DEV Community: Kenzo ARAI The latest articles on DEV Community by Kenzo ARAI (@rascal3). https://dev.to/rascal3 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3897516%2F75281ef9-4a56-4c44-bbfc-75235956a9a1.jpeg DEV Community: Kenzo ARAI https://dev.to/rascal3 en Shipping x402 USDC Payments to Base + Solana Mainnet for an MCP Server Kenzo ARAI Sat, 25 Apr 2026 13:22:00 +0000 https://dev.to/rascal3/shipping-x402-usdc-payments-to-base-solana-mainnet-for-an-mcp-server-3a6o https://dev.to/rascal3/shipping-x402-usdc-payments-to-base-solana-mainnet-for-an-mcp-server-3a6o <p>Last week, ChainAnalyzer (a multi-chain blockchain AML platform) crossed<br><br> three milestones in five days:</p> <ul> <li>✅ Merged into <a href="https://github.com/punkpeye/awesome-mcp-servers" rel="noopener noreferrer">awesome-mcp-servers</a> </li> <li>✅ Earned a <strong>AAA score</strong> on <a href="https://glama.ai/mcp/servers/rascal-3/chainanalyzer-mcp" rel="noopener noreferrer">Glama MCP Directory</a> </li> <li>✅ Switched x402 from testnet to <strong>Base + Solana mainnet</strong> via the Coinbase CDP Facilitator</li> </ul> <p>This post is a brain-dump of how each piece fits together for anyone<br> building an MCP server with native crypto micropayments.</p> <h2> What is x402? </h2> <p>x402 is an HTTP 402 micropayment protocol from Coinbase. The flow:</p> <ol> <li>Client calls a paid endpoint without payment headers</li> <li>Server returns <code>HTTP 402 Payment Required</code> with a JSON body listing accepted networks, prices, and recipient addresses</li> <li>Client signs a USDC transfer matching one of the requirements</li> <li>Client retries with <code>X-PAYMENT: &lt;signed payload&gt;</code> header</li> <li>Server verifies via the <em>facilitator</em> and returns 200 with the result</li> </ol> <p>This makes per-request billing trivial for AI agents — no API key<br><br> provisioning, no subscription forms.</p> <h2> What is MCP? </h2> <p><a href="https://modelcontextprotocol.io" rel="noopener noreferrer">Model Context Protocol</a> is Anthropic's<br><br> standard for letting LLMs call tools. Any MCP-compatible client (Claude<br><br> Desktop, Claude Code, ChatGPT, Cursor, Cline, Windsurf) can use any MCP<br><br> server through a single config file.</p> <h2> Combining the two </h2> <p>Our <code>chainanalyzer-mcp</code> package wraps six tools:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Price (USDC)</th> </tr> </thead> <tbody> <tr> <td><code>check_address_risk</code></td> <td>$0.008</td> </tr> <tr> <td><code>sanctions_check</code></td> <td>$0.003</td> </tr> <tr> <td><code>trace_transaction</code></td> <td>$0.015</td> </tr> <tr> <td><code>detect_coinjoin</code></td> <td>$0.01</td> </tr> <tr> <td><code>cluster_wallet</code></td> <td>$0.02</td> </tr> <tr> <td><code>batch_screening</code></td> <td>$0.05</td> </tr> </tbody> </table></div> <p>Install:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx <span class="nt">-y</span> chainanalyzer-mcp </code></pre> </div> <p>Or add to <code>claude_desktop_config.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"chainanalyzer"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"-y"</span><span class="p">,</span><span class="w"> </span><span class="s2">"chainanalyzer-mcp"</span><span class="p">],</span><span class="w"> </span><span class="nl">"env"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"X402_WALLET_PRIVATE_KEY"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0x..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <code>X402_WALLET_PRIVATE_KEY</code> is your <em>spender</em> wallet — the agent uses<br><br> it to sign USDC transfers. If you'd rather pay by subscription, set<br> <code>CHAINANALYZER_API_KEY=tfk_...</code> instead.</p> <h2> Server-side: x402 on FastAPI </h2> <p>We use a custom middleware (intentionally — we wanted full control over<br><br> the Bazaar metadata + bilingual error responses). The core verification<br> flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">_verify_payment</span><span class="p">(</span><span class="n">payment</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">config</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">auth_token</span> <span class="o">=</span> <span class="nf">_generate_cdp_jwt</span><span class="p">(</span> <span class="n">method</span><span class="o">=</span><span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="sh">"</span><span class="s">api.cdp.coinbase.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="sh">"</span><span class="s">/platform/v2/x402/verify</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">}</span> <span class="k">if</span> <span class="n">auth_token</span><span class="p">:</span> <span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">auth_token</span><span class="si">}</span><span class="sh">"</span> <span class="k">async</span> <span class="k">with</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">()</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">FACILITATOR_URL</span><span class="si">}</span><span class="s">/verify</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">payment</span><span class="sh">"</span><span class="p">:</span> <span class="n">payment</span><span class="p">,</span> <span class="sh">"</span><span class="s">requirements</span><span class="sh">"</span><span class="p">:</span> <span class="p">{...}},</span> <span class="p">)</span> <span class="k">return</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">().</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">valid</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">)</span> </code></pre> </div> <p>The CDP facilitator wants an Ed25519 JWT signed with the API key from<br><br> the <a href="https://portal.cdp.coinbase.com" rel="noopener noreferrer">CDP portal</a>. The portal hands you<br><br> a base64-encoded private key — sign with <code>cryptography</code> + <code>PyJWT</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">base64</span><span class="p">,</span> <span class="n">time</span><span class="p">,</span> <span class="n">uuid</span><span class="p">,</span> <span class="n">jwt</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.asymmetric.ed25519</span> <span class="kn">import</span> <span class="n">Ed25519PrivateKey</span> <span class="k">def</span> <span class="nf">_generate_cdp_jwt</span><span class="p">(</span><span class="n">method</span><span class="p">,</span> <span class="n">host</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span> <span class="n">seed</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">CDP_API_KEY_SECRET</span><span class="p">)[:</span><span class="mi">32</span><span class="p">]</span> <span class="n">sk</span> <span class="o">=</span> <span class="n">Ed25519PrivateKey</span><span class="p">.