x402
Stablecoin Payments for AI Agents
The Coinbase + Cloudflare protocol that gives HTTP 402 ("Payment Required") its purpose after 25 years. Agents pay for API calls with USDC stablecoins on Base -- no credit cards, no subscriptions, no humans in the loop.
What is x402?
HTTP status code 402 -- "Payment Required" -- was reserved in 1997 for "future use." For 25 years, nobody used it. Then AI agents needed to pay for things.
x402 is the protocol that finally implements HTTP 402. When an agent calls a paid API, the server returns a 402 response with a payment requirement. The agent signs a USDC payment, retries the request with a payment header, and gets the response. No human intervention. No credit card form. Just code paying code.
The payment flow
Why stablecoins?
Credit cards are designed for humans: they need names, addresses, CVVs, and 3D Secure flows. Agents can't fill out checkout forms. Stablecoins (USDC on Base) are programmable money -- an agent with a private key can sign a payment in milliseconds.
- No intermediaries -- Agent pays service directly. No Stripe, no PayPal, no bank transfer.
- Micropayments -- Pay $0.001 per API call. Credit cards can't do this economically.
- Instant settlement -- Base L2 confirms in ~2 seconds. No 3-5 business days.
- Global -- USDC works everywhere. No currency conversion, no cross-border fees.
The x402 stack
Server-side
Any HTTP server can accept x402 payments by adding middleware. When a request doesn't include payment, return 402 with payment requirements. When it does, verify the payment via the Coinbase facilitator and serve the response.
Client-side
The agent's x402 client intercepts 402 responses, signs payments with the agent's wallet, and retries automatically. The agent doesn't even need to "know" it's paying -- the x402 client handles it transparently.
Facilitator
Coinbase hosts a facilitator at x402.org/facilitator that verifies payment signatures and settles USDC transfers. The facilitator never holds funds -- it's a verification layer, not a custodian.
How MeetLoyd implements x402
MeetLoyd has both server-side and client-side x402 deployed in production (Enterprise tier):
- Server-side --
createX402Middleware()on MeetLoyd Store endpoints. Third-party agents can pay for premium skills and tools with USDC. - Client-side --
makeX402Payment()for agents paying external x402-protected APIs. Automatic 402 interception and payment signing. - Spending governance -- Every x402 payment goes through the same AP2 spending policy as Stripe payments. Agents have budgets, approval thresholds, and audit trails.
- Wallet security -- Private keys encrypted with AES-256-GCM in MeetLoyd's vault (same infrastructure as LLM API keys). Wallets are per-agent, not per-tenant.
- MCP tools --
x402_check_wallet,x402_pay,x402_check_support. Agents can inspect their balance, make payments, and check if an API supports x402.
x402 vs traditional payments
- Credit cards -- Designed for humans. Need checkout UI, PCI compliance, chargebacks. Minimum ~$0.30 per transaction.
- x402 -- Designed for code. No UI needed, no PCI, no chargebacks. Micropayments down to fractions of a cent.
- Stripe -- Still the best option for subscription billing and human purchases. x402 complements Stripe for agent-to-agent payments.