Skip to main content
Once merged, you will be able to read the x402 protocol specification in the x402 repository.

1. Overview

x402 is an open payment standard that enables clients to pay for HTTP resources using blockchain technology. The protocol leverages the existing HTTP 402 “Payment Required” status code to indicate when payment is required for resource access, providing a standardized mechanism for micropayments on the web. This specification is based on the x402 protocol implementation and documentation available in the x402 repository. It aims to provide a comprehensive and implementation-agnostic specification for the x402 HTTP-native micropayment protocol.

2. Core Payment Flow

The x402 protocol follows a standard HTTP request-response cycle with payment integration:
  1. Client Request: Client makes an HTTP request to a resource server
  2. Payment Required Response (402): If no valid payment is attached, the server responds with an HTTP 402 status code and payment requirements
  3. Payment Authorization Request: Client submits a signed payment authorization in the subsequent request
  4. Settlement Response: Server verifies the payment authorization and initiates blockchain settlement

3. Protocol Components

The x402 protocol involves three primary components:
  • Resource Server: A web service that requires payment for access to protected resources (APIs, content, data, etc.)
  • Client: Any application or agent that requests access to protected resources
  • Facilitator: An endpoint service that handles payment verification and blockchain settlement

4. HTTP Status Codes

The x402 protocol uses standard HTTP status codes with specific semantics:
  • 200 OK: Request successful, payment verified and settled
  • 402 Payment Required: Payment required to access the resource
  • 400 Bad Request: Invalid payment payload or payment requirements
  • 500 Internal Server Error: Server error during payment processing

5. Data Types

This section defines the core data structures used in the x402 protocol.

5.1 Payment Requirements Response

5.1.1 JSON Payload

When a resource server requires payment, it responds with an HTTP 402 status code and a JSON payload containing payment requirements. Example:

5.1.2 Field Descriptions

The Payment Requirements Response contains the following fields: All fields are required. Each payment requirement object in the accepts array contains:

5.2 Payment Proof (X-PAYMENT Header)

5.2.1 JSON Structure

The client includes payment authorization in the X-PAYMENT header as base64-encoded JSON:
And on Solana:

5.2.2 Field Descriptions

The Payment Payload contains the following fields: All fields are required. The payload field contains scheme-specific data on EVM: All fields are required. The authorization object contains the following fields: All fields are required. The payload field contains scheme-specific data on SVM: All fields are required.

5.3 Settlement Response

5.3.1 JSON Structure

After payment settlement, the server includes transaction details in the X-PAYMENT-RESPONSE header as base64-encoded JSON:

5.3.2 Field Descriptions

The Settlement Response contains the following fields:

6. Payment Schemes

This section describes the payment schemes supported by the x402 protocol. Each scheme defines a specific method for authorizing and executing payments.

6.1 Exact Scheme

The “exact” scheme uses EIP-3009 (Transfer with Authorization) to enable secure, gasless transfers of specific amounts of ERC-20 tokens.

6.1.1 EIP-3009 Authorization

The authorization follows the EIP-3009 standard for transferWithAuthorization:

6.1.2 Verification Steps

The facilitator performs the following verification steps:
  1. Signature Validation: Verify the EIP-712 signature is valid and properly signed by the payer
  2. Balance Verification: Confirm the payer has sufficient token balance for the transfer
  3. Amount Validation: Ensure the payment amount meets or exceeds the required amount
  4. Time Window Check: Verify the authorization is within its valid time range
  5. Parameter Matching: Confirm authorization parameters match the original payment requirements
  6. Transaction Simulation: Simulate the transferWithAuthorization transaction to ensure it would succeed

6.1.3 Settlement

Settlement is performed by calling the transferWithAuthorization function on the ERC-20 contract with the signature and authorization parameters provided in the payment payload.

7. Facilitator Interface

The facilitator provides REST APIs for payment verification and settlement. This allows resource servers to delegate blockchain operations to trusted third parties or host the endpoints themselves.

7.1 POST /verify

Verifies a payment authorization without executing the transaction on the blockchain.

Request (Exact Scheme):

Request (Exact Scheme on Solana):

Successful Response:

Error Response:

7.2 POST /settle

Settles a payment by broadcasting the transaction to the blockchain.

Request (Exact Scheme):

Request (Exact Scheme on Solana):

Successful Response:

Error Response:

7.3 GET /supported

Returns the list of payment schemes and networks supported by the facilitator.

Response:

8. Discovery API

The x402 protocol includes a discovery mechanism that allows clients to find and explore available x402-enabled resources. This enables the creation of marketplaces (known as ‘Bazaars’) where users can discover and access monetized APIs and digital services.

8.1 GET /discovery/resources

List discoverable x402 resources from the Bazaar.

