What is x402, the HTTP payment protocol for AI agents
x402 is an open HTTP payment protocol that lets AI agents pay for API access inline. A server responds with HTTP 402 plus a PAYMENT-REQUIRED header carrying base64-encoded payment requirements. The agent signs and resubmits with a PAYMENT-SIGNATURE header. The server verifies and returns the resource plus a PAYMENT-RESPONSE settlement receipt. PaidSync shipped the first MCP server for ads with full x402 v2 HTTP transport headers on 2026-05-19.
The 30-second version
Before x402, paid APIs each invented their own auth and billing flow. An AI agent that wanted to call a paid endpoint had to learn each one separately. x402 fixes that. It is a single open standard for "API requires payment" signaling, settlement, and confirmation, layered on top of standard HTTP.
The protocol is maintained at github.com/coinbase/x402. Version 2 covers core data structures (PaymentRequirements, PaymentPayload, SettlementResponse), payment schemes (exact, deferred), networks (EVM chains like Base, plus Solana), and two transports: HTTP and MCP.
The protocol flow
- Client request. Agent calls
GET /resource. - Server signals payment required. Returns HTTP 402 with
PAYMENT-REQUIREDheader containing base64-encoded JSON describing accepted payment schemes (scheme, network, asset, payTo, amount). - Agent signs payment. Decodes the requirements, signs an authorization using its wallet for the matching scheme, base64-encodes a
PaymentPayload, retries the request with aPAYMENT-SIGNATUREheader. - Server verifies and settles. Validates the signature, broadcasts the settlement (on-chain for crypto schemes, off-chain for fiat), returns the resource plus a
PAYMENT-RESPONSEheader containing the settlement receipt.
The minimum 402 response (per spec)
HTTP/1.1 402 Payment Required
Content-Type: application/json
PAYMENT-REQUIRED: eyJ4NDAyVmVyc2lvbiI6Miwi...<base64 JSON>...
{}The base64 decodes to the canonical structure:
{
"x402Version": 2,
"error": "PAYMENT-SIGNATURE header is required",
"resource": {
"url": "https://api.example.com/resource",
"description": "Premium API",
"mimeType": "application/json"
},
"accepts": [
{
"scheme": "exact",
"network": "base",
"amount": "1000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "0x209693...",
"maxTimeoutSeconds": 60,
"extra": { "name": "USDC", "version": "2" }
}
]
}USDC on Base mainnet is the most common asset because it settles in seconds for fractions of a cent. Solana is the second most common.
x402 vs AP2 vs MPP vs ACP
x402 is one of four agent commerce protocols converging in 2026. Each owns a different layer.
| Protocol | Layer | Discovery surface | Settlement |
|---|---|---|---|
| x402 | HTTP wire payments | HTTP 402 plus PAYMENT-REQUIRED header, x402 Bazaar registry | Crypto or fiat, scheme-agnostic |
| AP2 (Google) | Agent-to-agent payment intent | A2A Agent Card extension at /.well-known/agent-card.json | Defers to underlying rails |
| MPP (Stripe) | Paid endpoint discovery | OpenAPI x-payment-info extension, MPP Bazaar | Stripe-managed |
| ACP (OpenAI plus Stripe) | Agentic checkout sessions | /.well-known/acp.json discovery | Stripe-managed |
A modern paid API publishes discovery for all four so any agent ecosystem can find and pay it. PaidSync ships discovery for all four as of 2026-05-19.
How PaidSync ships x402
PaidSync's x402 endpoint is live at https://paidsync.ai/api/v1. Hit it without a payment header and you get the canonical 402 response.
$ curl -i https://paidsync.ai/api/v1
HTTP/2 402
content-type: application/json
payment-required: eyJ4NDAyVmVyc2lvbiI6Miwi...
x402-version: 2
cache-control: public, max-age=60
{"x402Version":2,"error":"PAYMENT-SIGNATURE header is required",
"resource":{"url":"https://paidsync.ai/api/v1",...},
"accepts":[{"scheme":"exact","network":"base","amount":"1000",
"asset":"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo":"0x0000...","maxTimeoutSeconds":60,
"extra":{"name":"USDC","version":"2","humanCheckout":"https://paidsync.ai/pricing",
"mcpEndpoint":"https://paidsync.ai/mcp",...}}]}The extra field carries PaidSync-specific discovery: the MCP endpoint URL, the agent card location, and the human checkout fallback. Agents that don't yet have an x402 wallet read the humanCheckout URL and redirect their user to Stripe.
