Request a one-time virtual card to make a purchase on behalf of a user. The card is issued instantly if the user's agent rules allow it. If the amount exceeds the user's spending limits, the request is escalated for manual approval in the user's tru dashboard. The card auto-expires after 60 minut...
AI agents use get_card to commit financial operations through Tru — usually the final step of a payment, billing, or trading workflow. A call moves real money.
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address of the tru user who will be charged |
action | string | — | The action being performed (e.g. 'purchase products', 'book flight'). Used to evaluate action permission rules. |
app_id | string | — | The tru app ID to charge as (required when using shared API key) |
currency | string | — | Currency code (default: 'usd') |
request_id | string | — | ID of an approved charge request from request_payment. When provided, issues a virtual card for that already-approved amount instead of creating a new charge. |
description | string | — | What this purchase is for (shown to the user) |
amount_cents | integer | — | Amount in cents (e.g. 4999 for $49.99). Required unless request_id is provided. |
source_label | string | — | Label identifying the source of this personal charge (e.g. 'Claude Code — David's MacBook Pro'). Required for personal charges without an app_id. On first use, |
target_service | string | — | The merchant or service where this card will be used (e.g. 'clayking.com') |
Parameters from the server's own tool schema.
This tool directly initiates financial transactions by issuing a virtual payment card that can be used to make purchases on behalf of a user. Even though it is one-time and time-limited, it commits real financial obligations and moves money, placing it firmly in the Financial category. Misuse could result in unauthorized purchases, making severity critical.
From the tool's definition Request a one-time virtual card to make a purchase on behalf of a user... The card is issued instantly if the user's agent rules allow it... can only be used once
Attacks that exploit this kind of access
Request a one-time virtual card to make a purchase on behalf of a user. The card is issued instantly if the user's agent rules allow it. If the amount exceeds the user's spending limits, the request is escalated for manual approval in the user's tru dashboard. The card auto-expires after 60 minutes and can only be used once. If you already have an approved request_id from request_payment, pass it to get a card for that approved amount. It is categorised as a Financial tool in the Tru MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
get_card accepts 9 parameters: email, action, app_id, currency, request_id, description, amount_cents, source_label, target_service. Required: email. The full parameter table on this page comes from the server's own tool schema.
Register the Tru MCP server in PolicyLayer and add a rule for get_card: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tru. Nothing to install.
get_card is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the get_card rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_card. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_card is provided by the Tru MCP server (tru-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →