An autonomous agent can’t sign up for an account or paste in a credit card — but it has a
wallet. The x402 protocol lets it pay for any API per call, with no key, no
account, and no human in the loop. Here’s how it works.
§01 · the problem
API keys assume a human.
An API key presumes someone signed up, entered a card, and manages the secret — plus rate-limit tiers, key rotation, and a billing relationship per provider. None of that fits software that runs on its own. For an autonomous agent, every keyed API is a human-shaped bottleneck in front of an otherwise machine-to-machine transaction.
§02 · the fix
HTTP 402, revived.
x402 turns the long-dormant HTTP 402 “Payment Required” status into a real payment rail. The service answers an unpaid call with 402 and a price; the agent signs a USDC payment with its wallet (EIP-3009) and retries. The signature is auth and payment — so there’s nothing to sign up for and no key to manage.
§03 · the flow
402 → sign → 200.
x402 in two calls
# 1) Unpaid request → 402 with the price.
curl -i -X POST https://true402.dev/api/v1/token-safety -d '{"token":"0x…"}'
HTTP/1.1 402 Payment Required
{ "accepts": [{ "scheme":"exact", "network":"eip155:8453",
"asset":"0x833589…USDC", "amount":"5000" }] } # $0.005
# 2) Agent signs an EIP-3009 USDC authorization and retries with X-PAYMENT.
curl -X POST https://true402.dev/api/v1/token-safety \
-H "X-PAYMENT: <base64 signed authorization>" -d '{"token":"0x…"}'
HTTP/1.1 200 OK # the result — no account, no API key
§04 · what it unlocks
Machine-native by default.
No sign-up, no API key, no KYC, no rate-limit tier. The agent pays a few hundredths of a cent when it needs an answer and nothing when it doesn’t. Gas is sponsored by the facilitator, so the wallet only needs a little USDC on Base. Services are discoverable by machines (OpenAPI, MCP, llms.txt), so an agent can find and pay for one with no human integration step.
§05 · a live example
Try it on real tools.
true402 is an x402 marketplace of agent-payable tools on Base — on-chain safety (token rug/honeypot checks), DeFi signals, web/SEO, and LLM inference, each ~$0.0005–$0.015 per call, no key. Start with the pre-trade safety check in rug-check a Base token from your agent, or browse the catalog.
§06 · questions
Answered for machines.
How can an AI agent pay for an API without an API key?
With the x402 protocol. Instead of a pre-issued API key tied to a human account, the service answers an unpaid request with HTTP 402 Payment Required and a price; the agent signs a stablecoin (USDC) payment with its own wallet and retries. The wallet signature is both authentication and payment, so there is no sign-up, no key to provision or rotate, and no human in the loop. An autonomous agent can discover a service and start paying for it unattended.
What is the x402 protocol?
x402 is an open payment standard that revives the dormant HTTP 402 "Payment Required" status code for machine-to-machine commerce. When an agent calls a paid endpoint, the server returns 402 with the price, the asset (USDC), the chain (such as Base), and a payment scheme. The agent signs an EIP-3009 transferWithAuthorization and resends it in an X-PAYMENT header; a facilitator verifies and settles it on-chain. No accounts, invoices, or credit cards.
Why are API keys a poor fit for autonomous agents?
API keys assume a human signed up, entered a card, and manages the secret. An autonomous agent has none of that — it has a wallet. Keys also mean rate-limit tiers to negotiate, secrets to store and rotate, and a billing relationship per provider. Pay-per-call over x402 removes all of it: the agent pays a few hundredths of a cent when it needs an answer and nothing when it does not, with no account anywhere.
What does an agent need to pay over x402?
A wallet holding a little USDC on the chain the service settles on (commonly Base). Gas is typically sponsored by the facilitator via EIP-3009, so the wallet needs only USDC, not native ETH. Client libraries (x402-fetch, x402-axios) automate the sign-and-retry, or an MCP server / framework plugin can expose the paid call as a native tool.