Function
1) Actors and Roles
Client/Buyer (app, script, or agent): Calls your paid endpoint. On
402 Payment Required, it constructs a payment and retries the same request with verifiable proof. In x402, payment is encoded directly in the HTTP loop. Coinbase Developer Docs+1Your Service (x402 Seller): Exposes a normal HTTP route but returns
402with machine-readable payment requirements (amount, currency, recipient, expiry). After verification, it returns200 OKwith the resource. Coinbase Developer Docsx402 Facilitator: A verification/settlement service you call to verify that the client’s onchain payment satisfies the requirements, and (optionally) to settle onchain without running your own node. Coinbase Developer Docs+1
Solana blockchain: Final settlement layer for USDC-SPL transfers used to satisfy the
402challenge. Coinbase Developer Docs
2) The HTTP 402 Request Lifecycle (Step-by-Step)
Initial request: The client calls your protected route, e.g.,
GET /v1/summarize?chars=2000.Payment challenge: Your service responds with
HTTP 402 Payment Required, including structured payment requirements: price, SPL mint (USDC), destination address, expiry/nonce, and any facilitator hints. The 402 code is a long-standing, rarely used status explicitly intended for payment gating, which x402 standardizes for web use. MDN Web Docs+1Client payment (Solana): The client prepares and signs a USDC-SPL transfer that matches the requirements and broadcasts it to Solana (or passes the transaction data to the facilitator depending on integration). Coinbase Developer Docs
Verify: Your service calls the facilitator’s
/verifyendpoint with the client’s payment header and your requirements. The facilitator checks chain state and confirms whether the transfer meets the contract (amount, recipient, token, freshness). GitHubSettle (optional): If you want the facilitator to handle submission/settlement flows, call its
/settleAPI; otherwise, you can treat the onchain transfer as final once confirmed. Coinbase Developer DocsServe content: If verified, you return
200 OKwith the response payload and include a payment receipt (e.g., anX-Payment-Responseheader) for auditability and refunds if you support them. If verification fails, return another402describing what’s missing. Coinbase Developer Docs
3) Payment Requirements & Headers
x402 formalizes how sellers declare payments and how buyers prove them via headers. In practice, your 402 response embeds a compact, signed structure that includes amount, currency/mint (USDC-SPL), destination, valid-until, and any facilitator or nonce fields needed for replay protection. The client’s retry includes a payment header referencing the transaction and a proof the facilitator can validate deterministically. This makes paying “stateless” at the HTTP layer and avoids local sessions or bespoke checkout flows. Coinbase Developer Docs+1
4) Why Solana USDC-SPL for Settlement
Solana offers high throughput, low fees, and rapid finality, which are critical for pay-per-call economics and agent-driven use cases. USDC on Solana (SPL) is supported in the x402 Network & Token Support matrix, making it a first-class fit for the protocol without custom shims. For teams, this keeps the round-trip fast enough that “pay-then-retry” feels instantaneous. Coinbase Developer Docs
5) Operationalization with Layer2 Financial
After the facilitator verifies payment on Solana, Layer2 Financial handles the operational side:
Treasury & custody: USDC-SPL program wallets, multi-custody routing (e.g., segregated accounts), and reconciliation/monitoring so finance teams can audit flows.
Bank connectivity: ACH and Fedwire for inbound/outbound fiat, plus program settlement accounts when you want to sweep or fund card rails.
Card authorizations (optional): If you issue cards, JIT funding can top up authorizations from treasury in real time. These building blocks are covered in company materials (ACH Pull/Push, custody partners, and payout infra) and map cleanly to x402 receipts. Rail
6) Error Handling, Idempotency, and Retries
Idempotency: Treat
verify/settleas idempotent via request IDs so your service is safe to retry on network hiccups. The facilitator and your server should accept duplicate notifications without double-serving content. Coinbase Developer DocsExpired or underpaid: If the transfer is late or short, the facilitator returns failure; you respond with a fresh
402detailing updated requirements. Coinbase Developer DocsObservability: Correlate request IDs from client → facilitator → Solana transaction hash → response receipt for audit and refunds.
7) Security & Compliance Touchpoints
Header integrity: Sign the payment requirements you place inside
402to prevent tampering.Replay protection: Include nonces and expirations; facilitators validate freshness. Coinbase Developer Docs
KYT/monitoring: Run KYT on inbound Solana transfers if your risk policy requires it; reconcile receipts to treasury ledgers.
No-session design: Because x402 is HTTP-native, you avoid long-lived sessions or embedded keys in client apps.
8) Developer Workflow (Putting It Together)
Server: Add a middleware that, on access checks failing for “not yet paid,” emits a standards-conforming
402with requirements. On success fromverify, proceed to the handler and return200 OK. Coinbase Developer DocsClient: Use an x402-compatible library or a thin wrapper that can parse the 402, create a USDC-SPL transfer on Solana, and retry with a payment header. Coinbase Developer Docs
Facilitator: Integrate
/verify(and/settleif desired) from the facilitator API. Third-party facilitators exist; Coinbase’s reference implementation is open source. GitHub+1
Last updated