Create agent policy

Last updated Jun 14, 2026

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

namestringRequired

tier_maxintegerRequired

allowed_endpointsarray<string>Optional

denied_endpointsarray<string>Optional

resourcesarray<string>Optional

conditionsobjectOptional

JSON predicates evaluated at request time. Examples: {"livemode": true}, {"entity.jurisdiction": ["US-DE"]}.

require_human_signature_forarray<string>Optional

Operation IDs that always pause for human signature, even at tier-4.

spend_limit_per_periodobjectOptional

amountobjectOptional

Currency amount in the smallest unit (cents for USD).

amountintegerRequired

Integer in smallest unit. 100 = USD 1.00.

currencystringRequired

ISO 4217 alpha-3, lower-cased.

periodstringOptional

One of"hour""day""week""month""quarter"

reset_atintegerOptional

escalation_emailstring<email>Optional

Format email

metadataobjectOptional

Flat string-to-string map. Up to 50 keys. Keys: max 40 chars, charset [A-Za-z0-9_\\-.]. Values: max 500 chars. Keys prefixed matter_ are reserved for platform use. Metadata is retrievable but not filterable via query params.

Response Body

`application/json`

Request

curl -X POST "https://api.mattermode.com/v1/account/agent_policies" \  -H "Content-Type: application/json" \  -d '{    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }'

const body = JSON.stringify({  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}})fetch("https://api.mattermode.com/v1/account/agent_policies", {  method: "POST",  headers: {    "Content-Type": "application/json"  },  body})

package mainimport (  "fmt"  "net/http"  "io/ioutil"  "strings")func main() {  url := "https://api.mattermode.com/v1/account/agent_policies"  body := strings.NewReader(`{    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }`)  req, _ := http.NewRequest("POST", url, body)  req.Header.Add("Content-Type", "application/json")  res, _ := http.DefaultClient.Do(req)  defer res.Body.Close()  body, _ := ioutil.ReadAll(res.Body)  fmt.Println(res)  fmt.Println(string(body))}

import requestsheaders = {    "Authorization": "Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc",    "Matter-Version": "2026-06-10",    "Idempotency-Key": "ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b",}payload = {    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [        "string"    ],    "denied_endpoints": [        "string"    ],    "resources": [        "string"    ],    "conditions": {},    "require_human_signature_for": [        "string"    ],    "spend_limit_per_period": {        "amount": {            "amount": 50000,            "currency": "usd"        },        "period": "hour",        "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}}resp = requests.post(    "https://api.mattermode.com/v1/account/agent_policies",    headers=headers,    json=payload,)resp.raise_for_status()print(resp.json())

import java.net.URI;import java.net.http.HttpClient;import java.net.http.HttpRequest;import java.net.http.HttpResponse;import java.net.http.HttpResponse.BodyHandlers;import java.time.Duration;import java.net.http.HttpRequest.BodyPublishers;var body = BodyPublishers.ofString("""{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}""");HttpClient client = HttpClient.newBuilder()  .connectTimeout(Duration.ofSeconds(10))  .build();HttpRequest.Builder requestBuilder = HttpRequest.newBuilder()  .uri(URI.create("https://api.mattermode.com/v1/account/agent_policies"))  .header("Content-Type", "application/json")  .POST(body)  .build();try {  HttpResponse<String> response = client.send(requestBuilder.build(), BodyHandlers.ofString());  System.out.println("Status code: " + response.statusCode());  System.out.println("Response body: " + response.body());} catch (Exception e) {  e.printStackTrace();}

using System;using System.Net.Http;using System.Text;var body = new StringContent("""{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}""", Encoding.UTF8, "application/json");var client = new HttpClient();var response = await client.PostAsync("https://api.mattermode.com/v1/account/agent_policies", body);var responseBody = await response.Content.ReadAsStringAsync();

curl --request POST 'https://api.mattermode.com/v1/account/agent_policies' \  --header 'Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc' \  --header 'Matter-Version: 2026-06-10' \  --header 'Idempotency-Key: ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b' \  --header 'Content-Type: application/json' \  --data '{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}'

const response = await fetch("https://api.mattermode.com/v1/account/agent_policies", {  method: "POST",  headers: {    "Authorization": "Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc",    "Matter-Version": "2026-06-10",    "Idempotency-Key": "ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b",    "Content-Type": "application/json",  },  body: JSON.stringify({    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }),});if (!response.ok) {  throw new Error(`Matter API ${response.status}: ${await response.text()}`);}const data = await response.json();console.log(data);

