x402: The Micropayment Protocol That Lets AI Agents Pay for Services
HTTP 402 Payment Required was reserved in the spec for 30 years and never used. The agent economy finally unlocked it. x402 is the emerging pattern for paying per-call, not per-subscription — and it is the last missing piece that lets autonomous agents pay for services without a human in the loop.
What x402 Actually Is
When the HTTP spec was written, the authors reserved status code 402 Payment Required for future use. They knew a payment flow belonged inside HTTP, but no consensus existed on how to express a payment instruction, what a receipt looked like, or which rail the money would travel on. So 402 sat unused for 30+ years. Every paid API since has bolted billing onto the side — API keys tied to accounts tied to credit cards tied to monthly invoices.
x402 is the pattern that finally fills in the blank. When an agent calls a paid endpoint, the server responds with HTTP 402 and a machine-readable payment instruction. The agent pays, retries the request with a proof of payment, and gets the content. No signup, no card on file, no account, no human approval. It is the first payment flow designed for callers that do not have a legal identity.
The “x” in x402 is informal — it signals this is an extension layer on top of HTTP 402, not a new status code. Multiple implementations are converging on a similar response shape, most of them settling on USDC on Base or Solana for the rail because sub-second finality and sub-cent fees make per-call pricing viable.
The Four-Step x402 Flow
Every x402 transaction follows the same shape: call, quote, pay, retry. The elegance is that no side of the transaction needs to know about the other in advance.
Agent calls paid endpoint
The agent sends a normal HTTP request to an API that requires payment. No API key, no login, no billing setup — just a GET or POST to the resource.
Server returns 402 with payment instructions
Instead of 401 Unauthorized or 403 Forbidden, the server returns HTTP 402 with a JSON body describing what the payment is, how much it costs, and where to send it (chain, token, address, memo).
Agent pays on-chain or off-chain
Most x402 implementations use stablecoin rails (USDC on Base or Solana) for sub-second settlement and sub-cent fees. Some use signed off-chain tokens. The agent signs the payment with its own wallet.
Agent retries with payment proof
The agent re-sends the original request with an X-Payment header containing a signed receipt or transaction hash. The server verifies on-chain (or against its own receipt store) and serves the content.
HTTP/1.1 402 Payment Required
Content-Type: application/json
{
"x402_version": "1",
"accepts": [
{
"scheme": "exact",
"network": "base",
"asset": "USDC",
"amount": "0.01",
"pay_to": "0x9f8...a21",
"resource": "/v1/inference/premium",
"expires_in": 300,
"description": "Premium inference call, 1 request"
}
]
}Notice what is not in that response: no account ID, no API key, no authorization header, no billing portal URL. The agent has everything it needs to pay and retry. This is what makes x402 agent-native — the protocol assumes the caller is a piece of software with a wallet, not a person with a credit card.
x402 vs Traditional Subscription Billing
The subscription model assumes a human customer with a stable relationship. The agent economy breaks every one of those assumptions — and x402 is the pricing shape that survives.
The subscription model was invented for SaaS sold to humans. You buy a seat, you log in, you use the product, you cancel if you do not. None of that maps to an agent that needs to call your API once, now, and may never call it again. Forcing an agent through a human signup flow is the single biggest reason scanned businesses fail D4 Pricing Transparency. x402 is how you remove the friction without giving the service away.
Why x402 Unlocks ARL-4 Automated
In the Agent Readiness Level framework, ARL-4 is Automated — the point where an agent can complete a full transaction end-to-end without a human intervening. Discovery, understanding, signup, usage, and payment all have to work without human approval. Most businesses get stuck at ARL-2 or ARL-3 because payment still routes through a credit-card form that an agent cannot fill.
x402 is the piece that lets payment match the autonomy of everything else. If your agent card is discoverable, your MCP server is callable, your auth issues tokens to programs, and your endpoints return 402 with real payment instructions — the full loop closes. An agent can walk up, discover you, understand you, pay you, and use you inside a single conversation turn.
That is why AgentHermes scans for x402 support and treats it as one of the strongest positive signals in the D5 Payment dimension. Businesses that ship x402 today will be the first in their category to pass the ARL-4 bar. Across 500 businesses we have scanned, zero currently do.
The asymmetry:shipping x402 is a weekend project for a team that already has a payment rail. Being the first in your category to support agent-native payments is a moat that compounds. The businesses that move on this in 2026 will be charging agents while their competitors are still asking agents to “contact sales.”
Where x402 Is Showing Up First
AI inference APIs
Token-priced inference where an agent pays USDC per million tokens. No credit-card signup, no minimum commit. Any agent can call and pay without first becoming a customer.
Content and data APIs
Premium articles, datasets, and structured data behind 402. The server quotes per-record or per-query pricing. Paid content agents reliably pay for replaces paywalls no agent can cross.
Compute and specialty models
Image generation, video rendering, code execution, transcription. Long-tail specialty models can be profitable at sub-cent prices when the payment step itself costs less than a cent.
Marketplace middleware
Aggregator APIs that let agents query many backends through a single endpoint, with x402 billing at the edge. Each downstream call is a micropayment, each aggregator response is a micropayment.
These four categories share a single property: the unit of work is small, well-defined, and repeatable. That is exactly the shape subscription billing handles worst and x402 handles best. Expect the pattern to spread out from AI and data into anywhere else the same shape exists — weather APIs, geocoding, translation, moderation, search, anything with a clear per-call unit of value.
Shipping x402 On Your Own API
The minimum viable implementation takes one endpoint, one middleware layer, and one wallet address. You do not need to rewrite your billing system to start experimenting.
Pick a rail
USDC on Base is the most common choice — cheap, fast, and widely supported by agent wallets. Solana is a close second. Lightning works if you do not want custody. The rail matters less than picking one and documenting it.
Add 402 responses to one endpoint
Pick the cheapest, highest-volume endpoint you have. When a request arrives without a valid X-Payment header, return 402 with the payment instruction JSON. Do not break existing clients — gate only new callers or callers that opt in via a header.
Verify payment proofs on retry
When the request comes back with X-Payment, verify the signature or on-chain transaction. Cache the receipt for a short window so retries and refunds are idempotent. Log every receipt.
Declare it in discovery
Add an entry to your /.well-known/agent-card.json capabilities array (or agent-hermes.json) declaring x402 support with the endpoint URL. AgentHermes scanners will pick this up automatically.
Run a paid scan
Scan your own domain at /audit after shipping. Watch the D5 Payment score climb. Publish your x402 receipt count on a public stats page for social proof.
Frequently Asked Questions
Is x402 an actual IETF standard?
HTTP 402 Payment Required has been reserved in the HTTP spec (RFC 7231) for decades but was never fully defined — there was no agreement on what a payment proof should look like. "x402" is the informal name for the new wave of payment-required implementations emerging in 2024-2026, most of them on stablecoin rails. It is becoming the de facto standard even before any single RFC wins.
Does x402 require crypto or a blockchain?
The dominant implementations do use stablecoins (USDC on Base, Solana, or Ethereum L2s) because they give you sub-second settlement, sub-cent fees, and no chargebacks. But the x402 response format itself is payment-rail agnostic. You can return 402 with Lightning invoice instructions, signed Stripe PaymentIntents, or a centralized prepaid-balance token. Chain-based just happens to be where the momentum is.
Why not just use Stripe metered billing instead?
Stripe metered billing assumes a known customer with a card on file — a human signed up, proved identity, attached a payment method, and got credentials the agent then uses. x402 is agent-native from the first request. There is no account, no signup flow, no human. The agent shows up, the server quotes a price, the agent pays. For autonomous agents discovering and using services on the fly, that is the only model that scales.
How does AgentHermes detect x402 support?
The AgentHermes scanner probes a sample of an endpoint's exposed surface and watches for 402 responses with structured payment instructions (chain, token, amount, address, expiration). We also parse OpenAPI specs for x402 extensions, agent-card.json files for payment capability declarations, and /.well-known/payment.json discovery files. Any of these contributes to D5 Payment and flags the business as moving toward ARL-4 Automated.
What does x402 support do for my Agent Readiness Score?
x402 hits three dimensions at once: D5 Payment (directly), D4 Pricing Transparency (the 402 response itself contains pricing), and D9 Agent Experience (it removes the signup dead-end that kills most agent journeys). Among the 500 businesses AgentHermes has scanned, zero support x402 today. The first ones to ship it will jump from Bronze to Silver purely on payment dimensions, and they unlock the path to ARL-4.
Where is x402 actually being used today?
Early adopters cluster around AI inference APIs, content APIs, and data APIs — categories where per-call makes obvious sense. Several inference providers let agents pay per-token in USDC instead of buying credits. A handful of content APIs return 402 for premium articles. Data providers are experimenting with pay-per-row. The pattern is any service where a subscription is overkill and a credit card flow is a conversion killer.
See if your API is ready for x402
Get your Agent Readiness Score in 60 seconds. We probe for x402 support, 402 response shapes, and payment discovery files — then show you exactly what it takes to reach ARL-4.