DEV Community

cryptonite cryptonite
cryptonite cryptonite

Posted on • Originally published at true402.dev

How AI agents pay for APIs without an API key

Originally published at true402.dev/guides/how-ai-agents-pay-for-apis-x402.

An autonomous agent can't sign up for an account or paste in a credit card — but it has a wallet. The x402 protocol lets it pay for any API per call, with no key, no account, and no human in the loop. Here's how it works.

The problem: API keys assume a human

An API key presumes someone signed up, entered a card, and manages the secret — plus rate-limit tiers, key rotation, and a billing relationship per provider. None of that fits software that runs on its own. For an autonomous agent, every keyed API is a human-shaped bottleneck in front of an otherwise machine-to-machine transaction.

The fix: HTTP 402, revived

x402 turns the long-dormant HTTP 402 "Payment Required" status into a real payment rail. The service answers an unpaid call with 402 and a price; the agent signs a USDC payment with its wallet (EIP-3009) and retries. The signature is auth and payment — so there's nothing to sign up for and no key to manage.

The flow: 402 → sign → 200

# 1) Unpaid request → 402 with the price.
curl -i -X POST https://true402.dev/api/v1/token-safety -d '{"token":"0x…"}'
HTTP/1.1 402 Payment Required
{ "accepts": [{ "scheme":"exact", "network":"eip155:8453",
                "asset":"0x833589…USDC", "amount":"5000" }] }   # $0.005

# 2) Agent signs an EIP-3009 USDC authorization and retries with X-PAYMENT.
curl -X POST https://true402.dev/api/v1/token-safety \
  -H "X-PAYMENT: <base64 signed authorization>" -d '{"token":"0x…"}'
HTTP/1.1 200 OK   # the result — no account, no API key
Enter fullscreen mode Exit fullscreen mode

What it unlocks

No sign-up, no API key, no KYC, no rate-limit tier. The agent pays a few hundredths of a cent when it needs an answer and nothing when it doesn't. Gas is sponsored by the facilitator, so the wallet only needs a little USDC on Base. And because services publish machine-readable surfaces (OpenAPI, MCP, llms.txt), an agent can find and pay for one with no human integration step.

Client libraries (x402-fetch, x402-axios) automate the sign-and-retry. Or skip HTTP entirely and use an MCP server so the paid call shows up as a native tool in Claude, Cursor, or any MCP client.

A live example

true402 is an x402 marketplace of agent-payable tools on Base — on-chain token safety (rug/honeypot checks with a real buy/sell simulation), DeFi signals, web/SEO audits, and LLM inference, each $0.001–$0.015 per call, no key. Try one with zero setup:

npx @true402.dev/rugcheck 0x<any-base-token>   # free to try, no wallet needed
Enter fullscreen mode Exit fullscreen mode

FAQ

How can an AI agent pay for an API without an API key?
With x402. Instead of a pre-issued key tied to a human account, the service answers an unpaid request with HTTP 402 and a price; the agent signs a USDC payment with its own wallet and retries. The wallet signature is both authentication and payment.

Why are API keys a poor fit for autonomous agents?
Keys assume a human signed up, entered a card, and manages the secret. An agent has none of that — it has a wallet. Keys also mean tiers to negotiate, secrets to store and rotate, and a billing relationship per provider. Pay-per-call removes all of it.

What does an agent need to pay over x402?
A wallet holding a little USDC on the chain the service settles on (commonly Base). Gas is typically sponsored by the facilitator via EIP-3009, so the wallet needs only USDC, not ETH.

Top comments (0)