Response

201

Policy created.

application/json

{
  "id": "string",
  "object": "agent_policy",
  "name": "Waypoint Systems, Inc.",
  "tier_max": 1,
  "version": 1,
  "active": false,
  "allowed_endpoints": [
    "string"
  ],
  "denied_endpoints": [
    "string"
  ],
  "resources": [
    "string"
  ],
  "conditions": {},
  "require_human_signature_for": [
    "string"
  ],
  "spend_limit_per_period": {},
  "escalation_email": "jane@example.com",
  "metadata": {},
  "created": 1745539200,
  "updated": 1745539200,
  "livemode": false
}

Create an agent policy.

Create a versioned agent-policy resource — a first-class governance record of what agent tokens may do. Authorizations are evaluated against the active policy. Policy promotion to a resource (vs. inline scope on each token) means policies are versioned, queryable, and the explicit answer to "what can my agent do."

Common patterns: - Tier-2 prepare-only across the portfolio (tier_max: 2). - Tier-3 with per-entity allowlist for portfolio-level tools. - Tier-4 routine-compliance autopilot with spend_limit_per_period, require_human_signature_for: [dissolve, m_and_a_close, registered_agent_change, token_revoke].

Last updated Jun 14, 2026

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

namestringRequired

tier_maxintegerRequired

allowed_endpointsarray<string>Optional

denied_endpointsarray<string>Optional

resourcesarray<string>Optional

conditionsobjectOptional

JSON predicates evaluated at request time. Examples: {"livemode": true}, {"entity.jurisdiction": ["US-DE"]}.

require_human_signature_forarray<string>Optional

Operation IDs that always pause for human signature, even at tier-4.

spend_limit_per_periodobjectOptional

amountobjectOptional

Currency amount in the smallest unit (cents for USD).

amountintegerRequired

Integer in smallest unit. 100 = USD 1.00.

currencystringRequired

ISO 4217 alpha-3, lower-cased.

periodstringOptional

One of"hour""day""week""month""quarter"

reset_atintegerOptional

escalation_emailstring<email>Optional

Format email

metadataobjectOptional

Response Body

`application/json`

Request

curl -X POST "https://api.mattermode.com/v1/account/agent_policies" \  -H "Content-Type: application/json" \  -d '{    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }'

const body = JSON.stringify({  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}})fetch("https://api.mattermode.com/v1/account/agent_policies", {  method: "POST",  headers: {    "Content-Type": "application/json"  },  body})

package mainimport (  "fmt"  "net/http"  "io/ioutil"  "strings")func main() {  url := "https://api.mattermode.com/v1/account/agent_policies"  body := strings.NewReader(`{    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }`)  req, _ := http.NewRequest("POST", url, body)  req.Header.Add("Content-Type", "application/json")  res, _ := http.DefaultClient.Do(req)  defer res.Body.Close()  body, _ := ioutil.ReadAll(res.Body)  fmt.Println(res)  fmt.Println(string(body))}

import requestsheaders = {    "Authorization": "Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc",    "Matter-Version": "2026-06-10",    "Idempotency-Key": "ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b",}payload = {    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [        "string"    ],    "denied_endpoints": [        "string"    ],    "resources": [        "string"    ],    "conditions": {},    "require_human_signature_for": [        "string"    ],    "spend_limit_per_period": {        "amount": {            "amount": 50000,            "currency": "usd"        },        "period": "hour",        "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}}resp = requests.post(    "https://api.mattermode.com/v1/account/agent_policies",    headers=headers,    json=payload,)resp.raise_for_status()print(resp.json())

