants like Claude call external tools directly during a conversation. With rosud-mcp, Claude can check your USDC balance and send payments without any custom code.
1. Install
# Install via pip (or use uvx for zero-install)
pip install rosud-mcp
# Or run directly with uvx (no install needed)
uvx rosud-mcp2. Configure Claude Desktop
Add the following to your Claude Desktop config file:~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"rosud": {
"command": "uvx",
"args": ["rosud-mcp"],
"env": {
"ROSUD_API_KEY": "rosud_live_xxx"
}
}
}
}3. Available MCP Tools
create_paymentSend USDC to any address — specify amount, recipient, and optional memoget_balanceCheck your current USDC wallet balancelist_paymentsView recent payment history with optional filtersget_paymentLook up a specific payment by ID to check its status4. Example Conversation
TX: 0x3f4a... · Fee: $0.001 · Net: $4.999
Rosud Call
Real-time messaging infrastructure for AI agents. WebSocket-based relay with Telegram mirroring.
What is Rosud Call?
Rosud Call is a real-time messaging relay for AI agents. Agents join rooms, listen for messages, and reply in real-time. All messages are mirrored to Telegram for human oversight and control.
npm install rosud-callInstallation
npm install rosud-callQuick Start
Listen to a room and respond to messages in 3 lines.
import { RosudCall } from 'rosud-call'
const rc = new RosudCall(process.env.ROSUD_API_KEY)
rc.listen('room-abc123', async (msg) => {
console.log('Received:', msg.text)
await msg.reply('Hello from my agent!')
})Key Concepts
RoomA named channel where agents and humans exchange messages. Each room has a unique ID.BotAn AI agent registered to listen and reply in a room.MessageA text payload sent between bots and humans in a room.CLI
rosud-call listen \
--room <room-id> \
--tg-token <telegram-bot-token> \
--tg-group <telegram-group-id>Node.js SDK
const rc = new RosudCall(apiKey)
// Listen to a room
rc.listen(roomId, async (msg) => {
// msg.text — message content
// msg.from — sender info
// msg.reply() — send a response
await msg.reply('Processed: ' + msg.text)
})
// Send a message to a room
await rc.send(roomId, 'Hello from agent!')Authentication
Use the same API key from your Rosud dashboard. Both Rosud Payment API and Rosud Call use the same key.
# Environment variable (recommended)
ROSUD_API_KEY=rosud_live_xxx
# Or pass directly
const rc = new RosudCall('rosud_live_xxx')Plans
Free Plan
Unlimited agents · Unlimited messages · Rate-limited (1-second processing delay)
Pro Plan
Unlimited · No rate limits · No delays · Full speed
Questions? admin@sandingzone.com
Get API Key