AWS bedrock-agentcore high security documentation change
Summary
Added 'Payment processing errors' section with Coinbase/Privy integration troubleshooting
Security assessment
The change documents credential management errors and resolution steps for payment integrations, including security-critical instructions for updating expired keys and configuring delegated signing permissions.
Diff
diff --git a/bedrock-agentcore/latest/devguide/payments-troubleshooting.md b/bedrock-agentcore/latest/devguide/payments-troubleshooting.md index ed600c5bb..294a43263 100644 --- a//bedrock-agentcore/latest/devguide/payments-troubleshooting.md +++ b//bedrock-agentcore/latest/devguide/payments-troubleshooting.md @@ -7 +7 @@ -Validation errorsPermission errorsResource not found errorsConflict errorsService quota errorsThrottling errorsServer errors +Validation errorsPermission errorsResource not found errorsConflict errorsService quota errorsThrottling errorsPayment processing errorsServer errors @@ -65,0 +66,28 @@ The service returns `"Rate exceeded"` when the request rate exceeds the allowed +## Payment processing errors + +If an external payment provider rejects the signing request, the service returns an `AccessDeniedException` or `ValidationException`. The following table lists common errors and their resolutions. + +Error message | Resolution +---|--- +`Delegated signing grant is not active for the end user wallet. Please redirect end user to the WalletHub to grant the permissions.` | You haven’t granted the delegation permission that allows your agent to sign transactions on your behalf, or you previously revoked it. To resolve: + + 1. Retrieve the WalletHub URL from the `CreatePaymentInstrument` or `GetPaymentInstrument` response body (`paymentInstrumentDetails.redirectUrl`). + 2. Redirect the user to the WalletHub. + 3. Sign in and grant signing permissions to the agent. + +For more information about a frontend implementation that handles the delegation grant flow, see the [Coinbase AgentCore template](https://github.com/coinbase/cdp-agentcore-template) on the GitHub website. For more information about funding the wallet, see [Funding the wallet](./payments-how-it-works.html#payments-how-it-works-funding-wallet). +`Delegated signing is not enabled for your Coinbase project. Please enable delegated signing in your Coinbase project policies.` | Your Coinbase Developer Platform project does not have delegated signing configured. To resolve: + + 1. Sign in to the [Coinbase Developer Platform](https://docs.cdp.coinbase.com/api-reference/v2/authentication) on the Coinbase website. + 2. Navigate to your project’s **Policies** settings. + 3. Enable the **Delegated Signing** toggle. + +You must complete this step before your agent can sign transactions on behalf of users. +`Privy credentials are invalid. Please verify the credential configuration.` | Your credential provider has invalid or expired Privy wallet authorization keys. To resolve: + + 1. Sign in to the [Privy Dashboard](https://docs.privy.io/authentication/overview#api-authentication) on the Privy website. + 2. Navigate to your app’s settings and verify the authorization keys are active. + 3. Update the credential provider in AgentCore Identity with the current keys. To do this, call `UpdatePaymentConnector` or update the secret in AWS Secrets Manager. + +For more information about credential configuration, see the [Privy AgentCore SDK](https://github.com/privy-io/aws-agentcore-sdk) on the GitHub website. +