This week, x402 had its biggest week yet. World launched AgentKit to give AI agents human-backed identity via x402. AWS published a full reference architecture for agentic payments on x402. Jensen Huang's GTC remarks sent AI agent tokens surging. And an academic paper (A402) proposed improvements to x402's atomicity model.
Everyone is talking about x402. Very few people have actually built on it.
We have. Here's what we learned.
What we built
Strale is a trust layer for AI agents — 256 independently tested capabilities accessible via MCP and REST API. We exposed five of those capabilities behind x402 routes so that agents with wallets can pay per request using USDC on Base, with no API key, no account, no subscription.
The five capabilities behind x402 today:
-
iban-validate— validate IBAN structure and extract bank details -
vat-format-validate— check EU VAT number formatting -
paid-api-preflight— verify a paid endpoint before your agent spends money -
ssl-check— certificate chain validation -
sanctions-check— screen names against consolidated sanctions lists
The handshake in practice
The x402 flow looks elegant in spec diagrams. In practice, it's three HTTP round trips:
Request 1: The agent tries to access a resource.
GET /x402/iban-validate?iban=DE89370400440532013000
Response: 402 with payment instructions.
HTTP/1.1 402 Payment Required
X-Payment-Required: true
X-Payment-Amount: 0.001
X-Payment-Currency: USDC
X-Payment-Network: base
X-Payment-Recipient: 0x...
The agent reads these headers, evaluates the cost, and decides whether to pay. This is where trust matters — more on that below.
Request 2: The agent pays on-chain and resubmits with proof.
GET /x402/iban-validate?iban=DE89370400440532013000
X-Payment: <signed payment proof>
Response: 200 with the actual data.
{
"valid": true,
"country": "DE",
"bank_code": "37040044",
"bank_name": "Commerzbank"
}
That's it. No API key exchange. No account creation. No subscription management. The agent discovered a service, paid for it, and got a result — all within standard HTTP.
What surprised us
1. The trust gap is real
The biggest unsolved problem in x402 isn't payments — it's trust. An agent discovers an endpoint that returns 402. How does it know the service is legitimate? That the endpoint will actually return useful data after payment? That the price is fair?
Right now, there's no standard answer. This is exactly why we built paid-api-preflight — a €0.02 check that validates an endpoint before your agent commits funds. It checks reachability, SSL, response time, and whether the payment handshake headers are properly formed. Returns a simple proceed / caution / avoid recommendation.
World's AgentKit announcement this week addresses the identity side of trust: proving there's a real human behind the agent. But there's an equally important question on the provider side: proving the service is worth paying for. Quality scoring, uptime history, independent test results — that's what we're building at Strale.
2. Payment verification is the hard part
Our current implementation uses a stub for payment verification — any X-Payment header returns results. Getting real verification working means funding a Base wallet, integrating the @x402/hono middleware, and handling on-chain settlement. The protocol spec is clean, but the operational overhead of running an on-chain payment verifier is nontrivial for a small team.
We're being transparent about this because we think the ecosystem benefits from honest status reports, not just launch announcements.
3. Header parsing needs to be defensive
Different x402 implementations format the PAYMENT-REQUIRED headers slightly differently. Some use the X-Payment-* prefix pattern. Others embed a JSON blob in a single WWW-Authenticate header. Our gateway handles both, but if you're building a client, don't assume consistency across providers yet — the spec is still solidifying.
4. MCP and x402 are complementary, not competing
MCP (Model Context Protocol) gives agents a way to discover and call tools. x402 gives agents a way to pay for tools. We run both: our MCP server at api.strale.io/mcp lets agents browse 256 capabilities, and our x402 routes let agents pay for a subset of them without any credentials.
The developer experience we're aiming for: an agent discovers a capability via MCP, checks its quality score, runs a pre-flight check, and if everything looks good, pays via x402 and gets the result. Discovery → trust → payment → execution, all automated.
What's still missing in the ecosystem
Standardized quality signals. Before an agent pays, it should be able to check an endpoint's reliability score, recent uptime, and test results. We publish this data through our Trust API, but there's no ecosystem-wide standard for it yet.
Provider discovery. x402scan.com is emerging as a directory, but agents need machine-readable discovery — not a website to browse. MCP catalogs are one piece. A402's proposed service channels could be another.
Dispute resolution. What happens when an agent pays and the service returns garbage? x402 v2 doesn't address this. A402's paper proposes atomic service channels with TEE-assisted verification, which is interesting but adds significant complexity.
Cross-protocol interop. L402 (Lightning), x402 (Base/Solana), and MPP (Stripe/Tempo) all use HTTP 402 but with different header formats and payment flows. Our paid-api-preflight capability normalizes across all three, but the ecosystem would benefit from a shared discovery format.
Getting started
If you want to try Strale's x402 endpoints:
# This will return 402 with payment headers
curl -i https://api.strale.io/x402/iban-validate?iban=DE89370400440532013000
For MCP access (no wallet needed, uses API key billing):
{
"mcpServers": {
"strale": {
"type": "streamableHttp",
"url": "https://api.strale.io/mcp"
}
}
}
Search and browse are free. Execution requires an API key from strale.dev — new accounts get €2.00 in trial credits.
What's next
We're watching the x402 ecosystem closely. Our open PRs on awesome-x402 and x402.org are awaiting review. Once real Base wallet settlement is live, we'll have one of the first independently quality-scored x402 service providers.
The agentic economy needs more than payment rails. It needs trust infrastructure. Payments solve how agents pay. Trust solves whether they should.
Strale provides 256 independently tested data capabilities across 27 countries, each with a published quality score. Accessible via MCP and REST API.
Top comments (0)