<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: FiatDock</title>
    <description>The latest articles on DEV Community by FiatDock (@fiatdock).</description>
    <link>https://dev.to/fiatdock</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3980352%2F37c07b3a-96f0-491a-8362-1e5db07e80e4.png</url>
      <title>DEV Community: FiatDock</title>
      <link>https://dev.to/fiatdock</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/fiatdock"/>
    <language>en</language>
    <item>
      <title>Migrating to x402 v2: what actually changed (and the traps nobody documents)</title>
      <dc:creator>FiatDock</dc:creator>
      <pubDate>Fri, 12 Jun 2026 10:24:09 +0000</pubDate>
      <link>https://dev.to/fiatdock/migrating-to-x402-v2-what-actually-changed-and-the-traps-nobody-documents-46k3</link>
      <guid>https://dev.to/fiatdock/migrating-to-x402-v2-what-actually-changed-and-the-traps-nobody-documents-46k3</guid>
      <description>&lt;p&gt;We run &lt;a href="https://fiatdock.com" rel="noopener noreferrer"&gt;FiatDock&lt;/a&gt; — a non-custodial USDC ↔ bank on/off-ramp where AI agents pay $0.05 per call over x402. This week we migrated the whole stack (Express server, fetch client, MCP server) from x402 v1 to protocol v2. It took an evening, killed all 24 of our transitive npm vulnerabilities, and almost none of it was documented anywhere. Here is the map we wish we'd had.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. v2 is not an upgrade — it's a different scope
&lt;/h2&gt;

&lt;p&gt;The packages you're using (&lt;code&gt;x402-express&lt;/code&gt;, &lt;code&gt;x402-fetch&lt;/code&gt;, &lt;code&gt;x402&lt;/code&gt;) are the &lt;strong&gt;v1 line and they stop at 1.2.0&lt;/strong&gt;. There is no v2 of them. Protocol v2 lives under the &lt;strong&gt;&lt;code&gt;@x402&lt;/code&gt; scope&lt;/strong&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;rm &lt;/span&gt;x402-express x402-fetch
npm i @x402/express @x402/fetch @x402/evm @x402/core
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;@coinbase/x402&lt;/code&gt; is a separate CDP-flavoured package — not the core.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Trap:&lt;/strong&gt; &lt;code&gt;@x402/express&lt;/code&gt; has an optional peer dependency on &lt;code&gt;@x402/paywall&lt;/code&gt;. Do &lt;strong&gt;not&lt;/strong&gt; install it unless you want the browser paywall UI — it pulls wagmi/walletconnect/solana, which is the exact dependency jungle (and the &lt;code&gt;uuid&lt;/code&gt;/&lt;code&gt;ws&lt;/code&gt; vulnerabilities) you're escaping by leaving v1.&lt;/p&gt;

&lt;h2&gt;
  
  
  2. The server side: resource server + scheme registration
&lt;/h2&gt;

&lt;p&gt;v1's one-liner becomes explicit wiring — and you gain discovery metadata per route:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;paymentMiddleware&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;x402ResourceServer&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/express&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;ExactEvmScheme&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/evm/exact/server&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;HTTPFacilitatorClient&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/core/server&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;facilitator&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nc"&gt;HTTPFacilitatorClient&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="na"&gt;url&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;https://x402.org/facilitator&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;});&lt;/span&gt;
&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;server&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nf"&gt;x402ResourceServer&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;facilitator&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
  &lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;register&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;eip155:84532&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nc"&gt;ExactEvmScheme&lt;/span&gt;&lt;span class="p"&gt;());&lt;/span&gt;

