Yesterday Stripe announced their new Agent SDK, designed specifically for LLMs to interact with their payment infrastructure. This is the first time I’ve seen a major platform release an SDK explicitly designed for use by AI agents.

What’s in the SDK?

The SDK ships with three core capabilities:

  1. A collection of tools that expose Stripe’s APIs
  2. Tool-use restrictions to provide agent guardrails
  3. Usage-based billing via token counting

The most interesting aspect is how they’ve approached the tools interface. The SDK provides pre-built integrations for Vercel, LangChain, and CrewAI - all popular frameworks for building LLM applications, with the latter two specifically focused on complex workflows.

Tool Definitions

Looking at the code, each tool has a bundle of metadata: method, name, plain text description (for the LLM), Parameters with type enforcement (using zod/pydantic), and some access control information. Tool definitions are formatted slightly different for each framework.

There’s quite a bit of repetition in these definitions - I expect we’ll see an open source project emerge to generate these specifications automatically.

The blog post shows an example of combining Stripe tools with Slack’s using LangChain’s Slack tools — interesting to see there wasn’t already one for Stripe!

One concern with this example is tool proliferation. Specifically, more tools = more tokens (though models shipping prompt caching helps a bit here), and tool selection confusion. So it requires being thoughtful about which tools an agent needs.

Tool-use Restrictions

The design of the security model is just as interesting when thinking about exposing APIs to Agents. Stripe is clearly aware of the potential risks of giving LLMs access to payment infrastructure - they explicitly recommend starting in test mode and running thorough evaluations before any production use.

Stripe approaches this on two levels:

  1. SDK Level: Enable/disable for different tools (customers, products, etc.) and permissions (create, read, update)
  2. Stripe Service Level: Recommend leveraging existing security capabilities: Test mode, Restricted API keys, Single-use credit cards with programmatic approve/deny

They’re following the classic pattern of implementing access controls at both the frontend (hiding functionality) and backend (validation) layers. This dual-layer approach feels essential for AI agent APIs.

Interesting Patterns

A few things stand out about this implementation:

  • Tools as a Standard Interface: These tools can theoretically be provided directly to any model’s function calling capabilities directly, not just to the three AI frameworks.

  • Relatively Minimal Metadata: Despite having inter-related functions (like creating an invoice requiring a customer ID), the SDK requires surprisingly little metadata to function. This implies the LLMs are capable of understanding these relationships from context.

What’s Next?

This release feels like an early but important example of how APIs will evolve to support AI agents. Even ignoring Stripe’s cautious stance about production use, there are obvious open questions about how to scalably approach security/access. The real test will be seeing how developers use this in practice and what patterns emerge.