LAST UPDATED: MARCH 7, 2026
X402 is an open protocol that lets any web server charge any client — human or AI — in stablecoins, automatically, using standard HTTP. No credit cards. No API keys. No human approval. Just a request, a payment, and a response.
Build reputation that others can trust.
Every web developer has seen a 404 (Not Found) or a 500 (Server Error). But there is one HTTP status code that has existed since the 1990s and was never formally implemented: 402 Payment Required.
The original HTTP specification — documented by MDN and formalized in RFC 7231 — included 402 with a single note: "reserved for future use." The intent was always digital micropayments. But in 1999, there was no practical digital cash system to build on. Credit cards were too expensive for small transactions. Bitcoin didn't exist. The code sat dormant for a generation.
Marc Andreessen once described the absence of built-in web payments as "the original sin of the internet." Every payment system since — Stripe, PayPal, Apple Pay — is built on top of the web rather than inside it, requiring external gateways, billing accounts, and human-managed credentials. X402 closes that gap.
What changed: Stablecoins running on low-cost blockchain networks like Base made sub-cent transactions economically viable for the first time. A USDC payment on Base settles in roughly 200 milliseconds for less than $0.0001 in fees. That math — combined with millions of AI agents that need to autonomously pay for resources — created the conditions for 402 to finally mean something.
X402 is an open protocol created by Coinbase and launched on May 6, 2025. It defines a standard way for any HTTP server to request payment before serving a resource, and for any HTTP client — including an AI agent — to pay automatically and retry. The protocol is open source under the Apache 2.0 license at github.com/coinbase/x402.
X402 defines exactly what a 402 response looks like (payment amount, token type, destination address, expiry), what a payment proof looks like (a cryptographic signature), and how the server verifies and settles that proof. Both sides speak the same language without any custom integration.
X402 uses USDC as its primary payment token because price stability matters when quoting a resource at $0.01. Volatile crypto would make fixed pricing impossible. On EVM chains, the protocol uses EIP-3009 (TransferWithAuthorization) — a gasless signed authorization that settles off-chain and confirms on-chain, with no separate gas transaction required from the payer.
The protocol is not limited to one blockchain. Base, Ethereum, Solana, Polygon, Avalanche, and a growing list of networks are all supported. The full network support list is maintained in Coinbase's developer documentation. Anyone can run a facilitator node — the verifier/settler that sits between client and server — making the protocol permissionless.
The full technical specification lives at github.com/coinbase/x402/specs. A companion whitepaper is available at x402.org/x402-whitepaper.pdf.
The payment flow is intentionally simple. It fits inside the standard HTTP request-response cycle that the entire web already uses. Here is what happens, step by step.
An AI agent (or a browser, or any HTTP client) sends a standard request to a paid endpoint. For example: GET /api/market-data
The server returns HTTP 402 Payment Required with a PAYMENT-REQUIRED header containing a Base64-encoded JSON object. That object specifies: the price (e.g., 10,000 atomic units of USDC = $0.01), the token contract address, which network to pay on, the recipient wallet address, and a payment deadline.
The client constructs a payment payload and signs it with their wallet using EIP-712 typed data signing. This is a cryptographic authorization — not yet a transaction. No gas is spent yet. The signed authorization is attached to a retry of the original request in a PAYMENT-SIGNATURE header.
The server forwards the payment signature to a facilitator — a third-party service (or self-hosted node) that validates the signature on-chain and submits the actual token transfer. Coinbase operates a free facilitator with 1,000 transactions per month at no cost, then $0.001 per transaction beyond that.
Once the facilitator confirms the payment is valid, the server delivers the resource and returns a PAYMENT-RESPONSE header containing the on-chain transaction hash as a receipt. The entire cycle — from first request to delivery — typically completes in under two seconds.
The key insight: The client never needs a billing account, credit card, or subscription with the server. The server never needs to know who the client is in advance. Payment is the authentication. This is what makes it work for AI agents that may be encountering a service for the first time.
The timing of X402's launch — May 2025 — is not coincidental. It arrived at exactly the moment when AI agents began operating autonomously at scale: booking travel, executing trades, calling APIs, generating content, spinning up compute. Each of those actions can require a payment. And humans cannot sit in the loop approving every $0.003 API call.
Before X402, getting an AI agent to pay for a resource meant pre-loading API keys, setting up billing accounts, or writing custom payment flows. This works when humans manage a small number of integrations. It breaks completely when an agent might call dozens of unfamiliar services in a single run — you cannot provision billing accounts in advance for every possible endpoint.
X402 enables pay-per-request access with no pre-registration. An agent encounters a new API, receives a 402 with a price, evaluates whether to pay (based on its spending policy), and either pays and gets the data or declines and moves on. No account setup. No human involved. The agent's wallet is the credential.
Coinbase's Agentic Wallets — launched March 2026 — are the wallet infrastructure designed specifically for this. They come with programmable spending guardrails: per-session caps, per-transaction limits, and enclave-isolated private keys, so agents can transact autonomously without exposing unlimited funds. AgentKit, Coinbase's open-source agent toolkit, connects these wallets to X402-enabled services in a few lines of code.
Real production examples today: CoinGecko lets agents access its market data API at $0.01 USDC per request — no API key required. Hyperbolic charges per millisecond of GPU inference. XMTP lets agents pay to join messaging groups. These are not demos — they are live, x402-gated endpoints processing real payments.