&lt;span class="nx"&gt;app&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;use&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;paymentMiddleware&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt;
  &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;POST /v1/offramp/session&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="na"&gt;accepts&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="na"&gt;scheme&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;exact&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;price&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;$0.05&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;network&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;eip155:84532&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;payTo&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;PAY_TO&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="na"&gt;description&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;Sell agent USDC to fiat in the owner's bank account&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="na"&gt;mimeType&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;application/json&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="na"&gt;serviceName&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;FiatDock&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="na"&gt;tags&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;offramp&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;usdc&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
  &lt;span class="p"&gt;},&lt;/span&gt;
&lt;span class="p"&gt;},&lt;/span&gt; &lt;span class="nx"&gt;server&lt;/span&gt;&lt;span class="p"&gt;));&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Three things to notice:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Networks are CAIP-2 now.&lt;/strong&gt; &lt;code&gt;base-sepolia&lt;/code&gt; → &lt;code&gt;eip155:84532&lt;/code&gt;, &lt;code&gt;base&lt;/code&gt; → &lt;code&gt;eip155:8453&lt;/code&gt;. Keep a friendly-name map if your env files say &lt;code&gt;base-sepolia&lt;/code&gt;.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The facilitator URL did not change.&lt;/strong&gt; &lt;code&gt;https://x402.org/facilitator&lt;/code&gt; serves v2 (&lt;code&gt;/supported&lt;/code&gt;, &lt;code&gt;/verify&lt;/code&gt;, &lt;code&gt;/settle&lt;/code&gt;) behind a 308 redirect. The &lt;code&gt;facilitator.x402.org&lt;/code&gt; host you'll see in some READMEs does not resolve.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The middleware must sync supported kinds at startup&lt;/strong&gt; (the last &lt;code&gt;paymentMiddleware&lt;/code&gt; arg). Without it, even &lt;em&gt;issuing a challenge&lt;/em&gt; fails with &lt;code&gt;Facilitator does not support exact on eip155:84532&lt;/code&gt;. Your offline tests now need network access — plan for it.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  3. The 402 challenge moved into a header
&lt;/h2&gt;

&lt;p&gt;v1 put payment requirements in the JSON body. &lt;strong&gt;v2 402 responses have an empty body&lt;/strong&gt;; the challenge is base64 JSON in the &lt;code&gt;PAYMENT-REQUIRED&lt;/code&gt; header:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;challenge&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;JSON&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;parse&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;atob&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;headers&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;payment-required&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)));&lt;/span&gt;
&lt;span class="c1"&gt;// { x402Version: 2, resource: {...}, accepts: [{ scheme, network, amount, asset, payTo, ... }] }&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If you surface 402s to agents (we decode them into MCP tool errors), update that path — your users will otherwise see &lt;code&gt;{}&lt;/code&gt; and file confused issues.&lt;/p&gt;

&lt;h2&gt;
  
  
  4. The client side: schemes, not signers
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;wrapFetchWithPaymentFromConfig&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/fetch&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;ExactEvmScheme&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/evm&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;privateKeyToAccount&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;viem/accounts&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;payFetch&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;wrapFetchWithPaymentFromConfig&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;fetch&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="na"&gt;schemes&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[{&lt;/span&gt; &lt;span class="na"&gt;network&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;eip155:*&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;client&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nc"&gt;ExactEvmScheme&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;privateKeyToAccount&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;KEY&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt; &lt;span class="p"&gt;}],&lt;/span&gt;
&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The &lt;code&gt;eip155:*&lt;/code&gt; wildcard means the client follows whatever EVM network the server's challenge names — our testnet→mainnet switch later requires zero client changes.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. Free bonus: Bazaar discovery
&lt;/h2&gt;

&lt;p&gt;v2 has a first-class discovery story. Register the extension and your paid routes get catalogued by the facilitator (which is what indexers like x402scan and the x402 Bazaar read):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;bazaarResourceServerExtension&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;declareDiscoveryExtension&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;@x402/extensions&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="nx"&gt;server&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;registerExtension&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;bazaarResourceServerExtension&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="c1"&gt;// per route: extensions: declareDiscoveryExtension({ method: "POST", input: {...}, inputSchema: {...}, bodyType: "json", output: { example: {...} } })&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is also the v2 answer to the old &lt;code&gt;outputSchema.output&lt;/code&gt; field scanners used to ask for.&lt;/p&gt;

&lt;h2&gt;
  
  
  6. Did it work?
&lt;/h2&gt;

&lt;p&gt;We verified the full handshake against the real facilitator with an unfunded throwaway key: challenge → parse → sign → retry with &lt;code&gt;X-PAYMENT&lt;/code&gt; → facilitator verify. The only rejection was &lt;code&gt;invalid_exact_evm_insufficient_balance&lt;/code&gt; — i.e. the wire format was accepted end to end.&lt;/p&gt;

&lt;p&gt;And &lt;code&gt;npm audit&lt;/code&gt;: &lt;strong&gt;24 moderate → 0&lt;/strong&gt;, in both the server and our published MCP package (&lt;a href="https://www.npmjs.com/package/fiatdock-mcp" rel="noopener noreferrer"&gt;&lt;code&gt;fiatdock-mcp&lt;/code&gt;&lt;/a&gt;).&lt;/p&gt;




