Dashboard ledger sync

1. Mint a key, copy your grant id

Sign in at yeetful.com/dashboard/keys and mint a key. The yf_… secret is shown once. The same page shows your expense account's grant id (YEETFUL_GRANT_ID) with a one-click copy.

# .env — never commit this file
YEETFUL_API_KEY=yf_…
YEETFUL_GRANT_ID=cmq…

2. Pass both to yeetful()

const pay = yeetful({
  wallet,
  grant: {
    id: process.env.YEETFUL_GRANT_ID, // the hosted grant this mirrors
    allow: ['tripadvisor.x402.paysponge.com'],
    perCallUsd: 0.05,
    perDayUsd: 2,
  },
  apiKey: process.env.YEETFUL_API_KEY,
})

// … paid calls …

await pay.flushLedger() // drain pending syncs before a short-lived script exits

Sync is an ordered, best-effort chain: it never blocks and never fails a payment. A denial syncs too, as ok: falsewith the violation code — the dashboard's "blocked by policy" numbers come from exactly these rows.

Gotchas we hit so you don't

• Use the canonical origin. fetch silently drops the Authorization header when it follows a cross-origin redirect (e.g. apex → www). If every sync logs a 401 with a valid key, point ledgerUrlat the origin that doesn't redirect. Since 0.3.2 the failure log names the redirect origin outright.
• Paste the full secret, not the prefix. Keys are yf_ + 64 hex characters; the key list shows only a display prefix (yf_ab12cd34) — the full secret exists only in the mint-time reveal.
• Key and grant must share a wallet.The ledger route is owner-scoped: a key from one wallet posting to another wallet's grant gets a 404 by design.
• Enforcement stays local. The hosted grant id is the sync target — the allowlist and caps your agent enforces are the ones in code. Dashboard approval toggles gate chat payments on yeetful.com, not your SDK calls.

What lands on the dashboard

Each receipt becomes a ledger row: host, service, amount, settlement tx hash (linked to Basescan), and the decision. The public network feed shows the anonymized settled side; your dashboard shows everything, including refusals.