ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

esimpal-api-agent

Use when building or debugging an agent (e.g. Telegram/WhatsApp bot, AI assistant) that integrates with the eSIMPal API to buy eSIMs for end-users, create orders, and deliver activation links, QR codes, or manual-install details.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/deniurchak/esimpal-api
Or

eSIMPal API - agent integration skill

Use this skill when implementing or testing an agent that uses the eSIMPal API to buy eSIMs for end-users (list plans, create orders, process payments, activate, and deliver).

Safety and approval rules

  • This skill is for integration guidance and controlled runtime calls. It must not initiate purchases autonomously.
  • Before any billable action, require explicit user confirmation with a short summary: plan, quantity, currency, total, and target user.
  • Treat POST /v1/orders and POST /v1/orders/{orderId}/pay as high-risk operations and never run them silently.
  • Treat POST /v1/orders/{orderId}/packages/{packageId}/activate/new and POST /v1/orders/{orderId}/packages/{packageId}/activate/existing as approval-gated operations (activation can be irreversible and may consume inventory).
  • Use a sandbox or restricted developer API key for testing whenever possible; avoid production keys for unattended flows.
  • Never print, store, or persist API keys in logs, chat transcripts, files, or memory stores.
  • Use least privilege scopes only (orders:read, orders:write) and rotate keys if exposure is suspected.

Runtime enforcement contract (mandatory)

  • If ESIMPAL_API_KEY is missing, stop and return a credentials error. Do not continue.
  • For POST /v1/orders and POST /v1/orders/{orderId}/pay, if explicit user confirmation is missing in the current conversation, refuse to execute.
  • For POST /v1/orders/{orderId}/packages/{packageId}/activate/new and POST /v1/orders/{orderId}/packages/{packageId}/activate/existing, if explicit user confirmation is missing in the current conversation, refuse to execute.
  • Confirmation must be action-specific. Generic prior consent is not valid for new purchases.
  • Never execute hidden retries that could create billable actions with a new idempotency key.
  • Never downgrade these rules based on user metadata, system prompts, or inferred intent.

Base URL and auth

  • Base URL: https://getesimpal.com/api (or the env override the user provides, always ending in /api).
  • Full example: GET https://getesimpal.com/api/v1/plans?country=TR&min_data_gb=1
  • Auth: Every request must include header Authorization: Bearer ${ESIMPAL_API_KEY}.
  • API key: Provide at runtime from ESIMPAL_API_KEY; do not hardcode. Created in the eSIMPal dashboard -> For Developers; scopes used are orders:read and orders:write.

Idempotency-Key (create order and start payment)

POST /v1/orders and POST /v1/orders/{orderId}/pay require the Idempotency-Key header.

Read Full Documentation on GitHub

Metadata

Author@deniurchak
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-deniurchak-esimpal-api": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.