&lt;p&gt;&lt;em&gt;FiatDock is machine-first: &lt;a href="https://fiatdock.com/llms.txt" rel="noopener noreferrer"&gt;llms.txt&lt;/a&gt; · &lt;a href="https://fiatdock.com/openapi.json" rel="noopener noreferrer"&gt;OpenAPI&lt;/a&gt; · MCP &lt;code&gt;npx fiatdock-mcp&lt;/code&gt; · &lt;a href="https://github.com/fiatdock/fiatdock" rel="noopener noreferrer"&gt;source mirror&lt;/a&gt;. If your agent earns USDC and you want it in a bank account, that's literally our whole product.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>x402</category>
      <category>mcp</category>
      <category>ai</category>
      <category>payments</category>
    </item>
    <item>
      <title>How my AI agent cashes out its USDC earnings to a bank account</title>
      <dc:creator>FiatDock</dc:creator>
      <pubDate>Fri, 12 Jun 2026 02:03:42 +0000</pubDate>
      <link>https://dev.to/fiatdock/how-my-ai-agent-cashes-out-its-usdc-earnings-to-a-bank-account-3a8b</link>
      <guid>https://dev.to/fiatdock/how-my-ai-agent-cashes-out-its-usdc-earnings-to-a-bank-account-3a8b</guid>
      <description>&lt;p&gt;My agent earns USDC. It sells API calls priced with &lt;a href="https://www.x402.org" rel="noopener noreferrer"&gt;x402&lt;/a&gt;, so tiny payments accumulate in its wallet. Which eventually raises the unglamorous question every "agents earning money" demo skips: &lt;strong&gt;how does that USDC become money a human can spend at a supermarket?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Here is the pattern I landed on. It needs no exchange account for the agent, no API keys, and — importantly — nobody in the middle ever holds the funds.&lt;/p&gt;

&lt;h2&gt;
  
  
  The constraint that shapes everything
&lt;/h2&gt;

&lt;p&gt;Whatever converts crypto to fiat is regulated activity (KYC/AML, custody, payments). An autonomous agent can't and shouldn't do that part. So the design splits cleanly:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;The agent&lt;/strong&gt; handles quotes, session creation, payment of fees, and status tracking — all machine-to-machine.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A licensed provider&lt;/strong&gt; (Transak, in this case) does the conversion, the KYC, and the custody.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The human owner&lt;/strong&gt; confirms the final transfer once per session, and completes KYC exactly once, ever.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The service tying these together is &lt;a href="https://fiatdock.com" rel="noopener noreferrer"&gt;FiatDock&lt;/a&gt; — a thin technology layer that never touches funds. One rule is binding and worth stating up front: &lt;strong&gt;the wallet sending USDC and the bank account receiving fiat must belong to the same person — the agent's owner.&lt;/strong&gt; No third-party funds, no aggregation, no P2P.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1 — the agent checks the rate (free)
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="s2"&gt;"https://fiatdock.com/v1/quote?side=SELL&amp;amp;cryptoAmount=50"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;No auth, no signup. The response itemises every fee (including the service's 1% commission) and the exact amount that lands in the bank account. My agent calls this before deciding whether cashing out now is worth it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 2 — the agent pays for a session with x402
&lt;/h2&gt;

&lt;p&gt;Paid endpoints don't use API keys. An unpaid request returns HTTP &lt;strong&gt;402&lt;/strong&gt; with exact payment requirements — asset, network, amount ($0.05 USDC), and the address. The agent signs the payment from its own wallet and retries:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;wrapFetchWithPayment&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;x402-fetch&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;privateKeyToAccount&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;viem/accounts&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;payFetch&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;wrapFetchWithPayment&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;fetch&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nf"&gt;privateKeyToAccount&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;process&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;env&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;AGENT_PRIVATE_KEY&lt;/span&gt;&lt;span class="p"&gt;));&lt;/span&gt;
&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;payFetch&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;https://fiatdock.com/v1/offramp/session&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="na"&gt;method&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;POST&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="na"&gt;headers&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;content-type&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;application/json&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
  &lt;span class="na"&gt;body&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;JSON&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;stringify&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="na"&gt;cryptoAmount&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;50&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;email&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;owner@example.com&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;customerId&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;"&lt;/span&gt;&lt;span class="s2"&gt;agent-1&lt;/span&gt;&lt;span class="dl"&gt;"&lt;/span&gt; &lt;span class="p"&gt;}),&lt;/span&gt;
&lt;span class="p"&gt;});&lt;/span&gt;
&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;checkoutUrl&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;partnerOrderId&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;json&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Payment, authentication, and rate-limiting collapse into one signed transfer. That's the whole x402 trick, and it's why this works for agents that can't fill out a signup form.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 3 — hand the human the link
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;checkoutUrl&lt;/code&gt; is single-use and valid about five minutes. My agent just messages it to me. I open it, the licensed provider runs KYC (first time only — afterwards it remembers), and I confirm. USDC goes from the wallet straight to the provider; EUR lands in my bank account. The agent never saw a bank credential, and FiatDock never held a cent.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 4 — the agent confirms completion
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl https://fiatdock.com/v1/orders/&lt;span class="nv"&gt;$ORDER_ID&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Or pass a &lt;code&gt;callbackUrl&lt;/code&gt; in step 2 and verify the &lt;code&gt;X-FiatDock-Signature&lt;/code&gt; HMAC header on each push. Either way the agent knows when the money arrived and goes back to work.&lt;/p&gt;