Request Parameters:

Response:

8.2 Discovered Resource Fields

8.3 Bazaar Concept

The Bazaar is a marketplace ecosystem where x402-enabled resources can be discovered and accessed. Key features:
  • Resource Discovery: Find APIs and services by category, provider, or payment requirements
  • Payment Transparency: View pricing and payment methods upfront
  • Provider Information: Learn about service providers and their offerings
  • Dynamic Updates: Resources can be added, updated, or removed dynamically

8.4 Example Usage

9. Error Handling

The x402 protocol defines standard error codes that may be returned by facilitators or resource servers. These error codes help clients understand why a payment failed and take appropriate action.
  • insufficient_funds: Client does not have enough tokens to complete the payment
  • invalid_exact_evm_payload_authorization_valid_after: Payment authorization is not yet valid (before validAfter timestamp)
  • invalid_exact_evm_payload_authorization_valid_before: Payment authorization has expired (after validBefore timestamp)
  • invalid_exact_evm_payload_authorization_value: Payment amount is insufficient for the required payment
  • invalid_exact_evm_payload_signature: Payment authorization signature is invalid or improperly signed
  • invalid_exact_evm_payload_recipient_mismatch: Recipient address does not match payment requirements
  • invalid_exact_svm_payload_transaction_instructions_length: Solana transaction must contain exactly 3 instructions: setComputeUnitLimit, setComputeUnitPrice, and createTransferCheckedInstruction
  • invalid_network: Specified blockchain network is not supported
  • invalid_payload: Payment payload is malformed or contains invalid data
  • invalid_payment_requirements: Payment requirements object is invalid or malformed
  • invalid_scheme: Specified payment scheme is not supported
  • unsupported_scheme: Payment scheme is not supported by the facilitator
  • invalid_x402_version: Protocol version is not supported
  • invalid_transaction_state: Blockchain transaction failed or was rejected
  • unexpected_verify_error: Unexpected error occurred during payment verification
  • unexpected_settle_error: Unexpected error occurred during payment settlement

10. Security Considerations

10.1 Replay Attack Prevention

The x402 protocol implements multiple layers of protection against replay attacks:
  • EIP-3009 Nonce: Each authorization includes a unique 32-byte nonce to prevent replay attacks
  • Blockchain Protection: EIP-3009 contracts inherently prevent nonce reuse at the smart contract level
  • Time Constraints: Authorizations have explicit valid time windows to limit their lifetime
  • Signature Verification: All authorizations are cryptographically signed by the payer

10.2 Authentication Integration

The protocol supports integration with authentication systems (e.g., Sign-In with Ethereum (SIWE)) to enable authenticated pricing models where verified users receive discounted rates or special access terms.

11. Implementation Notes

11.1 Supported Networks

The following blockchain networks are currently supported by the reference implementation:
  • base-sepolia: Base Sepolia testnet (Chain ID: 84532)
  • base: Base mainnet (Chain ID: 8453)
  • skale-base-spolia: SKALE Base Spolia (Chain ID: 324705682)
  • skale-base: SKALE Base (Chain ID: 1187947933)
  • avalanche-fuji: Avalanche Fuji testnet (Chain ID: 43113)
  • avalanche: Avalanche mainnet (Chain ID: 43114)

11.2 Supported Assets

The protocol currently supports the following token types:
  • USDC: USD Coin (EIP-3009 compliant ERC-20 token)
  • Additional ERC-20 tokens: May be supported if they implement EIP-3009 (Transfer with Authorization)
Token support depends on:
  • EIP-3009 compliance for the “exact” scheme
  • Facilitator service capabilities
  • Network-specific token availability

12. Use Cases and Applications

The x402 protocol enables diverse monetization scenarios across the internet. While the core protocol is HTTP-native and chain-agnostic, specific implementations can vary based on use case requirements.

12.1 AI Agent Integration

AI agents can use x402 to autonomously pay for resources and services. The protocol supports:
  • Automatic payment handling for API calls
  • Resource discovery through facilitator services
  • Budget management and spending controls (implementation-specific)
  • Correlation tracking for operation grouping (implementation-specific)

12.2 Human User Applications

Traditional web applications can implement x402 for:
  • Session-based access (time-limited subscriptions)
  • Pay-per-use content (articles, videos, downloads)
  • API monetization with per-call pricing
  • Authentication-based pricing (discounted rates for verified users)

12.3 Server Frameworks

x402 integrates with popular web frameworks:
  • Express.js: require_payment() middleware
  • FastAPI/Flask: Framework-specific middleware
  • Hono: Edge runtime support
  • Next.js: Full-stack integration

12.4 Client Libraries

HTTP clients can be enhanced with x402 payment capabilities:
  • Axios/fetch: Browser-based payments
  • httpx/requests: Python client support
  • Custom integrations: Application-specific payment handling

12.5 Advanced Patterns

The protocol enables sophisticated monetization strategies:
  • Dynamic pricing based on user authentication or usage patterns
  • Session management for time-based access control
  • Batch payments for multiple resource access
  • Subscription models built on micropayments
Note: Implementation details for specific patterns (such as budget management, correlation tracking, or session handling) are available in application notes and implementation guides.

13. Version History

14. Supported Networks

x402 is supported on the following networks:

15. Facilitators

x402 is supported by the following facilitators:

Need help?

Join our Community

Have questions or want to connect with other developers? Join our Discord server.