APort

The Passport Office for AI Agents

Back to Policy Packs

Refunds Protection Policy

Pre-act governance for refund operations. Enforces per-currency caps, reason code validation, cross-currency restrictions, and idempotency.

v1.0.0

Requirements

Required Capabilities

finance.payment.refund

Minimum Assurance Level

L2

Required Limits

supported_currencies
currency_limits
refund_reason_codes
regions
approval_required

Enforcement Rules

These rules are automatically enforced when using this policy pack

amount_ltelimits.finance.payment.refund.currency_limits.{currency}.max_per_tx
currency_supportedlimits.finance.payment.refund.supported_currencies
region_inregions
reason_code_validlimits.finance.payment.refund.refund_reason_codes
assurance_tier_enforcedtrue
idempotency_requiredtrue
order_id_requiredtrue
customer_id_requiredtrue
cross_currency_deniedtrue

Best Practices

  • Cache /verify with ETag; 60s TTL
  • Subscribe to status webhooks for instant suspend
  • Log all refund attempts for Verifiable Attestation
  • Implement daily spend tracking with atomic counters
  • Use idempotency keys to prevent duplicate refunds
  • Validate remaining order balance before processing
  • Enforce reason code validation for compliance
  • Block cross-currency refunds to prevent abuse