What is x402? The complete guide to the agent-payment protocol
x402 is an open protocol that lets an AI agent pay for a single API call over HTTP — using the 402 "Payment Required" status code and USDC stablecoin settlement — with no account, no API key, and no subscription. Here is how it works, end to end.
What is x402?, The HTTP 402 status code it revives, How an x402 payment works, step by step
What is x402?
x402 is an open payment protocol that lets a client pay for a single HTTP request — no account, no API key, no subscription. Originally published by Coinbase and now an open standard, it revives the long-dormant HTTP 402 "Payment Required" status code: a server answers an unpaid request with a 402 challenge, the client settles a small stablecoin payment, and retries. Because the whole exchange happens in HTTP headers, an autonomous AI agent can discover a tool and pay for it the moment it needs it, entirely on its own.
The HTTP 402 status code it revives
HTTP 402 "Payment Required" has been reserved in the HTTP spec since the 1990s but was never standardized — for decades it sat unused, waiting for a payment rail the web never agreed on. x402 fills that gap. When a server returns 402, it now means something concrete: "send a payment matching this challenge, then try again." The challenge spells out the price, the asset, the network, and the recipient address, so the client knows exactly what to pay and to whom.
How an x402 payment works, step by step
First, the client sends a normal HTTP request to the endpoint. Second, the server replies 402 with a payment challenge: amount, asset (USDC), network (Base), and the payTo recipient. Third, the client's x402 library signs a stablecoin authorization for that exact amount and resends the request with a payment header attached. Fourth, a facilitator verifies the signature and settles the transfer on-chain. Fifth, the server runs the work and returns 200 with the result. From the agent's code it is one call — the library handles the 402, the signature, and the retry automatically.
The facilitator: who verifies and settles
A facilitator is the service that checks a payment is valid and moves the money on-chain so the API provider doesn't have to run blockchain infrastructure. The client signs a gasless USDC authorization (an EIP-3009 "transfer with authorization"); the facilitator broadcasts it, pays the gas, and confirms settlement. Coinbase runs the most widely used facilitator, but the protocol is open and the role is pluggable. The provider just calls the facilitator to verify-and-settle, then serves the response.
The Bazaar: how agents discover x402 services
Discovery is the other half of the protocol. The x402 Bazaar is a public index of x402-enabled endpoints — the directory an agent searches to find a tool that does what it needs, complete with each endpoint's price, inputs, and description. A resource is cataloged automatically the first time it settles a real payment through the facilitator, which is why a brand-new agent can find and call a service it has never heard of without any human registering it first.
USDC settlement on Base: the money rail
x402 settles in USDC, a fully-reserved US-dollar stablecoin, on Base, a low-cost Ethereum layer-2 network. Stablecoins keep the price stable in dollar terms, and Base keeps per-transaction fees to fractions of a cent, which is what makes sub-cent-to-dollar API calls economical. The payment is gasless for the payer — they sign an authorization and the facilitator covers the gas — so an agent needs only a funded USDC balance, not a full crypto wallet stack, to start paying.
x402 vs API keys and subscriptions
Traditional APIs gate access behind a signup, a provisioned key, and a billing relationship — all things a human sets up in advance and an autonomous agent cannot negotiate mid-task. x402 replaces that with per-request settlement: cost scales exactly with usage, there is no key to rotate or store, no monthly minimum, and idle time costs nothing. Subscriptions still win for high, steady volume owned by a human; x402 wins for spiky, autonomous, pay-for-what-you-use workloads where the caller is software.
x402 and MCP: discovery plus payment
The Model Context Protocol (MCP) is how agents discover and invoke tools; x402 is how they pay for the ones that aren't free. They compose cleanly: an MCP server can expose a tool that proxies to an x402 endpoint, returning the 402 so the agent's x402 client settles payment transparently. The agent gets MCP's familiar tool interface and x402's pay-per-call billing in one flow — discovery and monetization without a signup step in between.
Why x402 fits autonomous agents
An agent can't fill out a signup form, accept terms of service, or paste an API key from an email. x402 turns "pay for this call" into a primitive the agent performs itself, so it can use a tool the instant it needs it and pay only for what it uses. That is why x402 is becoming the default billing layer for the agent economy — it is the one payment model that doesn't assume a human is in the loop.
How to call an x402 endpoint
Point an x402 client at any x402-enabled URL — for example, POST your cashflows to https://hermesplant.com/api/agent-services/cashflowlens/analyze. The first response is a 402 carrying the price, the USDC asset, the Base network, and the payTo address. A wrapper such as x402-fetch signs the authorization and retries for you, so your code just sees the 200 result. Hermes Plant runs a suite of deterministic finance and quant endpoints — DCF/IRR, options Greeks, distribution waterfalls, bond analytics — all x402-metered at a few cents per call. Browse the suite to wire the first one into your agent.
FAQ
What does x402 mean?
x402 is named after the HTTP 402 "Payment Required" status code it builds on. It is an open protocol for paying for an individual HTTP request with a stablecoin, letting clients — especially AI agents — pay per call with no account or API key.
What is an x402 facilitator?
A facilitator is the service that verifies an x402 payment and settles it on-chain on the provider's behalf. The client signs a gasless USDC authorization; the facilitator broadcasts it, pays the gas, and confirms settlement, so the API provider never has to run blockchain infrastructure. Coinbase operates the most widely used facilitator, but the role is open and pluggable.
What is the x402 Bazaar?
The Bazaar is a public discovery index of x402-enabled endpoints — the directory an agent searches to find a paid tool, including its price, inputs, and description. A resource is added automatically the first time it settles a real payment through the facilitator, so no manual registration is required.
What is USDC settlement and a payTo address?
x402 payments settle in USDC, a dollar-pegged stablecoin, on the Base network. The payTo address in a 402 challenge is the recipient's wallet — where the USDC lands when the payment settles. Settlement is gasless for the payer, who only signs an authorization while the facilitator covers the network fee.
Is x402 the same as HTTP 402?
Not quite. HTTP 402 is the "Payment Required" status code reserved in the HTTP standard but historically unused. x402 is the protocol that gives 402 a concrete meaning: a structured challenge describing the price, asset, network, and recipient, plus the headers a client uses to pay and retry.
How is x402 different from an API key?
An API key is a long-lived credential a human provisions in advance and the client stores and rotates. x402 has no key: the client pays per request in USDC, cost scales exactly with usage, and there is nothing to sign up for, store, or revoke. That makes x402 usable by autonomous agents that can't complete a signup flow.
What blockchain and token does x402 use?
The common deployment settles USDC on Base, a low-cost Ethereum layer-2, which keeps per-call fees to fractions of a cent and prices stable in dollar terms. The protocol itself is asset- and network-agnostic, but USDC-on-Base is the dominant rail today.
Do I need crypto experience to use x402?
No. An x402 client library handles the 402 challenge, the signature, and the retry, so paying for a call looks like an ordinary HTTP request in your code. You need a funded USDC balance on Base; from there the protocol stays invisible behind the library.