Originally published at true402.dev/guides/how-ai-agents-pay-for-apis-x402.
An autonomous agent can't sign up for an account or paste in a credit card — but it has a wallet. The x402 protocol lets it pay for any API per call, with no key, no account, and no human in the loop. Here's how it works.
The problem: API keys assume a human
An API key presumes someone signed up, entered a card, and manages the secret — plus rate-limit tiers, key rotation, and a billing relationship per provider. None of that fits software that runs on its own. For an autonomous agent, every keyed API is a human-shaped bottleneck in front of an otherwise machine-to-machine transaction.
The fix: HTTP 402, revived
x402 turns the long-dormant HTTP 402 "Payment Required" status into a real payment rail. The service answers an unpaid call with 402 and a price; the agent signs a USDC payment with its wallet (EIP-3009) and retries. The signature is auth and payment — so there's nothing to sign up for and no key to manage.
The flow: 402 → sign → 200
# 1) Unpaid request → 402 with the price.
curl -i -X POST https://true402.dev/api/v1/token-safety -d '{"token":"0x…"}'
HTTP/1.1 402 Payment Required
{ "accepts": [{ "scheme":"exact", "network":"eip155:8453",
"asset":"0x833589…USDC", "amount":"5000" }] } # $0.005
# 2) Agent signs an EIP-3009 USDC authorization and retries with X-PAYMENT.
curl -X POST https://true402.dev/api/v1/token-safety \
-H "X-PAYMENT: <base64 signed authorization>" -d '{"token":"0x…"}'
HTTP/1.1 200 OK # the result — no account, no API key
What it unlocks
No sign-up, no API key, no KYC, no rate-limit tier. The agent pays a few hundredths of a cent when it needs an answer and nothing when it doesn't. Gas is sponsored by the facilitator, so the wallet only needs a little USDC on Base. And because services publish machine-readable surfaces (OpenAPI, MCP, llms.txt), an agent can find and pay for one with no human integration step.
Client libraries (x402-fetch, x402-axios) automate the sign-and-retry. Or skip HTTP entirely and use an MCP server so the paid call shows up as a native tool in Claude, Cursor, or any MCP client.
A live example
true402 is an x402 marketplace of agent-payable tools on Base — on-chain token safety (rug/honeypot checks with a real buy/sell simulation), DeFi signals, web/SEO audits, and LLM inference, each $0.001–$0.015 per call, no key. Try one with zero setup:
npx @true402.dev/rugcheck 0x<any-base-token> # free to try, no wallet needed
FAQ
How can an AI agent pay for an API without an API key?
With x402. Instead of a pre-issued key tied to a human account, the service answers an unpaid request with HTTP 402 and a price; the agent signs a USDC payment with its own wallet and retries. The wallet signature is both authentication and payment.
Why are API keys a poor fit for autonomous agents?
Keys assume a human signed up, entered a card, and manages the secret. An agent has none of that — it has a wallet. Keys also mean tiers to negotiate, secrets to store and rotate, and a billing relationship per provider. Pay-per-call removes all of it.
What does an agent need to pay over x402?
A wallet holding a little USDC on the chain the service settles on (commonly Base). Gas is typically sponsored by the facilitator via EIP-3009, so the wallet needs only USDC, not ETH.
Top comments (0)