Agent-initiated payment validation is in pilot at PaidSync. Human-authorized Stripe billing is the current default. Full agent-wallet receipt and quota integration ships Q3 2026.
Why this matters for paid media
The paid-media stack is a natural fit for x402. Every agent that runs Google Ads, Meta, LinkedIn, or TikTok burns API calls. Today those calls are gated by per-platform OAuth and per-platform pricing. x402 lets an agent connect to a single MCP endpoint (PaidSync), see a transparent per-call price, and settle in real time. No platform-specific billing setup, no subscription friction, no waste.
The Q3 2026 PaidSync roadmap includes agent-wallet receipt for x402, MPP-spec x-payment-info on every metered operation, AP2-compliant payment mandates inside the A2A Agent Card, and ACP-compliant checkout for agent-initiated subscription signups. Today's release is the discovery layer; Q3 is the live billing layer.
FAQ
What does x402 stand for?
x402 is named after HTTP status code 402 Payment Required. The protocol formalizes how servers signal payment is required and how clients submit and settle payments inside the HTTP request flow.
Who created x402?
x402 is maintained as an open standard at github.com/coinbase/x402. Version 2 of the specification covers core data structures, payment schemes (exact, deferred), networks (EVM, Solana), and HTTP and MCP transports.
What HTTP headers does x402 use?
The server returns HTTP 402 with a PAYMENT-REQUIRED header containing the base64-encoded payment-requirements JSON. The client retries with a PAYMENT-SIGNATURE header containing a signed PaymentPayload. The server replies with the resource plus a PAYMENT-RESPONSE header containing the settlement receipt.
Does x402 use crypto or fiat?
Both. The exact scheme typically settles in USDC on Base or Solana for speed and low fees. Fiat schemes use ISO 4217 currency codes (USD, EUR) and route through Stripe, PayPal, or other rails. The protocol is asset-agnostic.
Is x402 only for crypto APIs?
No. x402 is a payment-required signaling protocol. The underlying settlement can be USDC, ETH, fiat through Stripe, subscription gating, or anything an HTTP server can verify. PaidSync uses x402 to signal subscription-based pricing where the AI agent points the user to a Stripe checkout when 402 fires.
How is x402 different from AP2 and MPP?
x402 is HTTP-layer payment signaling. AP2 (Google Agent Payments Protocol) is agent-to-agent payment intent and authorization. MPP (Stripe Machine Payments Protocol) is OpenAPI-extension-based discovery of paid endpoints. The three are complementary. PaidSync publishes discovery for all three.
Does PaidSync support x402?
Yes. PaidSync ships the x402 v2 HTTP transport at paidsync.ai/api/v1 with the canonical PAYMENT-REQUIRED base64 header. Agent-initiated payment validation is in pilot. Human-authorized Stripe billing is the current default. Agent-wallet acceptance ships Q3 2026.
Why does x402 matter for AI agents?
Without a standard, every paid API had to publish its own auth and billing flow. Agents had to learn each one. x402 standardizes payment-required signaling so any agent that speaks x402 can pay for any x402 endpoint without prior integration. This unlocks agent-native commerce.
What is the x402 Bazaar?
The x402 Bazaar (x402.org) is a public registry of x402-enabled services. Agents query the Bazaar to discover paid APIs with their schemes, networks, and pricing.
Test x402 right now
Open a terminal and run:
curl -i https://paidsync.ai/api/v1You will see the canonical 402 response with the base64-encoded PAYMENT-REQUIRED header. Decode it to see PaidSync's accepted schemes, networks, and assets. This is the same response any x402-aware agent reads when discovering a PaidSync endpoint.
Connect PaidSync to your AI assistant