import java.net.URI;import java.net.http.HttpClient;import java.net.http.HttpRequest;import java.net.http.HttpResponse;import java.net.http.HttpResponse.BodyHandlers;import java.time.Duration;import java.net.http.HttpRequest.BodyPublishers;var body = BodyPublishers.ofString("""{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}""");HttpClient client = HttpClient.newBuilder()  .connectTimeout(Duration.ofSeconds(10))  .build();HttpRequest.Builder requestBuilder = HttpRequest.newBuilder()  .uri(URI.create("https://api.mattermode.com/v1/account/agent_policies"))  .header("Content-Type", "application/json")  .POST(body)  .build();try {  HttpResponse<String> response = client.send(requestBuilder.build(), BodyHandlers.ofString());  System.out.println("Status code: " + response.statusCode());  System.out.println("Response body: " + response.body());} catch (Exception e) {  e.printStackTrace();}

using System;using System.Net.Http;using System.Text;var body = new StringContent("""{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}""", Encoding.UTF8, "application/json");var client = new HttpClient();var response = await client.PostAsync("https://api.mattermode.com/v1/account/agent_policies", body);var responseBody = await response.Content.ReadAsStringAsync();

curl --request POST 'https://api.mattermode.com/v1/account/agent_policies' \  --header 'Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc' \  --header 'Matter-Version: 2026-06-10' \  --header 'Idempotency-Key: ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b' \  --header 'Content-Type: application/json' \  --data '{  "name": "Waypoint Systems, Inc.",  "tier_max": 1,  "allowed_endpoints": [    "string"  ],  "denied_endpoints": [    "string"  ],  "resources": [    "string"  ],  "conditions": {},  "require_human_signature_for": [    "string"  ],  "spend_limit_per_period": {    "amount": {      "amount": 50000,      "currency": "usd"    },    "period": "hour",    "reset_at": 0  },  "escalation_email": "jane@example.com",  "metadata": {}}'

const response = await fetch("https://api.mattermode.com/v1/account/agent_policies", {  method: "POST",  headers: {    "Authorization": "Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc",    "Matter-Version": "2026-06-10",    "Idempotency-Key": "ee7c3a9b-3f1a-4d8e-9b2a-7c5e1f0a2d4b",    "Content-Type": "application/json",  },  body: JSON.stringify({    "name": "Waypoint Systems, Inc.",    "tier_max": 1,    "allowed_endpoints": [      "string"    ],    "denied_endpoints": [      "string"    ],    "resources": [      "string"    ],    "conditions": {},    "require_human_signature_for": [      "string"    ],    "spend_limit_per_period": {      "amount": {        "amount": 50000,        "currency": "usd"      },      "period": "hour",      "reset_at": 0    },    "escalation_email": "jane@example.com",    "metadata": {}  }),});if (!response.ok) {  throw new Error(`Matter API ${response.status}: ${await response.text()}`);}const data = await response.json();console.log(data);

Response

201

Policy created.

application/json

{
  "id": "string",
  "object": "agent_policy",
  "name": "Waypoint Systems, Inc.",
  "tier_max": 1,
  "version": 1,
  "active": false,
  "allowed_endpoints": [
    "string"
  ],
  "denied_endpoints": [
    "string"
  ],
  "resources": [
    "string"
  ],
  "conditions": {},
  "require_human_signature_for": [
    "string"
  ],
  "spend_limit_per_period": {},
  "escalation_email": "jane@example.com",
  "metadata": {},
  "created": 1745539200,
  "updated": 1745539200,
  "livemode": false
}

Create an agent policy.

Request Body

Response Body

201application/json

Create an agent policy.

Request Body

Response Body

201application/json

`application/json`

`application/json`