HTTP 402-native payment protocol
An open protocol led by Coinbase that re-purposes HTTP 402 Payment Required to put stablecoin settlement directly into API and content access. AI-agent autonomous payment is the headline use case.
Definition
x402 puts the HTTP 402 Payment Required status code into production duty. A client GETs a protected resource; the server returns 402 with payment requirements (amount, currency, recipient, facilitator). The client signs a payload, attaches it as an X-PAYMENT header on the retry, and the server settles via a facilitator and returns 200 with the resource.
Notable properties: (1) no accounts, sessions, or OAuth flows; (2) multi-network — EVM chains (Base, Polygon, Arbitrum, etc.) and Solana; (3) ERC-20 based, so stablecoins and beyond; (4) extension points cover discovery and auth. Coinbase Developer Platform runs a hosted facilitator.
x402 is solving for the settlement layer of economic activity that does not pass through a human UI. AI agents calling paid APIs, agents exchanging outputs, content consumed in pay-per-call form — all without human per-action approval, using the minimal HTTP extension.
Lemma Oracle implementation
Lemma layers verifiability on top of x402 as Trust402. While x402 alone answers "did the payment settle," Trust402 adds the second answer: "a properly authorized agent paid, within the granted scope, for the declared purpose" — proven in zero-knowledge.
Concretely: (1) the delegation grant to the agent is bound as a commitment; (2) payment timestamp, amount, recipient, and purpose attach to a provenance chain; (3) existence is proven in ZK. Delegator, delegate, and payment details open per the auditor's clearance level via selective disclosure.
x402 + Trust402 is the only path that separates "the payment happened" from "the payment was authorized" — which is what regulated and audit-bound domains (financial-institution AI, enterprise procurement, public-sector outflows) actually require before adopting x402 at scale.