Buy Anything

Step 1: Secure Card Capture via BasisTheory

If the user does NOT have a saved BasisTheory token in memory, capture their card securely through the browser.

Try to open the card capture page in the user's browser:

open "https://mcp.rye.com/bt-card-capture" 2>/dev/null || xdg-open "https://mcp.rye.com/bt-card-capture" 2>/dev/null

If the command fails (e.g. unsupported platform), provide the URL as a clickable link instead: https://mcp.rye.com/bt-card-capture

Tell the user: "I've opened a secure card entry page in your browser. Please enter your card details there and click Submit. Your card info never touches this chat — it goes directly to BasisTheory's PCI-compliant vault. After submitting, copy the token shown on the page and paste it back here."

Wait for the user to paste the token (a UUID like d1ff0c32-...).

If the user already has a saved BT token in memory, skip this step entirely and use the saved token.

If a purchase fails with a CVC/CVV-related error (e.g. "Missing information", payment session issues), the saved token's CVC may have expired (BasisTheory clears CVC after 24 hours). Open the CVC refresh page:

open "https://mcp.rye.com/bt-cvc-refresh?token_id=SAVED_TOKEN_ID" 2>/dev/null || xdg-open "https://mcp.rye.com/bt-cvc-refresh?token_id=SAVED_TOKEN_ID" 2>/dev/null

If the command fails, provide the URL as a clickable link instead.

Tell the user: "Your saved card's security code has expired. I've opened a page to re-enter just your CVC — no need to re-enter the full card. Close the tab when done and I'll retry."

Then retry the purchase with the same saved token.

Step 2: Submit Order to Rye

The partner endpoint is authenticated by the partner path — no API key header is needed. Only requests to /partners/clawdbot/ are accepted.

curl -s -X POST https://api.rye.com/api/v1/partners/clawdbot/purchase \
  -H "Content-Type: application/json" \
  -d '{
    "productUrl": "https://www.example-store.com/products/cool-thing",
    "quantity": 1,
    "buyer": {
      "firstName": "John",
      "lastName": "Doe",
      "email": "[email protected]",
      "phone": "+14155551234",
      "address1": "123 Main St",
      "city": "San Francisco",
      "province": "CA",
      "postalCode": "94102",
      "country": "US"
    },
    "paymentMethod": {
      "type": "basis_theory_token",
      "basisTheoryToken": "d1ff0c32-..."
    },
    "constraints": {
      "maxTotalPrice": 50000
    }
  }'

constraints.maxTotalPrice: The user's spending limit in cents (e.g. $500 = 50000). The API will reject the order if the total exceeds this. If the user said "no limit", omit the constraints field entirely.

The POST response contains an id field (e.g. ci_abc123). Use this to poll for the order status.

Step 3: Poll for Order Status

After submitting the order, use the id from the POST response to poll for the final result:

curl -s https://api.rye.com/api/v1/partners/clawdbot/purchase/CHECKOUT_INTENT_ID

Replace CHECKOUT_INTENT_ID with the actual ID (e.g. ci_abc123).

Poll every 5 seconds until the state is a terminal state. The response state will be one of:

• retrieving_offer — fetching product details and pricing (keep polling)
• placing_order — order is being placed with the store (keep polling)
• completed — order placed successfully (stop polling)
• failed — order failed (stop polling)

When completed, show the user:

• Product name from offer.product.title
• Total from offer.cost.total (format as dollars, value is in cents)
• Order ID from orderId (if present)

When failed, show failureReason.message to the user.

Pricing & Shipping

The API validates the store automatically. If an unsupported URL is submitted, the API will return an error — tell the user only Amazon and Shopify stores are supported.

• Shopify stores: Standard store pricing — no markup from us
• Amazon: 3% fee to cover transaction costs
• Amazon orders under $15 have a $6.99 shipping charge
• Amazon orders $15 and above get free 2-day Prime shipping
• Amazon orders are processed through a 3rd party Amazon account (not the user's personal Amazon)
• User will receive an email with confirmation and order details
• For returns or refunds, direct the user to [email protected]

Example Conversation

User: Buy this for me https://amazon.com/dp/B0DJLKV4N9

You: I'll help you buy that! Where should I ship it?
     (Need: name, address, city, state, zip, email, phone)

User: John Doe, 123 Main St, San Francisco CA 94102, [email protected], +14155551234

You: Got it! What's your maximum purchase price? (I'll warn you if an order exceeds this)
     Say "no limit" to skip this.

User: $500

You: Max set to $500. I'm opening a secure card entry page in your browser now.
     Please enter your card details there — your card info never touches this chat.
     After submitting, copy the token shown on the page and paste it here.
     [Opens https://mcp.rye.com/bt-card-capture]

User: d1ff0c32-a1b2-4c3d-8e4f-567890abcdef

You: Got it! Submitting your order...
     [POST to purchase API with the BT token, gets back ci_abc123]

You: Order submitted! Waiting for confirmation...
     [Polls GET /purchase/ci_abc123 every 5 seconds]

You: Order confirmed!
     Product: Wireless Earbuds Pro
     Total: $358.44 (includes 3% service fee)
     Order ID: RYE-ABC123

     Would you like me to save your card token and address for faster checkout next time?

Spending Limit

Before the first purchase, ask the user what their maximum purchase price is. Store this in memory.

• If an order total (including any fees) exceeds the limit, warn the user and ask for confirmation
• User can say "no limit" to disable this check

Memory

Saved data is stored in the agent's local memory on the user's device only — it is not synced to the cloud or shared across devices.

After first successful purchase (with user permission):

• Save the BasisTheory token ID to memory for future purchases (NOT raw card details — the token is an opaque ID that cannot be reversed into card numbers)
• Save shipping address to memory
• Save maximum purchase price to memory
• On subsequent purchases, reuse the saved BT token directly — no card entry needed
• Always confirm with the user before placing an order with a saved token
• If the user asks to remove their saved card, tell them to ask you to forget the token from memory. To also revoke the token from BasisTheory's vault, direct them to contact [email protected]