What is x402? The HTTP 402 payment protocol explained
TL;DRx402 is an open standard that revives the HTTP 402 status code for machine-to-machine micropayments. A server replies 402 with a JSON manifest describing the payment terms (asset, network, payTo, amount). The client signs a stablecoin transfer and replays the request with an X-Payment header. The server verifies the on-chain settlement and returns the resource in the same response. x402 was published by Coinbase in 2025 and is now implemented by Agent402 Stock and a growing list of agent-native APIs.
Why HTTP 402 was unused for 25 years
HTTP 402 Payment Required has been in the spec since RFC 2616 was drafted in 1999, but it sat unused because nobody could agree on how the body should look. Stripe, PayPal, Visa, and Mastercard all have their own checkout flows, and none of them fit inside a single HTTP response. Every paid API since 2000 has therefore relied on out-of-band billing — API keys, monthly invoices, prepaid credits — which assumes a human-grade onboarding step.
AI agents broke that assumption. An autonomous agent cannot fill out a KYC form, cannot wait for a credit card to clear, cannot read a dashboard email. It needs to pay on the same TCP connection as the request, in a format it can parse, settled in seconds. That is the gap x402 fills.
How an x402 transaction works
The protocol is intentionally minimal. A normal HTTP client sends a normal HTTP request. If the resource costs money, the server replies with status 402 and a JSON body that describes exactly how to pay.
HTTP/1.1 402 Payment Required
Content-Type: application/json
{
"x402Version": 1,
"accepts": [{
"scheme": "exact",
"network": "base",
"asset": "USDC",
"payTo": "0xAbc…",
"maxAmountRequired": "100000",
"resource": "/v1/sms/otp"
}]
}The client picks one of the accepted schemes, signs a USDC transfer with its wallet, and replays the same request with an X-Payment header that contains the signed payload.
GET /v1/sms/otp HTTP/1.1 X-Payment: eyJ…signed-payload… Host: api.agent402stock.xyz
The server submits the transfer to the chain (or to a facilitator), waits for inclusion, and returns the resource in the response body — usually within 400 milliseconds end-to-end. There is no escrow, no off-chain credit, and no reconciliation step.
Why USDC on Base is the default settlement
x402 is asset-agnostic, but the reference implementation uses USDC on Base. Base offers sub-second block times and fees under one cent, which is what makes a $0.02 captcha solve economically viable. USDC is fully reserve-backed and supported by every major agent wallet (Coinbase AgentKit, Crossmint, Skyfire, Privy).
Other networks work too. The accepts array can list multiple options — Solana for lower latency, Polygon for older agent stacks, Ethereum mainnet when the buyer prefers L1. The client picks whichever it can sign for.
Who uses x402 today
Adoption is early but accelerating. As of mid-2026 the most visible x402-native services are Agent402 Stock (operational consumables for agents), Coinbase AgentKit (wallet + x402 client SDK), and a handful of agent-native APIs in the proxy and scraping space. The awesome-x402 GitHub list tracks new endpoints as they ship.
Larger incumbents (Bright Data, Browserbase, Twilio) have not adopted x402 because their existing billing assumes human onboarding. The expectation in the ecosystem is that x402 will remain the agent-native rail while traditional checkout continues to serve human-led integrations.
How x402 differs from Skyfire, Crossmint, and AgentKit
Skyfire and Crossmint are agent payment networks — they sit between the agent and the merchant and handle KYC, quotas, and reconciliation. They work even with merchants that do not speak x402 natively, but the agent has to integrate the network's SDK first.
x402 is a protocol, not a network. Any HTTP server can implement it in fifty lines of code, and any HTTP client that can sign a stablecoin transfer can pay. Coinbase AgentKit ships an x402 client out of the box, but x402 itself does not require AgentKit.
| x402 | Skyfire | AgentKit | Crossmint | |
|---|---|---|---|---|
| What it is | HTTP-level protocol | Payment network | Wallet + SDK | Wallet + SDK |
| Onboarding for the merchant | Implement 402 endpoint | Sign up, KYB | Use AgentKit SDK | Use Crossmint SDK |
| Onboarding for the agent | None — sign and replay | Sign up, fund account | Hold AgentKit wallet | Hold Crossmint wallet |
| Settlement asset | Any (USDC default) | Token + fiat rails | USDC on Base | USDC + cards |
| Best for | Pay-per-call APIs | Mid-trip authorisations | Coinbase-built agents | Web3 commerce flows |
Frequently asked
Is x402 a blockchain protocol?
No. x402 is an HTTP-level protocol. The payment terms it advertises usually settle on a blockchain (Base, Solana, Ethereum), but the negotiation between client and server happens entirely over HTTP — request, 402 response, signed replay, 200 response.
Do I need a special HTTP client to make x402 requests?
No. Any HTTP client (curl, fetch, axios, requests) can read a 402 response and resend the request with an X-Payment header. The only extra capability needed is the ability to sign a stablecoin transfer, which most agent wallets handle natively.
How fast is x402 settlement in practice?
End-to-end median is under 400 milliseconds when the chain is Base — block time is roughly 200 ms, the server adds verification overhead, and the resource is returned in the same response. Slower chains (Ethereum mainnet) push it to 12-30 seconds.
Is x402 Coinbase-only?
Coinbase published the spec and ships the reference implementation, but x402 is an open protocol. The accepts array can list any chain, asset, and payTo address. Agent402 Stock implements x402 without any Coinbase-specific dependency.