How Do AI Agents Pay for APIs?
Under the x402 protocol, an AI agent pays for API access in four steps, entirely in code: it calls a gated endpoint, receives an HTTP 402 with payment requirements, signs and submits an on-chain payment, and retries the original call with a payment-proof header. The server verifies the proof on-ledger and returns the result.
Quick facts
- Step 1: Agent calls a gated endpoint (e.g.
POST /tools/premium-query). - Step 2: Server responds
HTTP 402withX-Payment-Requirements(destination, amount, currency). - Step 3: Agent's middleware signs and submits the payment on-chain (XRPL/Xahau confirm in ~3 seconds via mcp-x402-xrpl).
- Step 4: Agent retries with
X-Payment-Proof(tx hash, ledger index, payer); server verifies on-ledger and returns200 OK.
Frequently asked questions
Does the agent need a human to approve each payment?
No. The agent's wallet and middleware are configured ahead of time (e.g. a maxPaymentDrops safety cap), and every payment within that policy happens without a human in the loop.
What stops an agent from overspending?
Middleware like mcp-x402-xrpl's createX402Middleware accepts a maxPaymentDrops cap per request as a safety limit.
Can an agent check the price before paying?
Yes, where a pre-flight quote endpoint is offered — for example SqueezeOS exposes GET /x402/quote?tool=<toolId>, returning the exact cost and a 60-second-valid quote before any payment is made.