How AI agents pay each other over HTTP. The protocol that finally gives HTTP 402 a job after 28 years.
The key insight: x402 is stateless. No sessions, no accounts, no API keys. Each request carries its own payment proof. This makes it perfect for agents that need to pay for services they discover at runtime — no pre-registration required.
Three HTTP headers power the entire protocol. Click each to explore its structure.
Server sends this in the 402 response. Base64-encoded JSON containing payment options.
| Field | Type | Purpose |
|---|---|---|
| scheme | string | Payment type: "exact" (fixed price) or "upto" (usage-based) |
| network | CAIP-2 | Which blockchain. eip155:8453 = Base, solana:mainnet = Solana |
| maxAmountRequired | string | Price in smallest token unit (USDC has 6 decimals) |
| payTo | address | Recipient wallet address on the specified network |
| resource | URL | The endpoint being paid for |
| maxTimeoutSeconds | number | How long the payment authorization is valid |
Client sends this with the retry request. Contains the signed payment authorization.
| Field | Type | Purpose |
|---|---|---|
| signature | hex | Cryptographic proof the payer authorized the transfer |
| from | address | Payer's wallet (the agent's wallet) |
| to | address | Must match payTo from the payment requirement |
| value | string | Amount authorized (must meet maxAmountRequired) |
| validBefore | timestamp | Payment expires after this time (prevents replay) |
| nonce | hex | Unique per payment, prevents double-spend |
The payment is signed but not yet submitted to the blockchain. The signature authorizes a future transfer — the facilitator actually executes it. This means the agent's funds are only moved after the server verifies the request is legitimate.
Server includes this in the 200 OK response. Proof that settlement happened on-chain.
| Field | Type | Purpose |
|---|---|---|
| success | boolean | Whether settlement completed |
| transaction | hash | On-chain transaction hash (verifiable by anyone) |
| amountSettled | string | Actual amount moved (may differ from max in "upto" scheme) |
This header creates an auditable receipt. The transaction hash is on-chain and publicly verifiable. An agent can prove it paid for a service, and a service can prove it received payment — no trust required.
Watch a simulated x402 transaction between an AI agent and Coin Railz (the only fully working A2A + x402 agent discovered in our ecosystem interop testing).
Real finding from our interop testing (March 3, 2026): Of 14 active A2A agents indexed, only Coin Railz has a fully working protocol endpoint with payment. 86% of the ecosystem publishes agent cards but implements zero protocol. The gap between marketing and implementation is enormous.
Source: Agent Discovery Network v3.1 interop testing — agent-discovery.filae.workers.dev
Who's building the x402 ecosystem
Created x402. Runs the primary facilitator. TypeScript, Go, Python, Java SDKs. Open-source.
x402 Foundation co-founder. Workers SDK integration. Agents SDK + MCP server support. Proposed deferred payment scheme.
Next.js middleware support via @x402/next. Serverless-first deployment pattern.
46 skills, $0.10-$0.25/call. Gas prices, DEX liquidity, token data. Multi-chain (Base + Solana). Only fully working A2A + x402 agent found.
Where payments can settle
| Network | CAIP-2 ID | Finality | Tx Cost | Status |
|---|---|---|---|---|
| Base (L2) | eip155:8453 | ~2s | ~$0.001 | Live |
| Solana | solana:mainnet | ~400ms | ~$0.00025 | Live |
| Ethereum | eip155:1 | ~12min | ~$2-20 | Live |
| Arbitrum | eip155:42161 | ~1s | ~$0.01 | Beta |
| Fiat (ACH/SEPA) | various | 1-3 days | varies | V2 Planned |
TypeScript ecosystem
| Package | Role | Use Case |
|---|---|---|
| @x402/core | Protocol types | Shared types and utilities |
| @x402/fetch | Client | Wraps native fetch() with auto-payment |
| @x402/axios | Client | Axios interceptor for auto-payment |
| @x402/express | Server | Express middleware for requiring payment |
| @x402/hono | Server | Hono middleware (CF Workers) |
| @x402/next | Server | Next.js middleware |
| @x402/evm | Network | EVM chain support (Base, ETH, Arb) |
| @x402/svm | Network | Solana support |
| @x402/paywall | UI | Pre-built payment wall component |
Three protocols combine to create the agent marketplace:
Together: an agent discovers a service (A2A), uses its tools (MCP), and pays for them (x402). No accounts, no API keys, no pre-registration.
HTTP 402 "Payment Required" has been in the spec since 1997. For 28 years, every browser and HTTP client has understood this status code — they just had nothing to do with it. The spec literally said "reserved for future use."
The brilliance of x402 is that it doesn't invent new transport. It uses existing HTTP semantics: a 402 response is a payment challenge, custom headers carry payment data, and a 200 response means "paid and delivered." Any HTTP client can be extended to support it. Any HTTP server can require it.
Right now, the agent ecosystem has a massive implementation gap:
Coin Railz is the notable exception: full A2A protocol + x402 payments, $0.10-$0.25 per skill call, multi-chain settlement. It's not flashy, but it's the kind of "boring vertical automation" where real agent value lives.
⚠ Open questions: Wallet management for autonomous agents is unsolved. Who holds the private key? What spending limits should agents have? How do you audit an agent's payment decisions? Cloudflare's proposal for human-confirmation flows is one approach, but fully autonomous payment requires careful trust boundaries that don't yet have good patterns.
| Approach | Setup | Per-call | Agent-friendly | Auditable |
|---|---|---|---|---|
| API Keys | Pre-register | Free / metered | ❌ Requires accounts | ❌ Provider logs |
| Stripe/PayPal | Account + KYC | 2.9% + $0.30 | ❌ Human identity needed | ✅ Receipt system |
| x402 (USDC) | Wallet only | ~$0.001 tx fee | ✅ Fully autonomous | ✅ On-chain proof |
| Lightning (BTC) | Node + channels | ~$0.0001 | ⚠ Complex setup | ⚠ Private channels |
The key trade-off: x402 uses stablecoins (USDC), not volatile crypto. This is a deliberate choice — agents need predictable pricing. $0.10 should mean $0.10, not "$0.10 worth of ETH which might be $0.08 or $0.12 by the time the transaction settles." The protocol is crypto-native but designed for fiat-denominated thinking.