DEV Community

Morgan Espitia
Morgan Espitia

Posted on

x402 turned a joke into my revenue model ($0.008/request, no API keys)

#agents #x402 #solana #security

I spent the last month building TokenSafe — a Solana token safety scanner that charges $0.008 per request in USDC. No API keys. No accounts. No subscription. An AI agent pays, and gets the data.

Give it up for x402!

HTTP 402 ("Payment Required") was a joke that took so long to land we have no choice now but to take it seriously. Let's walk through it.

If you're building a trading agent on Solana, you need to answer "is this token safe?" before every trade. Existing options suck:

  • RugCheck charges $0.02+ and the scoring is opaque — you get a number but can't trace it.
  • GoPlus proxies other APIs and wraps them — you're trusting a trust chain.
  • Roll your own... sure why not.

You want something that reads the chain directly and shows its work.

Every TokenSafe check hits Solana via Helius RPC — no third-party security APIs in the loop. For each token:

  • Mint and freeze authority status (is someone holding the keys?)
  • Top holder concentration, adjusted for protocol PDAs — a staking pool holding 40% is different from a whale wallet holding 40%
  • Liquidity depth via Jupiter quotes, with DexScreener fallback
  • LP lock status (Raydium AMM v4 — checks against 11 known locker programs)
  • Sell-side honeypot detection — can you actually sell this thing?
  • Metadata mutability
  • Token age (adaptive — cheap probe first, deeper scan if needed)
  • Token-2022 extensions: transfer fees, permanent delegate, transfer hooks

Total cost: 6-9 RPC calls + 1-2 HTTP requests per token. On Helius free tier that's about 11,000 checks per day.

The risk score is composite 0-100 with context-aware penalties — a token with deep liquidity and years of history gets penalized less for an active mint authority than a fresh launch. Every point shows up in score_breakdown so you can trace exactly what contributed.

It's not funny anymore :P

How x402 changes the game

Traditional flow: sign up for account → get API key → integrate → manage billing → track usage → deal with rate limits by tier.

x402:

  1. Agent: GET /v1/check?mint=
  2. Server: 402 Payment Required (here's what it costs)
  3. Agent wallet: auto-signs $0.008 USDC transfer
  4. Agent: same request + payment signature
  5. Facilitator: verifies + settles on-chain (~400ms)
  6. Server: 200 OK with full analysis

That's it. The USDC lands in the Treasury wallet. The agent got its data. No accounts, no API keys, no billing system. Payment IS authentication.

On the implementation side it's genuinely simple — @x402/express middleware wraps your existing Express routes. You define a price per endpoint and it handles the 402 negotiation, payment verification, and settlement. About 40 lines of config.

Try it!

Free tier, no auth:

risk score + summary

curl "https://tokensafe-production.up.railway.app/v1/check/lite?mint=EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"

binary safe/risky decision

curl "https://tokensafe-production.up.railway.app/v1/decide?mint=So11111111111111111111111111111111111111112&threshold=30"

MCP endpoint: POST /mcp
Discovery doc: /.well-known/x402
Smithery: ampactor-labs/tokensafe

Still, early days. If you're building agents that need to evaluate tokens, the free endpoints are there so you can test the methodology before committing.

Pro tip: keep an eye out for "upto" settlement functionality, we're almost there!

Thanks for caring <3

Feedback welcome.

Top comments (0)