← Back to blog
Developer Guide · 6 min read · March 2026

Building on x402 — The Open
Payment Protocol for AI Agents

x402 makes any HTTP resource payable without new infrastructure. A developer walkthrough of implementation on both sides — and why it matters beyond micropayments.

6 min read
AGENT API GET /api/data 402 Payment Required { amount, recipient } GET /api/data + x-payment-proof: [signed] 200 OK { data: ... } 1. 2. 3. 4.

Most new protocols in the payments space share a common failure mode: they require both sides to do significant work before the first transaction can occur. New SDKs to integrate, registration processes to complete, credentials to provision, documentation to read. This is the coordination overhead that kills adoption. Developers adopt the path of least resistance, and protocols with high setup costs never reach the network scale they need to be useful.

x402 has something most payment protocols lack: it requires almost nothing from either side. An API server adds a 402 response and a payment terms payload. An agent reads the 402, evaluates the terms against its policy, and pays or declines. No bilateral setup, no registry, no new SDK for the server side. Just HTTP — the protocol that already runs the web. That's why x402 reached 35 million transactions in production before most developers had heard of it.

The x402 flow — step by step

To understand why x402 works, it helps to trace the exact protocol flow. An agent makes a standard HTTP GET request to an API endpoint. If the endpoint is paywalled and the request doesn't include a payment proof, the server returns HTTP 402 Payment Required with a structured JSON payload:

402 response from server
{ "version": "1.0", "accepts": [{ "scheme": "exact", "network": "base-mainnet", "maxAmountRequired": "1000", "resource": "https://api.marketdata.example/v1/prices", "description": "Real-time market data — 1,000 USDC units per request", "mimeType": "application/json", "payTo": "0xabc...def", "maxTimeoutSeconds": 300, "asset": "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913", "outputSchema": null }] }

The agent receives this, evaluates whether the payment terms are acceptable against its policy engine (amount, recipient, network all checked against configured rules), generates a payment proof by executing the USDC transfer, and retries the original request with the payment proof in the X-PAYMENT header. The server verifies the proof and returns the data.

Server-side implementation

From the server perspective, implementing x402 is a single middleware addition. Here's a complete example with Express:

server.ts
import { facilitator } from '@coinbase/x402-express'; // The middleware handles the entire 402 flow app.use(facilitator({ wallet: process.env.WALLET_ADDRESS, network: 'base-mainnet' })); // Your existing endpoint — just add the price app.get('/api/v1/prices', paymentMiddleware('0.001', 'USDC'), // <-- this is all you add async (req, res) => { res.json({ data: await fetchPrices() }); } );

That's the entire server-side change. The middleware handles 402 issuance, payment proof verification, and request routing. Your endpoint receives a request only when a valid payment has been verified. The business logic doesn't need to know anything about how payment happened.

Agent side — automatic with Proco

On the agent side, Proco's x402-compatible HTTP client handles the full negotiation automatically. Your agent code doesn't need to implement the 402 flow — it makes normal HTTP calls and the infrastructure handles the rest:

agent.ts
const proco = new ProcoClient({ apiKey: process.env.PROCO_API_KEY }); const http = proco.createHttpClient({ agentId: 'research-agent-01', // Policy evaluated before any payment is made policy: { maxSingleTransaction: '0.01', currency: 'USDC' } }); // Standard HTTP call — 402 negotiation is invisible to your code const data = await http.get('https://api.marketdata.example/v1/prices'); // Behind the scenes: // 1. GET request made → 402 received with payment terms // 2. Terms evaluated against agent policy → approved (0.001 USDC < 0.01 limit) // 3. USDC transfer executed on Base → payment proof generated // 4. Original request retried with X-PAYMENT header // 5. Server verifies proof → returns data console.log(data); // { prices: [...] }

From the agent's perspective, it made an HTTP call and got data. The payment was handled transparently. If the payment terms exceed policy limits, the client throws a PaymentPolicyExceeded error rather than executing the payment — preserving the agent's financial guardrails without requiring the agent code to implement policy logic.

The policy integration that makes x402 safe at scale

The critical insight about x402 in a production agent deployment isn't the protocol itself — it's that the payment step needs to be evaluated against a policy before execution. Without a policy engine, x402 is a mechanism for any API to extract money from your agent by returning a 402. With a policy engine, every x402 payment is evaluated before it happens.

Proco's x402 client integrates with the policy engine by default. Before executing any x402 payment, the client checks:

If any check fails, the payment is blocked and the error is logged. This is the pattern that makes agent-to-API micropayments safe enough for production enterprise deployment: transparent automation with policy-enforced guardrails at the financial layer.

Why x402 matters beyond the payment itself

The deeper significance of x402 isn't that it makes individual API calls payable — it's that it makes agent-to-service commerce a standard HTTP pattern. Any x402-compatible API can be paid by any x402-compatible agent, without bilateral integration between the specific API provider and the specific agent infrastructure. The protocol is the integration.

As the x402 ecosystem grows — currently backed by Coinbase, Google, Anthropic, Visa, AWS, and Cloudflare — every new API that adds x402 support immediately becomes accessible to every x402-compatible agent. Every new agent that implements x402 handling immediately gains access to the full x402 API ecosystem. This is the internet model applied to agent commerce: open standards that create network value without centralised control.

For builders, the practical implication is: start with x402 for agent-to-API interactions. The implementation cost is low on both sides. The composability with policy engines, audit logging, and agent identity infrastructure is native to the protocol. And the network you're joining already has production volume and institutional backing. That's a rare combination in a new protocol.

Further reading: x402 Explained · x402 vs AP2

x402-compatible out of the box — no configuration needed

Free sandbox on signup. No credit card. Live in 10 minutes.

Start building free →