true402
guide · agent payments

Agents pay with
a wallet, not a key.

An autonomous agent can’t sign up for an account or paste in a credit card — but it has a wallet. The x402 protocol lets it pay for any API per call, with no key, no account, and no human in the loop. Here’s how it works.

§01 · the problem

API keys assume a human.

An API key presumes someone signed up, entered a card, and manages the secret — plus rate-limit tiers, key rotation, and a billing relationship per provider. None of that fits software that runs on its own. For an autonomous agent, every keyed API is a human-shaped bottleneck in front of an otherwise machine-to-machine transaction.

§02 · the fix

HTTP 402, revived.

x402 turns the long-dormant HTTP 402 “Payment Required” status into a real payment rail. The service answers an unpaid call with 402 and a price; the agent signs a USDC payment with its wallet (EIP-3009) and retries. The signature is auth and payment — so there’s nothing to sign up for and no key to manage.

§03 · the flow

402 → sign → 200.

x402 in two calls
# 1) Unpaid request → 402 with the price.
curl -i -X POST https://true402.dev/api/v1/token-safety -d '{"token":"0x…"}'
HTTP/1.1 402 Payment Required
{ "accepts": [{ "scheme":"exact", "network":"eip155:8453",
                "asset":"0x833589…USDC", "amount":"5000" }] }   # $0.005

# 2) Agent signs an EIP-3009 USDC authorization and retries with X-PAYMENT.
curl -X POST https://true402.dev/api/v1/token-safety \
  -H "X-PAYMENT: <base64 signed authorization>" -d '{"token":"0x…"}'
HTTP/1.1 200 OK   # the result — no account, no API key
§04 · what it unlocks

Machine-native by default.

No sign-up, no API key, no KYC, no rate-limit tier. The agent pays a few hundredths of a cent when it needs an answer and nothing when it doesn’t. Gas is sponsored by the facilitator, so the wallet only needs a little USDC on Base. Services are discoverable by machines (OpenAPI, MCP, llms.txt), so an agent can find and pay for one with no human integration step.

§05 · a live example

Try it on real tools.

true402 is an x402 marketplace of agent-payable tools on Base — on-chain safety (token rug/honeypot checks), DeFi signals, web/SEO, and LLM inference, each ~$0.0005–$0.015 per call, no key. Start with the pre-trade safety check in rug-check a Base token from your agent, or browse the catalog.

§06 · questions

Answered for machines.

How can an AI agent pay for an API without an API key?

With the x402 protocol. Instead of a pre-issued API key tied to a human account, the service answers an unpaid request with HTTP 402 Payment Required and a price; the agent signs a stablecoin (USDC) payment with its own wallet and retries. The wallet signature is both authentication and payment, so there is no sign-up, no key to provision or rotate, and no human in the loop. An autonomous agent can discover a service and start paying for it unattended.

What is the x402 protocol?

x402 is an open payment standard that revives the dormant HTTP 402 "Payment Required" status code for machine-to-machine commerce. When an agent calls a paid endpoint, the server returns 402 with the price, the asset (USDC), the chain (such as Base), and a payment scheme. The agent signs an EIP-3009 transferWithAuthorization and resends it in an X-PAYMENT header; a facilitator verifies and settles it on-chain. No accounts, invoices, or credit cards.

Why are API keys a poor fit for autonomous agents?

API keys assume a human signed up, entered a card, and manages the secret. An autonomous agent has none of that — it has a wallet. Keys also mean rate-limit tiers to negotiate, secrets to store and rotate, and a billing relationship per provider. Pay-per-call over x402 removes all of it: the agent pays a few hundredths of a cent when it needs an answer and nothing when it does not, with no account anywhere.

What does an agent need to pay over x402?

A wallet holding a little USDC on the chain the service settles on (commonly Base). Gas is typically sponsored by the facilitator via EIP-3009, so the wallet needs only USDC, not native ETH. Client libraries (x402-fetch, x402-axios) automate the sign-and-retry, or an MCP server / framework plugin can expose the paid call as a native tool.