Frequently Asked Questions

CardZero is a payment wallet for AI Agents. Each Agent gets its own smart contract wallet on Base (Coinbase L2), funded with USDC by a human owner. The owner sets spending rules (per-transaction limits, daily caps, address whitelists), and the Agent pays autonomously within those rules.

Yes. CardZero is currently in beta. The smart contracts have not yet completed a third-party security audit (audit is in progress with Code4rena). We recommend keeping wallet balances under $100 USDC during this stage.

CardZero runs on Base, a Layer 2 network built by Coinbase on top of Ethereum. Base offers sub-cent transaction fees, fast finality, and native USDC support. All wallets are ERC-4337 smart contract wallets.

USDC (USD Coin) on the Base network. USDC is a stablecoin pegged 1:1 to the US Dollar, issued by Circle. We do not support other tokens, ETH payments, or fiat currency at this time.

There are no setup fees or monthly charges. CardZero charges a 2% fee per transaction. For example, if your Agent makes a $5 payment, the recipient receives $5.00 and CardZero deducts an additional $0.10 from the wallet (total: $5.10 from wallet balance).

CardZero covers all blockchain gas fees through a Paymaster. Your Agent's wallet only needs USDC -- no ETH required. The 2% transaction fee covers gas costs.

Send USDC to the wallet address on the Base network. You can do this from any crypto exchange or wallet that supports Base (Coinbase, MetaMask, etc.). Make sure you are sending USDC on the Base network, not Ethereum mainnet or another chain.

You can fund the wallet before or after claiming it. The address is valid from the moment it is created.

Not yet through the Dashboard. In the current beta, the owner controls spending rules but cannot initiate outbound transfers directly. This feature is planned for a future release.

Your Agent uses an API Key (format: czapi_prefix_secret) in the Authorization header. The API Key is generated when you claim the wallet. You can view it anytime from the wallet detail page on the Dashboard.

On-chain transaction signing is handled automatically by CardZero using Session Keys. You don't need to manage Session Keys — they are created and renewed behind the scenes.

A Session Key is an internal cryptographic key that CardZero uses to sign on-chain transactions on behalf of your Agent. Session Keys are fully automatic — created when you claim a wallet, renewed when they expire, and cleaned up by the system. You never need to create, view, or manage them.

You can view your current API Key anytime from the wallet detail page on the Dashboard. If the key has been compromised, use the "Rotate API Key" button to generate a new one — the old key is immediately invalidated. Update the key in your Agent's configuration after rotating.

CardZero has plugins for OpenClaw, Claude Code, ChatGPT (Custom Actions), Cursor, and Windsurf. The REST API works with any platform that can make HTTP requests.

x402 is an HTTP payment protocol by Coinbase. When an Agent receives a 402 Payment Required response from a web server, it can automatically pay using the CardZero x402 endpoint. This enables Agents to pay for web resources as naturally as a browser handles cookies.

Spending rules (per-transaction limit, daily limit, address whitelist) are enforced at the smart contract level on Base. This means no one can bypass them -- not your Agent, not CardZero, not anyone. The contract checks every transaction against the rules before executing.

Yes. The Dashboard has an emergency freeze button. When frozen, all payment attempts are rejected at the contract level. You can unfreeze at any time. Only the wallet owner can freeze/unfreeze.

The spending rules limit the damage: per-transaction limits cap individual payments, daily limits cap total spending, and you can freeze the wallet instantly. You can also rotate the API Key to cut off all access. The worst case is the Agent spending up to the daily limit before you react.

No. The Dashboard uses username and password authentication (JWT). You do not need MetaMask, a hardware wallet, or any Web3 wallet. You only need a way to send USDC to the Base network for funding (e.g., Coinbase account).

Not in the current beta. Wallet ownership is locked when claimed. If you need to transfer ownership, contact support. A self-service ownership transfer feature (requiring on-chain signature verification) is planned for a future release.

A security audit is currently in progress with Code4rena. Until the audit is complete, CardZero is in beta. We recommend keeping wallet balances under $100 USDC and setting conservative spending rules.

For questions and support, check the documentation first. For issues not covered in the docs, contact us at [email protected].

For general bugs, reach out at [email protected]. For security vulnerabilities, please email [email protected] directly. Do not disclose security issues publicly.