> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Respond to User Action

> Submits or declines a pending user action on an agent checkout. The `actionId` is the `pendingUserAction.id` from the checkout view, supplied **in the path only** — including it in the body is rejected.

A `submit` must carry `values` that satisfy the action's `responseSchema`. The response is an acknowledgement; more actions may follow, so return to polling `GET /{id}` afterwards.

**API scope required**: `agent-checkouts.update`



## OpenAPI

````yaml post /unstable/agent-checkouts/{id}/actions/{actionId}
openapi: 3.0.3
info:
  title: Crossmint Agent Checkouts API
  version: unstable
  description: >-
    Drive a real, automated browser session through any merchant's checkout on
    behalf of a signed-in user.


    You hand the API a product URL, an optional natural-language instruction,
    and a hard maximum cost. Crossmint runs a browser through the merchant's
    checkout pages, pausing for *user actions* (shipping, payment, anything only
    a human can answer) which you respond to with values that satisfy a supplied
    JSON Schema. There are no webhooks in v1 — poll the checkout until it
    reaches a terminal state.


    ## Base URL


    `https://www.crossmint.com/api` (production) ·
    `https://staging.crossmint.com/api` (staging)


    ## Authentication


    Every request requires **two** credentials:


    - `X-API-KEY` — a client-side API key (`ck_...`) with the
    `agent-checkouts.*` scopes.

    - `Authorization: Bearer <jwt>` — a JWT identifying the end user, issued by
    an external auth provider your project trusts. Without it the API returns
    `401`.


    <Note>This API lives under the `unstable` namespace. The schema may change —
    pin and re-test on upgrades.</Note>
servers:
  - url: https://www.crossmint.com/api
    description: Production
  - url: https://staging.crossmint.com/api
    description: Staging
security:
  - ApiKeyAuth: []
    BearerAuth: []
tags:
  - name: Agent Checkouts
    description: Create, poll, respond to, and cancel browser-driven checkouts.
  - name: Buyer Profiles
    description: >-
      Subject-scoped buyer identity and shipping address the agent can prefill
      during a checkout run. Payment data is never stored.
paths:
  /unstable/agent-checkouts/{id}/actions/{actionId}:
    post:
      tags:
        - Agent Checkouts
      summary: Respond to User Action
      description: >-
        Submits or declines a pending user action on an agent checkout. The
        `actionId` is the `pendingUserAction.id` from the checkout view,
        supplied **in the path only** — including it in the body is rejected.


        A `submit` must carry `values` that satisfy the action's
        `responseSchema`. The response is an acknowledgement; more actions may
        follow, so return to polling `GET /{id}` afterwards.


        **API scope required**: `agent-checkouts.update`
      operationId: respondToAgenticCheckoutAction
      parameters:
        - $ref: '#/components/parameters/CheckoutId'
        - $ref: '#/components/parameters/ActionId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RespondToActionRequest'
            examples:
              Submit values:
                summary: Submit values for the pending action
                value:
                  action: submit
                  values:
                    fullName: Ada Lovelace
                    addressLine1: 12 Analytical Engine Way
                    city: London
                    postalCode: EC1A 1BB
                    country: GB
              Decline:
                summary: Decline the pending action
                value:
                  action: decline
                  reason: Shipping cost above the user's budget
      responses:
        '201':
          description: The submission or decline was accepted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ActionAccepted'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          $ref: '#/components/responses/Conflict'
components:
  parameters:
    CheckoutId:
      name: id
      in: path
      required: true
      description: The agent checkout id (returned by create).
      schema:
        type: string
        format: uuid
    ActionId:
      name: actionId
      in: path
      required: true
      description: The id of the pending user action (`pendingUserAction.id`).
      schema:
        type: string
        format: uuid
  schemas:
    RespondToActionRequest:
      oneOf:
        - type: object
          required:
            - action
            - values
          properties:
            action:
              type: string
              enum:
                - submit
            values:
              type: object
              additionalProperties: true
              description: Values satisfying the action's `responseSchema`.
        - type: object
          required:
            - action
          properties:
            action:
              type: string
              enum:
                - decline
            reason:
              type: string
              minLength: 1
              maxLength: 1000
              description: Optional reason for declining.
    ActionAccepted:
      type: object
      required:
        - checkoutId
        - actionId
        - status
        - acceptedAt
      properties:
        checkoutId:
          type: string
          format: uuid
        actionId:
          type: string
          format: uuid
        status:
          type: string
          enum:
            - accepted
        acceptedAt:
          type: string
          format: date-time
    Error:
      type: object
      properties:
        statusCode:
          type: integer
        error:
          type: string
        message:
          type: string
  responses:
    BadRequest:
      description: The request body or parameters were invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >-
        Missing or invalid authentication. A valid `X-API-KEY` and
        `Authorization: Bearer <jwt>` are both required.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >-
        The API key lacks the required scope, or Agent Checkouts is not enabled
        for this project.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: No checkout, action, or buyer profile with the given id.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Conflict:
      description: >-
        The action can no longer be responded to (e.g. it expired or was already
        handled).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
      description: Client-side API key (`ck_...`) with the `agent-checkouts.*` scopes.
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT identifying the end user, issued by an external auth provider your
        project trusts.

````