In under a year, X402 crossed 100 million payments and attracted backing from companies spanning crypto infrastructure, traditional fintech, cloud computing, and enterprise payments. This is no longer a crypto experiment — it is becoming part of the internet's plumbing.
On September 23, 2025, Coinbase and Cloudflare jointly announced the x402 Foundation — a neutral governance body to steward the protocol as an open standard. Cloudflare integrated X402 into its Agents SDK and MCP Servers, and proposed a deferred payment scheme for web crawlers and background agents. This structural move — from Coinbase project to foundation-governed standard — signals a long-term bet on protocol longevity.
In February 2026, Stripe added native X402 support for USDC agent payments on Base. The Block covered the integration as a significant signal that X402 is crossing from crypto-native to mainstream fintech. Stripe is the dominant payment processor for web developers — their endorsement means millions of existing merchants can gate resources to AI agents without building anything custom.
Google integrated X402 into its Agent Payments Protocol (AP2) in September 2025, creating a bridge between X402's crypto rails and traditional payment systems. Visa added support through its Trusted Agent Protocol (TAP). These are not companies known for fast-moving blockchain adoption — their involvement reflects the recognition that AI agent commerce requires new payment infrastructure at the protocol level.
Vercel launched x402-mcp for integrating payments directly into MCP (Model Context Protocol) tools — the same protocol Anthropic uses for Claude's tool use. Circle published tutorials for building autonomous payment flows using Circle Wallets, USDC, and X402 with LangChain AI agents. Chainlink released a demo combining X402 micropayments with CRE oracle workflows.
The full ecosystem directory — including all X402-gated services, facilitators, and SDKs — is maintained at x402.org/ecosystem. Deep technical explainers are available from QuickNode, CryptoSlate, and The Block's Learn section.
The protocol is actively evolving. X402 V2 launched December 11, 2025, with several architectural upgrades that matter for developers and the long-term health of the standard.
V2 replaced the old X-PAYMENT header prefix with standardized names (PAYMENT-REQUIRED, PAYMENT-SIGNATURE, PAYMENT-RESPONSE) aligned with IETF conventions. This matters for compatibility with web proxies, CDNs, and existing HTTP middleware.
V2 adopted CAIP-2 chain identifiers — a cross-chain standard for specifying networks — making it straightforward to add new blockchains without protocol changes. Solana, Avalanche, and Monad all joined the supported network list after V2's release.
V2 introduced a plugin-driven SDK with lifecycle hooks, enabling custom logic at each stage of the payment cycle. Developers can insert retry logic, spending policies, logging, or custom facilitator routing without forking the core library.
Solana's X402 integration — documented at solana.com/x402 — processed over 35 million transactions and $10 million in volume since summer 2025. Solana co-founder Toly publicly described x402 as "truly amazing," and Solana launched a dedicated @x402onSolana account in December 2025.
X402 is not the only attempt to solve agent-to-agent and agent-to-service payments. Understanding the landscape helps clarify where x402 fits.
| Protocol | Rail | Best For |
|---|---|---|
| X402 | USDC / EVM / Solana | AI agents, micropayments, HTTP-native access |
| L402 | Bitcoin / Lightning | Bitcoin-native micropayments with macaroon auth |
| Google AP2 | Multi-rail (cards + crypto) | Enterprise agents bridging traditional + crypto |
| Visa TAP | Card networks | Agent identity verification + card payments |
| Interledger / Web Monetization | Rail-agnostic streaming | Streaming micropayments for media |
X402's core advantages are its native HTTP integration (no new protocols to learn, just status codes), its open-source permissionless design, and the depth of its developer ecosystem. L402 is the most established alternative but is Bitcoin-only. Google AP2 is the most enterprise-friendly but is not open source. These approaches are likely to coexist rather than compete — an agent might use X402 for crypto-native services and AP2 when dealing with traditional merchant accounts.
X402 solves how an agent pays. It does not solve who the agent is. When a server receives a 402 payment proof, it knows a wallet address paid. It does not know whether that agent has a history of honest behavior, whether it has been sold or transferred, whether the wallet address is one day old or three years old, or whether it is associated with known fraudulent activity.
That gap is precisely what RNWY addresses. RNWY provides the identity layer that answers the questions X402 cannot: Is this agent legitimate? Does it have a verified track record? Has ownership changed recently? How old is the wallet address behind this payment?
The two protocols are complementary by design. ERC-8004 — the on-chain standard RNWY builds on — explicitly supports X402 payment proof references in agent registration files. An agent can present both an X402 payment (proving it can pay) and an RNWY soulbound identity (proving it has a verified history) in the same interaction. Together they form a complete trust handshake.
EXPLORE MORE
RNWY LEARN
The missing foundation for autonomous AI — why agents need verifiable identity, not just wallets.
Read the guide →RNWY LEARN
The Ethereum standard for registering AI agents on-chain — and why it pairs with X402.
Read the guide →RNWY BLOG
Why non-transferable on-chain identity is the only identity that cannot be laundered.
Read the post →X402 gives your agent a wallet. RNWY gives it a reputation. Register your agent and start building a verifiable history that other systems can trust.
Register your agent →