Cookbook
Sign as tier-4
Heightened authorization for high-stakes signing — board consent, charter amendment, financing close. Always pairs with a human gate.
Last updated
Heightened authorization for high-stakes signing — board consent, charter amendment, financing close. Always pairs with a human gate.
Trigger
A document requires a tier-4 authorization — typically anything that materially changes the cap table or governance.
Call sequence
1. Request authorization
POST /v1/authorizations { resource: doc, tier: 4 }2. Human approves in dashboard.
// out-of-band approval3. Sign once approved
POST /v1/documents/{doc}/sign { authorization }Idempotency
Authorization request idempotent on `(resource, tier)`.
Webhooks
| Event | Description |
|---|---|
authorization.approved | Human approved. |
document.signed | Signed under tier-4. |
Errors
| Status | Code | Description |
|---|---|---|
409 | authorization_pending | No human has approved yet. |
Tier-4 is the only tier where an electronic agent signs on the principal's
behalf without a per-action human click. The legal basis is UETA §14: an
electronic agent acts for the principal that configured it, provided the
principal has affirmatively pre-authorized the class of action. Matter
encodes that pre-authorization as a list of AcknowledgementSlug values
on the AgentPolicy. Slugs expire 90 days after policy activation and
require re-affirmation by a natural-person stakeholder.
Hard floor
Operations marked x-matter-hitl: { required: true } (dissolve, M&A
close, grants over $250k, foreign qualifications, service-of-process
routing changes) escalate to human_signature_required regardless of
policy. The list is a hard floor that cannot be waived by a tier-4
standing authority.
Calling a hard-floor verb returns:
{
"type": "https://docs.mattermode.com/errors/human_signature_required",
"title": "Human signature required",
"status": 403,
"detail": "POST /v1/entities/{id}/dissolve requires a human signature. Tier-4 standing authority cannot satisfy the hard-floor HITL list.",
"authorization_id": "auth_8mY3pQrL",
"approval_url": "https://app.mattermode.com/authorizations/auth_8mY3pQrL"
}Surface the approval_url to the registered human principal. Once they
counter-sign in the dashboard (or via POST /v1/authorizations/{id}/sign),
the cascade resumes. See legal basis for the
full hard-floor list.
Create the AgentPolicy
The policy is the durable governance record. Slugs listed in
standing_acknowledgements are pre-affirmed across every mutation made
under the resulting tokens, until the 90-day window expires.
curl -X POST https://api.mattermode.com/v1/agent_policies \
-H "Authorization: Bearer $MATTER_KEY" \
-H "Matter-Version: 2026-05-01" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{
"name": "studio-formation-autopilot-v1",
"tier_max": 4,
"allowed_endpoints": [
"POST /v1/entities",
"POST /v1/entities/{id}/submit",
"POST /v1/documents/{id}/sign"
],
"standing_acknowledgements": [
{"slug": "agent_action_binds_principal", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "tier_4_standing_authority_acknowledged", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "formation_is_legally_binding", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "formation_creates_tax_obligations", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "not_legal_advice", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "not_tax_advice", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200}
],
"spend_limit_per_period": {
"amount": {"value": 500000, "currency": "usd"},
"period": "month"
},
"frequency_caps": {
"entities.submit": {"per_day": 3}
},
"escalation_email": "ops@studio.example"
}'Mint a tier-4 token bound to the policy via POST /v1/tokens with
tier: tier_4 and agent_policy_id: pol_…. The token inherits the
policy's allowed endpoints, spend limit, and pre-affirmed slugs. The
response's secret field carries the bearer string exactly once —
never re-fetchable.
Frequency cap exceeded
frequency_caps.entities.submit.per_day = 3. The fourth submit in a
24-hour window fails:
{
"type": "https://docs.mattermode.com/errors/standing_authorization_limit_exceeded",
"title": "Standing authorization limit exceeded",
"status": 403,
"detail": "Frequency cap reached: entities.submit per_day = 3. Resets at 2026-04-27T00:00:00Z.",
"limit_kind": "frequency",
"operation_id": "submitEntity",
"resets_at": 1745798400
}Either wait for the reset, or escalate the action through a human-signed
Authorization.
Spend cap exceeded
spend_limit_per_period.amount = $5,000 / month. The mutation whose
computed fee would push consumption past the cap fails with the same
error class:
{
"type": "https://docs.mattermode.com/errors/standing_authorization_limit_exceeded",
"title": "Standing authorization limit exceeded",
"status": 403,
"detail": "Spend cap reached: $5,000.00 / month. Action would consume $189.00; $4,872.00 already consumed.",
"limit_kind": "spend",
"operation_id": "createFiling",
"resets_at": 1746057600
}Raise the cap on the policy (creates a new policy version and requires a human re-affirmation of standing slugs), or wait for the period to reset.
What the signature record looks like
Every signature produced under a tier-4 token records the legal basis on
the underlying Document:
{
"signer_stakeholder_id": "stk_F0und3rCEO",
"legal_basis": "ueta_electronic_agent",
"signed_at": 1745684012,
"agent_authority": {
"token_id": "tok_StudioBotV1",
"principal_human_id": "usr_F0und3rCEO",
"agent_id": "agt_StudioBot",
"standing_policy_id": "pol_8mY3pQrL",
"acknowledgements": [
{"slug": "formation_is_legally_binding", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200},
{"slug": "formation_creates_tax_obligations", "version": "2026-04-01", "accepted_by_stakeholder_id": "stk_F0und3rCEO", "accepted_at": 1745683200}
]
}
}The agent_authority block is what makes the signature defensible: it
names the human principal, the standing policy, and every acknowledgement
that was in force at signing time.
Common errors
| Code | What happened | Recovery |
|---|---|---|
human_signature_required | Operation is on the HITL hard floor (dissolve, M&A close, qualification, SOP routing, grants > $250k). | Surface the approval_url; resume after the human counter-signs the Authorization. |
standing_authorization_limit_exceeded (limit_kind: frequency) | Per-period frequency cap hit. | Wait for resets_at, or push the action through a human-signed Authorization. |
standing_authorization_limit_exceeded (limit_kind: spend) | Cumulative spend cap reached. | Raise the cap on a new policy version (requires human re-affirmation), or wait for the period reset. |
acknowledgement_required | A required slug is not on the policy and not in the per-call body. | Either add the slug to standing_acknowledgements (re-versioned policy) or include it inline on the mutation. |
acknowledgement_expired | A standing slug is past its 90-day window. | A natural-person stakeholder must re-affirm via the dashboard or POST /v1/acknowledgements. |
Full taxonomy: errors.
Related
- Agents and tokens — tier model and policy DSL
- Legal basis —
wet_signature/esra_consent/ueta_electronic_agentand the HITL hard-floor list - Sign as a tier-3 agent — per-action human countersign for tiers below 4
- Form an entity with an autonomous agent — end-to-end formation under this token