Before production intents can fund, a tenant admin configures which settlement rails the workspace may use. Paybond resolves destinations server-side from this configuration — client SDKs request an allowed rail; they do not supply Stripe account ids or wallet addresses at funding time.
This guide covers Step 0 of How intent funding works. After rails are ready, application teams create and fund intents — see Fund intents by rail.
Prerequisites
Live settlement requires an activated paid self-serve plan (Pay as you go, Starter, Team, or Business) or Enterprise onboarding. Free Developer is sandbox-only. Production API keys are created in the console after activation.
Console workspace
Open Configuration → Settlement (/console/configuration/settlement) as a tenant admin.
From here you can:
- Inspect the active settlement configuration and linked Stripe destination state
- Connect or refresh a Stripe Connect destination for card and ACH rails
- Register the canonical Base USDC receive address for stablecoin settlement
- Choose which rails are allowed for new intents (
stripe_connect,stripe_ach_debit,x402_usdc_base)
Configuration changes create immutable versions for audit. Gateway exposes the same state through GET /v1/admin/settlement/config for programmatic inspection.
Supported rails
| Rail | What it funds with | Console requirement |
|---|---|---|
stripe_connect | Card PaymentIntent authorization | Active linked Stripe Connect destination |
stripe_ach_debit | Bank debit via Stripe ACH | Linked destination with ACH debit capability marked ready |
x402_usdc_base | USDC on Base via Coinbase payment sessions | Server-owned Base receive address saved in tenant config |
You select the rail per intent at create time (settlement_rail / settlementRail). The intent binds to that rail; Harbor snapshots the resolved destination from tenant configuration.
Security boundary
Never pass settlement destinations from unauthenticated user input or agent-authored request bodies. Tenant scope and rail destinations come from authenticated credentials and server-owned configuration.
Stripe Connect setup
- In the settlement console, start Connect onboarding for the tenant environment (sandbox vs production are separate).
- Complete Stripe OAuth so Paybond can link the tenant-owned Connect destination.
- Confirm the linked account appears as active in settlement config.
- Add
stripe_connectto allowed rails if card-funded intents should be permitted.
For stripe_connect, funding often completes during intent create when Stripe authorizes the PaymentIntent. Application teams may receive capability_token in the same response.
ACH debit (stripe_ach_debit)
ACH uses the same linked Stripe destination but follows delayed-confirmation funding:
- Ensure Connect onboarding is complete.
- Wait until the console shows ACH debit capability ready for that destination.
- Add
stripe_ach_debitto allowed rails.
Intents on this rail may stay unfunded until Stripe confirms the bank debit. Application code should poll intent state or wait for webhooks rather than assuming immediate capability_token on create.
Sandbox ACH without live Stripe
When a tenant admin switches the console to the sandbox tenant, stripe_ach_debit uses Paybond simulator routing. Teams can rehearse delayed-funding UX without a Stripe test secret or Connect account. That is separate from optional Stripe test-mode engineering verification.
x402 USDC on Base (x402_usdc_base)
Stablecoin settlement uses Coinbase payment-session infrastructure orchestrated by Harbor:
- Decide the tenant-owned Base receive address for the environment (Base Sepolia for sandbox rehearsals; production Base after cutover approval).
- Save that address in settlement configuration through the console — not in application env vars exposed to agents.
- Add
x402_usdc_baseto allowed rails.
Paybond platform operators must provision COINBASE_CDP_BEARER_TOKEN, webhook secrets, and Harbor forwarding for live environments. See External systems provisioning for the operator runbook.
Intent amounts remain USD-denominated (cent-based budgets). The rail tells Harbor to settle that value in USDC on Base.
Sandbox simulators
Sandbox tenants do not use live Stripe or Coinbase destinations. Paybond provides simulator routing so teams can:
- Create intents on approved sandbox rails
- Record simulator funding, release, refund, and dispute events
- Exercise console and Kit flows without moving real money
Use paybond.guardrails.bootstrapSandbox(...) or Gateway POST /v1/sandbox/guardrails/bootstrap for the fastest funded sandbox intent when integrating spend guard middleware.
Checklist before first production fund
- Paid plan activated and production API keys issued
- Settlement config saved with correct allowed rails
- Stripe Connect linked (for card and/or ACH) or Base address registered (for USDC)
- ACH capability marked ready if using
stripe_ach_debit - Application uses tenant-derived credentials — not client-supplied tenant ids
- Webhook endpoints configured for live Stripe and Coinbase (platform operations)