</span><span class="nf">from_private_bytes</span><span class="p">(</span><span class="n">seed</span><span class="p">)</span> <span class="n">now</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">())</span> <span class="k">return</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span> <span class="p">{</span> <span class="sh">"</span><span class="s">iss</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">cdp</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="n">CDP_API_KEY_ID</span><span class="p">,</span> <span class="sh">"</span><span class="s">nbf</span><span class="sh">"</span><span class="p">:</span> <span class="n">now</span><span class="p">,</span> <span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="n">now</span> <span class="o">+</span> <span class="mi">120</span><span class="p">,</span> <span class="sh">"</span><span class="s">uri</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">method</span><span class="p">.</span><span class="nf">upper</span><span class="p">()</span><span class="si">}</span><span class="s"> </span><span class="si">{</span><span class="n">host</span><span class="si">}{</span><span class="n">path</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="n">sk</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="sh">"</span><span class="s">EdDSA</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">kid</span><span class="sh">"</span><span class="p">:</span> <span class="n">CDP_API_KEY_ID</span><span class="p">,</span> <span class="sh">"</span><span class="s">nonce</span><span class="sh">"</span><span class="p">:</span> <span class="n">uuid</span><span class="p">.</span><span class="nf">uuid4</span><span class="p">().</span><span class="nb">hex</span><span class="p">},</span> <span class="p">)</span> </code></pre> </div> <p>That's all. Mainnet billing is now live.</p> <h2> Bazaar / Agentic.Market auto-discovery </h2> <p>Coinbase's Bazaar crawler picks up x402 services automatically if your<br> 402 response and <code>/services.json</code> manifest carry the right metadata:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">ROUTE_CONFIG</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">GET /api/v1/x402/address/*/risk-score</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">$0.008</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">AML risk score (5 chains, 76+ detectors)</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">bazaar</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">discoverable</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tags</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">aml</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">compliance</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk-score</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">blockchain</span><span class="sh">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="c1"># ... 5 more routes </span><span class="p">}</span> </code></pre> </div> <p>Then expose <code>services.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/services.json</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">x402_services_manifest</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">chainanalyzer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ChainAnalyzer AML API</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">x402Version</span><span class="sh">"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="sh">"</span><span class="s">networks</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">base</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">solana</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">endpoints</span><span class="sh">"</span><span class="p">:</span> <span class="p">[...],</span> <span class="p">}</span> </code></pre> </div> <p>Bazaar requests this manifest with an empty body, validates the 402<br><br> response shape, and indexes the service. End users then find your API<br><br> on agentic.market without you submitting anything by hand.</p> <h2> Discoverability checklist </h2> <p>If you're building an MCP server that wants to be findable by agents<br><br> <em>and</em> humans, here's what we did (most of it transferable to any service):</p> <ol> <li> <strong><code>/llms.txt</code> + <code>/llms-full.txt</code></strong> — the <a href="https://llmstxt.org" rel="noopener noreferrer">llmstxt.org</a> convention. AI crawlers (Claude, GPT, Mistral, Perplexity) pick this up to summarize your product.</li> <li> <strong><code>/.well-known/ai-plugin.json</code></strong> — older but ChatGPT custom GPTs still read it.</li> <li> <strong><code>robots.txt</code></strong> — explicit <code>Allow:</code> for <code>GPTBot</code>, <code>ClaudeBot</code>, <code>PerplexityBot</code>, <code>Google-Extended</code>, <code>Applebot-Extended</code>. Don't rely on <code>User-agent: *</code>.</li> <li> <strong>JSON-LD <code>Service</code> / <code>SoftwareApplication</code></strong> schema on key pages — AI Overview / Bing Copilot read these.</li> <li> <strong>IndexNow API</strong> — pings Bing/Yandex/Naver/Seznam in one HTTP call. Google ignores it but the cascade picks up.</li> <li> <strong>awesome-* GitHub lists</strong> — submit a PR. Surprisingly high CTR.</li> <li> <strong>Glama MCP Directory</strong> — submit your MCP server, then add a <code>Dockerfile</code> to score AAA on security/license/quality.</li> <li> <strong>MCP Registry</strong> — official registry at registry.modelcontextprotocol.io. Submit <code>mcp.json</code> via PR.</li> </ol> <h2> What's next </h2> <p>We're investigating Stripe's <a href="https://docs.stripe.com/payments/machine/mpp" rel="noopener noreferrer">Machine Payments Protocol</a><br><br> as a parallel rail (cards via Shared Payment Token + Tempo crypto), so<br><br> customers without a crypto wallet can still pay per request.</p> <p>If you're shipping an MCP server and want to compare notes — drop a<br><br> comment or hit me on <a href="https://www.linkedin.com/posts/kenzo-arai-d_mcp-server-launched-call-chainanalyzer-share-7451274705354907648-dmF7?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAACH0GxIBTlmp61nI3EaRcOYEmeekwneTQ4g" rel="noopener noreferrer">LinkedIn</a>.</p> <p><em>Originally posted at <a href="https://chain-analyzer.com/news/mcp-server-launched" rel="noopener noreferrer">chain-analyzer.com</a>.</em></p> mcp ai blockchain x402