Protocol
x402 Protocol.
The merchant returns HTTP 402 Payment Required with a payment offer. The agent signs an EIP-3009 transferWithAuthorization (USDC on Base) for the offered amount and replays the request with the signed authorization in the X-PAYMENT header.
HTTP x402 Exchangehttp
// 1. Agent's first requestGET /api/dataset/v1 HTTP/1.1Host: data.exampleAuthorization: Bearer pak_…// 2. Merchant returns 402 with offerHTTP/1.1 402 Payment RequiredContent-Type: application/json{"x402": {"amount": "0.10", "currency": "USDC","network": "base","recipient": "0xabc…","validBefore": 1746349200}}// 3. Agent signs EIP-3009 (CDP-managed key) and replaysGET /api/dataset/v1 HTTP/1.1Host: data.exampleX-PAYMENT: eyJ0eXAiOiJ4NDAyIiwiYWxnIjoi… // signed auth
EIP-3009 & Single-use Execution
Each authorization uses a fresh nonce; the contract enforces single-use. This allows merchants to confidently provide resources immediately upon verifying the signed authorization payload, pulling the funds natively from the agent's CDP-managed wallet on Base.
When to use x402 vs SPT vs ACH
- x402: For programmatic APIs, digital goods, paywalled content. Native to agent workflows. Near-instant settlement in USDC.
- Shared Payment Tokens (SPT): For merchants locked into traditional card networks that accept single-use tokens.
- ACH/SEPA/Wire: For B2B vendor payments, payroll, contractors, off-chain settlement.
Merchant Adoption Notes
To accept x402, a merchant only needs an Ethereum address and the ability to verify EIP-712 signatures. No bank integration required. The merchant captures the USDC from the agent's wallet directly via the blockchain.