Quickstart

Step 1: Create an account

Accounts cost $5 to setup. This give you 325 credits to create your first guardrail and try it out.

Option A — Pay with card (no crypto needed):

Open the checkout_url in your browser and pay with card. Then retrieve your API key in your browser — or via curl:

Option B — Pay with USDC on Base:

Send exactly $5.00 USDC to the payTo address on Base, then confirm:

You'll receive your api_key. Save it — you'll need it for every authenticated request.

Pay with card

No crypto wallet required. Use any credit or debit card via Stripe Checkout.

Create an account:

Open the checkout_url in your browser, pay with card, then retrieve your API key:

curl -s -X POST https://api.icme.io/v1/createUserCard \
  -H 'Content-Type: application/json' \
  -d '{"username": "YOUR_USERNAME"}' | jq .
# Returns checkout_url — open in your browser and pay $5.00 by card
# Then retrieve your API key. Via curl or by opening link in browser.
curl -s https://api.icme.io/v1/session/SESSION_ID | jq .

Top up credits:

Open the checkout_url, pay with card, then confirm:

Pay with USDC on Base

For teams that prefer crypto, or for autonomous agents that pay for themselves.

Create an account:

After you pay via USDC — activate your account:

Top up credits:

Step 2: Top up credits

You need credits before compiling a policy (300 credits, $3.00) or checking actions (1 credits, $0.01 each).

Option A — Pay with card (no crypto needed):

Open the checkout_url, pay with card, then confirm in your browser — or via curl:

Option B — Pay with USDC on Base:

Call /v1/topUp with no body to see your balance, then pick a tier:

Send exactly $25.00 USDC to the payTo address on Base, then confirm with the stripe_payment_intent_id.

Credits are added to your account immediately on confirmation.

Step 3: Compile a policy

Call /v1/makeRules with your policy in plain English. This streams progress via SSE so use -N. Compilation takes several minutes — this is the AR formalization and consistency checking process running. It is the longest part. After this you can run checkIt or checkitPaid (x402) as much as you need with speed.

When complete, you'll see a policy_id in the final SSE event. Save it.

Cost: 300 credits ($3.00). You only pay this once per policy.

Step 4: Check an action

Pass your policy_id and a plain English description of what the agent wants to do.

The solver returns SAT (allowed) or UNSAT (blocked).

Cost: 1 credits ($0.01) per check. You can also use our free /v1/checkRelevance endpoint first to check an action text against your policy.

Each check also generates a ZK proof. The proof_id is returned in the response — use it to verify or download the proof right away. Proofs live on ICME's infrastructure, and we can't guarantee they'll persist across server updates or migrations. If a proof matters to you, call /v1/verifyProof or /v1/proof/{id}/download shortly after generation and use it right then.

Use case: Treasury agent with zero-transfer policy

Here's a real policy designed to protect an agentic treasury from social engineering — emotional appeals, urgency tactics, and any transfer attempt, regardless of framing.

Compile it:

Test it:

AR correctly extracts hasEmotionalAppeal, hasSobStory, and hasUrgencyTactic as boolean variables from the policy — Rule 5 formalizes into real logic. The urgency case triggers double UNSAT from both the local solver and AWS Automated Reasoning independently. Actions AR cannot translate at all (ambiguous non-transfer requests) fail closed by default.

verifyPaid — no account needed

/v1/verifyPaid lets anyone check an action against a policy for $0.10 USDC per check — no API key, no account. This works both for testing before you register, and for letting third parties verify actions against your compiled policy without going through your backend. You keep your policy, they pay per check, no coordination needed.

Step 1) First call returns a deposit address:

This returns a stripePaymentIntentId and a payTo address. Send exactly $0.10 USDC on Base to that address.

Step 2) Retry with the payment intent ID:

The payment-signature header is your Stripe payment intent ID from Step 1. Each payment is single-use — one check per payment. The result is the same SAT/UNSAT response as /v1/checkIt.

ZK Proofs — verify and download

Every /v1/checkIt call that produces a result also generates a zero-knowledge proof. You can check the status of your proofs, verify them cryptographically, or download the raw proof bytes. ZKP may take over several seconds to generate depending on the policy length.

Note: The ZK proof system JOLT is functional but has not yet completed a formal security audit. It's safe to consume in your own application for transparency and logging purposes. If you're building workflows where proof validity is a trust boundary, keep in mind the proving pipeline is still maturing.

Check proof status (authenticated)

GET /v1/proof/{id} requires your API key and returns metadata about your proof — including whether it's been used. This is a read-only status check; it does not consume the proof.

Returns proof_id, policy_id, policy_hash, result, valid, used, trace_length, timing info, and created_at. Add ?include_bytes=true to include the hex-encoded proof bytes.

Verify a proof (public, single-use)

POST /v1/verifyProof is public — no API key needed. Anyone with a proof ID can verify it against the ZK proving service. The proof is marked as used after the first successful verification. Subsequent calls return 409 Conflict with "proof used".

Returns the full verification result including valid, policy_hash, claimed_result, verify_ms, and used: true.

Download proof bytes (public, single-use)

GET /v1/proof/{id}/download is also public and single-use. Downloads the raw proof binary. After one download, the proof is marked as used and further downloads return 409 Conflict.

Next steps

• Read the full API Reference for all endpoints and parameters

• Learn how to create effective policies