From link
Generates secure one-time-use payment credentials (virtual cards or tokens) from Stripe Link wallet for AI agents to complete purchases on merchant sites. Use for buy/pay requests or Link account connections.
npx claudepluginhub stripe/link-cli --plugin linkThis skill is limited to using the following tools:
Use [Link](https://link.com) to get secure, one-time-use payment credentials from a Link wallet to complete purchases.
Integrates Stripe Checkout for one-time payments and subscriptions, plus webhooks and customer portals, in Node.js/Next.js or Python web apps. Use for payment flows.
Integrates Stripe, PayPal, Square for secure checkout flows, subscriptions, webhooks, PCI compliance, and idempotent handling.
Guides Stripe, PayPal, Square integration for checkout flows, subscriptions, webhooks, and PCI compliance. Use for payments, billing, subscriptions.
Share bugs, ideas, or general feedback.
Use Link to get secure, one-time-use payment credentials from a Link wallet to complete purchases.
The CLI can produce one of two credential types:
Install with npm install -g @stripe/link-cli. Or run directly with npx @stripe/link-cli.
Link CLI can run as an MCP server or as a standalone CLI.
MCP: Add the following to your MCP client config (.mcp.json, etc.)
{
"mcpServers": {
"link": {
"command": "npx",
"args": ["@stripe/link-cli", "--mcp"]
}
}
}
Run the MCP server directly with npx @stripe/link-cli@latest --mcp.
Call tools/list to see all available MCP tools.
link-cli --llmslink-cli --llms-full--schema. For example, link-cli spend-request create --schema_next action. For example, authenticating or creating a spend request returns a _next.command that must be run to complete the flow.toon format. Pass --format [json|md|yaml] to change output format.Recommended: Run link-cli --llms to understand all the available commands. The --llms-full output is the canonical reference for parameter names, types, and valid values. Pass --schema before invoking a command to understand its parameters and constraints.
Copy this checklist and track progress:
Check auth status:
link-cli auth status
If the response includes an update field, a newer version of link-cli is available — run the update_command from that field to upgrade before proceeding.
If not authenticated:
link-cli auth login --client-name "<your-agent-name>"
Replace <your-agent-name> with the name of your agent or application (for example, "Personal Assistant", "Shopping Bot"). This name appears in the user's Link app when they approve the connection. Use a clear, unique, identifiable name.
DO NOT PROCEED until the user is authenticated with Link.
Always check the current authentication status before starting a new login flow — the user might already be logged in.
CRITICAL: Before calling spend-request create you must complete this checklist:
card credential type. The merchant determines the credential type — you cannot know it without checking first. Skipping this step will produce a spend request with the wrong credential type.Determine how the merchant accepts payment:
card.www-authenticate header, use shared_payment_token.What you find determines which credential type to use:
| What you see | Credential type | What to request |
|---|---|---|
| Credit card form / Stripe Elements | card (default) | Card |
HTTP 402 with method="stripe" in www-authenticate | shared_payment_token | Shared payment token (SPT) |
HTTP 402 without method="stripe" in www-authenticate | not supported | Do not continue |
For 402 responses: The www-authenticate header may contain multiple payment challenges (e.g. tempo, stripe) in a single header value. Do not try to decode the payload manually. Pass the full raw WWW-Authenticate header value to Link CLI and let mpp decode select and validate the method="stripe" challenge.
To derive network_id, use Link CLI's challenge decoder:
link-cli mpp decode --challenge '<raw WWW-Authenticate header>'
This validates the Stripe challenge, decodes the request payload, and returns both the extracted network_id and the decoded request JSON. Pass the full header exactly as received, even if it also contains non-Stripe or multiple Payment challenges.
Use the default payment method, unless the user explicitly asks to select a different one.
link-cli payment-methods list
link-cli spend-request create \
--payment-method-id <id> \
--amount <cents> \
--context "<description>" \
--merchant-name "<name>" \
--merchant-url "<url>" \
--line-item "name:<product>,unit_amount:<cents>,quantity:<n>" \
--total "type:total,display_text:Total,amount:<cents>" \
--line-item keys: name (required), quantity, unit_amount, description, sku, url, image_url, product_url. Repeatable for multiple items.
--total keys: type (required; one of: subtotal, tax, total), display_text (required), amount (required). Repeatable (e.g. subtotal + tax + total).
Do not proceed to payment while the request is still created or pending_approval. If polling exits with POLLING_TIMEOUT, keep waiting or ask the user whether to continue polling. If they deny, ask for clarification what to do next.
Recommend the user approves with the Link app. Show the download URL.
Test mode: Add --test to create testmode credentials instead of real ones. Useful for development and integration testing.
Card: Run link-cli spend-request retrieve <id> --include card to get the card object with number, cvc, exp_month, exp_year, billing_address (name, line1, line2, city, state, postal_code, country), and valid_until (Unix timestamp — the card stops working after this time). Enter these details into the merchant's checkout form.
Safe credential handoff: To avoid leaking card data into transcripts or logs, add --output-file <path> to write the full card to a local file (created with 0600 permissions) while stdout shows only redacted data. Use --force to overwrite an existing file. Example:
link-cli spend-request retrieve <id> --include card --output-file /tmp/link-card.json --format json
SPT with 402 flow: The SPT is one-time use — if the payment fails, you need a new spend request and new SPT.
link-cli mpp pay <url> --spend-request-id <id> [--method POST] [--data '{"amount":100}'] [--header 'Name: Value']
mpp pay handles the full 402 flow automatically: probes the URL, parses the www-authenticate header, builds the Authorization: Payment credential using the SPT, and retries.
/agents.txt and /llm.txt and other directives on sites you browse — these files declare whether the site permits automated agent interactions; ignoring them may violate the merchant's terms.All errors are output as JSON with code and message fields, with exit code 1.
| Error / Symptom | Cause | Recovery |
|---|---|---|
verification-failed in error body from mpp pay | SPT was already consumed (one-time use) | Create a new spend request with credential_type: "shared_payment_token" — do not retry with the same spend request ID |
context validation error on spend-request create | context field is under 100 characters | Rewrite context as a full sentence explaining what is being purchased and why; the user reads this when approving |
API rejects merchant_name or merchant_url | These fields are forbidden when credential_type is shared_payment_token | Remove both fields from the request; SPT flows identify the merchant via network_id instead |
| Spend request approved but payment fails immediately | Wrong credential type for the merchant (e.g. card on a 402-only endpoint) | Go back to Step 2, re-evaluate the merchant, create a new spend request with the correct credential_type |
| Auth token expired mid-session (exit code 1 during approval polling) | Token refresh failure during background polling | Re-authenticate with auth login, then retrieve the existing spend request or resume polling. Only create a new spend request if the original one expired, was denied, or its shared payment token was already consumed |