Protocol

x402 Protocol.

The merchant returns HTTP 402 Payment Required with a payment offer. The agent signs an EIP-3009 transferWithAuthorization (USDC on Base) for the offered amount and replays the request with the signed authorization in the X-PAYMENT header.

HTTP x402 Exchangehttp
// 1. Agent's first requestGET /api/dataset/v1 HTTP/1.1Host: data.exampleAuthorization: Bearer pak_…// 2. Merchant returns 402 with offerHTTP/1.1 402 Payment RequiredContent-Type: application/json{"x402": {"amount": "0.10", "currency": "USDC","network": "base","recipient": "0xabc…","validBefore": 1746349200}}// 3. Agent signs EIP-3009 (CDP-managed key) and replaysGET /api/dataset/v1 HTTP/1.1Host: data.exampleX-PAYMENT: eyJ0eXAiOiJ4NDAyIiwiYWxnIjoi… // signed auth

EIP-3009 & Single-use Execution

Each authorization uses a fresh nonce; the contract enforces single-use. This allows merchants to confidently provide resources immediately upon verifying the signed authorization payload, pulling the funds natively from the agent's CDP-managed wallet on Base.

When to use x402 vs SPT vs ACH

  • x402: For programmatic APIs, digital goods, paywalled content. Native to agent workflows. Near-instant settlement in USDC.
  • Shared Payment Tokens (SPT): For merchants locked into traditional card networks that accept single-use tokens.
  • ACH/SEPA/Wire: For B2B vendor payments, payroll, contractors, off-chain settlement.

Merchant Adoption Notes

To accept x402, a merchant only needs an Ethereum address and the ability to verify EIP-712 signatures. No bank integration required. The merchant captures the USDC from the agent's wallet directly via the blockchain.

Compare AgentWallet