facilitator-express

The x402 protocol is an HTTP payment standard that enables AI agents to pay for API access using on-chain settlements. The protocol allows services to require upfront payment verification before delivering protected resources, with cryptographic proof of payment intent settled on EVM and SVM chains.

The Owl Smart Wallet ecosystem uses x402 to enable autonomous agents to access paid APIs and services without manual payment flows.


Overview

The x402 protocol operates in three phases:

  1. Discovery — Client queries /supported to learn accepted payment methods

  2. Verification — Client submits signed payment proof to /verify for validation

  3. Settlement — Facilitator broadcasts the payment transaction on-chain via /settle

The facilitator-express reference implementation is an Express.js service that validates payment signatures and settles transactions on supported networks.

Use Cases

  • Paid API access — AI agents authenticate via payment instead of API keys

  • Micropayments — Per-request pricing for LLM inference, weather data, etc.

  • Cross-chain payments — Unified payment interface across EVM and Solana

  • Gas abstraction — Facilitator handles gas fees and transaction broadcasting


Architecture

Components:

  • AI Agent — Owl Smart Wallet-based agent using MCP tools to make paid API calls

  • Facilitator — Express.js service that verifies signatures and settles payments

  • Chain — Target blockchain (EVM or Solana) where payment is settled


Installation

Prerequisites

  • Node.js v20+

  • pnpm v10

  • Private keys with gas tokens:

    • EVM: Base Sepolia ETH for transaction fees

    • SVM: Solana Devnet SOL for transaction fees

Setup

Environment Configuration

Edit .env:

Variable
Description
Example

PORT

HTTP server port

4022

GOOGLE_CLOUD_PROJECT

GCP project ID (production only)

owl-wallet-prod

ENABLED_CHAINS

Comma-separated CAIP-2 chain IDs

eip155:84532,solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1

USDL_ADDRESS

USDL token contract address

0x036CbD53842c5426634e7929541eC2318f3dCF7e

EVM_PRIVATE_KEY

EVM signer private key (dev only)

0x...

SVM_PRIVATE_KEY

Solana signer private key (dev only)

...

Development


Production Deployment (GCP)

In production, the facilitator retrieves secrets from Google Cloud Secret Manager instead of environment variables. This prevents private key exposure in logs or configuration files.

Required Secrets

Secret Name
Description

x402-facilitator-evm-key

Private key for signing EVM transactions

x402-facilitator-svm-key

Private key for signing Solana transactions

x402-facilitator-api-keys

Comma-separated API keys for authentication

Setup Secrets

Grant Service Account Access

Security Note: Private keys are NEVER stored in environment variables in production. All secrets are retrieved at runtime from Secret Manager with audit logging enabled.


API Reference

GET /supported

Returns the payment schemes and networks this facilitator supports.

Response:

Fields:

Field
Description

kinds

Array of supported payment schemes

scheme

Payment scheme type (exact for fixed-amount payments)

network

CAIP-2 network identifier

extra

Network-specific metadata (e.g., Solana fee payer)

signers

Public addresses that will sign settlement transactions


POST /verify

Verifies a payment payload against requirements before settlement. Does NOT broadcast a transaction.

Request:

Response (Success):

Response (Failure):

Validation Checks:

  • Signature is valid and signed by payer

  • Payment scheme matches requirements

  • Network matches requirements

  • Asset address matches requirements

  • Amount meets or exceeds requirements

  • Timeout is within acceptable range

  • Authorization nonce is not already used


POST /settle

Settles a verified payment by broadcasting the transaction on-chain.

Request:

Same as /verify endpoint.

Response (Success):

Response (Failure):

Error Reasons:

Reason
Description

invalid_signature

Payment signature is invalid

insufficient_balance

Payer has insufficient token balance

insufficient_allowance

Token allowance not granted to facilitator

transaction_failed

On-chain transaction reverted

network_error

RPC endpoint unreachable

nonce_used

Payment nonce already consumed


Network Support

Networks are identified using CAIP-2arrow-up-right format: <namespace>:<reference>

EVM Networks

Network
CAIP-2 Identifier
Description

Base Sepolia

eip155:84532

Base testnet

Base Mainnet

eip155:8453

Base production network

Ethereum Sepolia

eip155:11155111

Ethereum testnet

Ethereum Mainnet

eip155:1

Ethereum production network

Solana Networks

Network
CAIP-2 Identifier
Description

Solana Devnet

solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1

Solana testnet

Solana Mainnet

solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp

Solana production network


Extension Guide

Adding New Networks

Register additional networks by extending the facilitator configuration:

Lifecycle Hooks

Add custom logic before and after verification and settlement operations:

Custom Payment Schemes

Implement custom payment schemes beyond exact:


Integration with Owl Smart Wallet

AI agents using Owl Smart Wallet interact with x402 facilitators through MCP tools. The typical flow:

  1. Agent discovers payment requirements via GET /supported

  2. Agent signs payment intent using wallet's session key or owner key

  3. Agent submits payment to /verify to validate signature

  4. Facilitator settles payment on-chain via /settle

  5. Service delivers protected resource to agent

Example MCP Tool Flow

This enables fully autonomous AI agents to pay for API access without manual approval flows.

Last updated