&lt;h2&gt;
  
  
  The reverse direction — topping up the agent (on-ramp)
&lt;/h2&gt;

&lt;p&gt;The same pattern works the other way when the agent needs working capital. &lt;code&gt;POST /v1/onramp/session&lt;/code&gt; (also $0.05 via x402) creates a top-up session with the &lt;strong&gt;destination locked to the agent's own wallet address&lt;/strong&gt;; the owner opens the checkout link, pays EUR from their own bank or card, and USDC lands in the agent's wallet. Quotes for this direction are the same free call with &lt;code&gt;side=BUY&lt;/code&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="s2"&gt;"https://fiatdock.com/v1/quote?side=BUY&amp;amp;fiatAmount=100"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;One flow out, one flow in — and the same binding rule in both directions: the fiat side is always the owner's own account, the crypto side is the owner's agent wallet. Nothing crosses between strangers.&lt;/p&gt;

&lt;h2&gt;
  
  
  If your agent speaks MCP, it's even shorter
&lt;/h2&gt;

&lt;p&gt;The whole flow above is wrapped in four MCP tools (&lt;code&gt;get_quote&lt;/code&gt;, &lt;code&gt;create_offramp_session&lt;/code&gt;, &lt;code&gt;create_onramp_session&lt;/code&gt;, &lt;code&gt;get_order_status&lt;/code&gt;):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"mcpServers"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"fiatdock"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"command"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"npx"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"args"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"-y"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"fiatdock-mcp"&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"env"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"AGENT_PRIVATE_KEY"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"0x..."&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That config works as-is in Claude Desktop, Cursor, Windsurf, and Gemini CLI; there's a remote endpoint (&lt;code&gt;https://fiatdock.com/mcp&lt;/code&gt;) for zero-install hosts, and a &lt;a href="https://fiatdock.com/tools.json" rel="noopener noreferrer"&gt;tools.json&lt;/a&gt; with OpenAI/Gemini function-calling schemas if you're not using MCP at all. It's in the official MCP Registry as &lt;code&gt;com.fiatdock/fiatdock-mcp&lt;/code&gt;. Per-client configs live in &lt;a href="https://github.com/fiatdock/fiatdock/blob/main/docs/INTEGRATIONS.md" rel="noopener noreferrer"&gt;INTEGRATIONS.md&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Honest limitations
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Eligibility: 18+, Portugal + Transak-supported EU/EEA countries — &lt;strong&gt;not&lt;/strong&gt; the UK or restricted jurisdictions (&lt;a href="https://fiatdock.com/terms" rel="noopener noreferrer"&gt;full list&lt;/a&gt;). The restrictions come from the licensed provider's coverage.&lt;/li&gt;
&lt;li&gt;Quotes are indicative; crypto is volatile; none of this is investment advice.&lt;/li&gt;
&lt;li&gt;The human stays in the loop by design. That's a feature, not a missing automation — it's what keeps the whole thing compliant.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Everything is documented machine-first if you want to point your own agent at it and let it figure things out: &lt;a href="https://fiatdock.com/llms.txt" rel="noopener noreferrer"&gt;llms.txt&lt;/a&gt; · &lt;a href="https://fiatdock.com/openapi.json" rel="noopener noreferrer"&gt;OpenAPI&lt;/a&gt; · &lt;a href="https://github.com/fiatdock/fiatdock" rel="noopener noreferrer"&gt;repo&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>mcp</category>
      <category>web3</category>
      <category>payments</category>
    </item>
  </channel>
</rss>
