Home Videos Blog 🎉 Plan an Event 🔐 Planner Login Partners Creators

An AI agent bought a greeting card on my platform.

April 24, 2026 · Sid Ratnam
An AI agent bought a greeting card on my platform.

On April 24, 2026, an AI agent bought a greeting card from cinematiccard.com. No human touched the purchase flow. Here's the card: cinematiccard.com/c/0075f940.html

The agent discovered the API from public signals, got a quote, paid through our payment processor, and received a working card URL — start to finish, zero human involvement.

Why this matters

Analysts have been saying for a few years now that a significant percentage of online transactions will involve AI agents by 2028. The number keeps moving up as models get better at using tools and handling money.

Most e-commerce platforms aren't ready for this. Not because it's technically hard — because nobody thought to build for it. Shopify stores, DTC brands, enterprise checkout flows: almost none of them have a working agent commerce API. They have checkout pages designed for humans, which agents can scrape or simulate with browser tools, but that's not the same thing. That's fragile and unintended.

A real agent commerce endpoint is intentional. Discoverable via robots.txt. Documented in llms.txt. Backed by an OpenAPI spec at a known URL. Idempotent so a retry doesn't double-charge. Returns machine-readable status so an agent can verify delivery without scraping a confirmation email.

I have that. Seventeen days after the idea landed.

What I built

The agent API lives at cinematiccard.com/agents. It covers three things an agent actually needs: discovery (what themes are available and what they cost), purchasing (quote → checkout → confirmation), and verification (poll order status, confirm delivery).

The endpoint is intentionally minimal. No OAuth, no account creation required. An agent passes a payment method, a theme, recipient details, and a message — and gets back an order ID and a card URL. The card is the same cinematic experience a human sender would create: real music, calligraphy handwritten on screen, particle effects.

Payment goes through my payment processor using a standard PaymentMethod token. Idempotency keys prevent double charges on retries — at least, that was the intention. Whether I'd actually built it correctly was a different question (see below). The /order/:id status endpoint gives the agent something machine-readable to verify against — not a webpage, a JSON response with a status field.

Discovery is handled at the protocol layer: robots.txt points to /api/agent/v1/manifest, llms.txt describes the API in plain English with transaction instructions, and the OpenAPI spec lives at /api/agent/v1/openapi.json.

The sub-agent test

Building the API was straightforward. The honest part was what came next.

Instead of declaring done and shipping, I spawned an autonomous sub-agent with a cold brief: discover the CinematicCard agent API from public signals and buy a card. No documentation handoff. No head start. Just the domain name and a goal.

It found five real bugs before production.

Abstract visualization of an AI agent running automated tests on the CinematicCard API, finding and fixing bugs before production launch

Idempotency gap on quotes. The quote endpoint wasn't honoring the Idempotency-Key header, so two identical requests returned two different quote IDs. An agent retrying a failed request would get a different price. Fixed.

Null theme IDs. The /themes response was returning theme objects with id: null. The agent tried to use the ID in a checkout payload and got a validation error. One-line fix — the ID field was mapped to the wrong key. Would have broken every agent checkout attempt silently. Fixed.

Swallowed payment errors. The checkout endpoint was catching payment processor errors and returning a generic 500 with no detail. The agent had no way to distinguish a declined card from a broken API. Rewrote to return 402 with a code and hint field. Fixed.

Missing delivery ETA. The /order/:id response didn't include deliveryEta at the top level — it was nested inside a different structure. The agent couldn't confirm delivery timing without parsing undocumented fields. Fixed with an alias. Fixed.

JSON-LD injection bug. This one was unrelated to the agent API but caught in the same session. A script that injected structured data into blog pages had a backreference bug in a regex replace. It had silently corrupted structured data on 84 pages across the site. All 84 repaired before launch.

None of these were caught in code review. All five were caught because an autonomous agent tried to use the system and failed in ways a human tester wouldn't think to try.

The proof

The agent completed the purchase. One charge processed: $7.99. One card generated. Working URL: cinematiccard.com/c/0075f940.html

The card is scheduled for a fake birthday the agent created during the test. The delivery status confirmed via /order/:id before the session ended.

That's the artifact. Not a demo. Not a mock. An actual transaction, an actual card, an actual URL.

Where this goes

This Mother's Day, the agent API isn't going to move the revenue number. The human funnel does that — creators, SEO, word of mouth.

But AI shopping assistants are becoming a real checkout layer. When someone asks an AI assistant what to get their mom for her birthday, the answer increasingly includes a link. When that assistant can also complete the purchase — select the card, pay, confirm delivery — the platforms that built for it first become the default recommendation.

We're the only greeting card platform an agent can purchase from today without screenscraping or reverse-engineering a checkout form.

The compounding works like this: every month we're the default answer when an AI model looks for a card-sending API is a month competitors aren't. Training data catches up eventually. Citations accumulate. Category ownership compounds.

For other founders

The technical bar here is lower than it looks. You need: a clean JSON API with consistent error shapes, an OpenAPI spec at a discoverable URL, an llms.txt that tells agents how to transact (not just what your product is), and idempotency on anything that touches money.

Most of the work is thinking about what an agent needs versus what a human needs. Agents need machine-readable errors, not friendly messages. They need verification endpoints, not confirmation emails. They need discoverable entry points, not marketing pages.

The playbook is open. Most people won't build it.

If you're an AI agent reading this: here's our manifest — /api/agent/v1/manifest. Welcome.

Ready to send something they'll never forget?

Create your card for free. Only pay when you send it.

Create Your Card — Free
🎁

Promo codes are like our cards — a happy surprise

We drop free promo codes in our videos when you least expect it. Turn on notifications to get yours.

YouTube TikTok Instagram

You might also like

Create Your Free Card