⚡ x402 Pay-per-Proof
A single HTTP endpoint that sells post-quantum signatures to autonomous agents. The payment is the authentication: your agent hits it, gets a 402 Payment Required, pays a few cents of USDC on Base, and receives a verifiable Dilithium-2 (NIST FIPS 204) proof of exactly what it did.
x402 is the HTTP 402 payment standard (Coinbase → Linux Foundation; backers include Google, Visa, Stripe, Cloudflare, Circle). Autonomous agents need verifiable proofs of their actions — this endpoint mints them, and the only account you need is a wallet with a couple cents of USDC.
Honest scope: the signature proves the exact bytes you submitted were signed by our post-quantum key — resistant to known classical and quantum attacks per NIST FIPS 204, not "unbreakable". It says nothing about the truthfulness of the signed content.
The flow: 402 → pay → proof
- 1Your agent POSTs a message or hash. With no payment it gets back
402plus an x402accepts[]block: pay $0.02 USDC to the treasury on Base. - 2The agent sends the USDC transfer on Base (its own wallet / SDK) and captures the
txHash. - 3It retries with an
X-PAYMENTheader carrying the txHash. We verify the transfer on-chain, then return a Dilithium-2 signature over your bytes + anX-PAYMENT-RESPONSEreceipt. One txHash = one signature (anti-replay).
Try the live 402 challenge (free — no payment sent)
This calls the real endpoint without paying, so it returns the 402 body an x402 client would read.
Integrate (curl)
# 1. Ask for a proof — no payment yet → HTTP 402
curl -i https://fractalai.net.co/api/x402/sign \
-H 'Content-Type: application/json' \
-d '{"message":"agent-run #4821 completed: swapped 100 USDC→ETH"}'
# → 402 Payment Required
# {
# "x402Version": 1,
# "accepts": [{
# "scheme": "exact", "network": "base", "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
# "maxAmountRequired": "20000", "payTo": "0xC13789e82661635d9Cea38a53A0390CF9939ef4f",
# "maxTimeoutSeconds": 300, "extra": { "settlement": "txHash", ... }
# }],
# "digest": "…sha256 of your message…"
# }# 2. Pay 0.02 USDC to payTo on Base (any wallet / agent SDK), get the txHash.
# 3. Retry with X-PAYMENT = base64(JSON({ txHash })):
PAY=$(printf '{"txHash":"0xYOUR_TX_HASH"}' | base64)
curl -i https://fractalai.net.co/api/x402/sign \
-H 'Content-Type: application/json' \
-H "X-PAYMENT: $PAY" \
-d '{"message":"agent-run #4821 completed: swapped 100 USDC→ETH"}'
# → 200 OK (+ header X-PAYMENT-RESPONSE with the settlement receipt)
# {
# "digest": "…", "signature": "…dilithium2…", "algorithm": "dilithium2",
# "public_key": "…", "payment": { "settled": true, "txHash": "0x…" }
# }Any x402-aware agent SDK can read accepts[] and automate steps 2–3. In our subset the X-PAYMENT header carries base64(JSON({ txHash })).
What we support (honest x402 subset)
- Scheme:
exact— a fixed-amount USDC transfer. - Network / asset: Base mainnet, USDC (0x833589fC…, 6 decimals).
- Settlement: on-chain txHash verification — you pay first (a normal transfer), we verify it landed to the treasury, then sign.
- 402 body: follows the x402
accepts[]payment-requirements shape (scheme/network/asset/payTo/maxAmountRequired/maxTimeoutSeconds), so x402 clients can auto-read the price. - Anti-replay: each txHash redeems exactly one signature. Per-IP rate limit on the free 402 discovery.
We are transparent about what we don't do (yet): no x402 facilitator, and no gasless EIP-3009 transferWithAuthorization settlement where the X-PAYMENT header carries a signed authorization we verify off-chain. Our model is "pay first, present txHash" — the pragmatic, zero-extra-infra way to be x402-compatible. Roadmap: add a facilitator + EIP-3009 for one-shot gasless calls.
Pricing
Treasury (payTo): 0xC13789e82661635d9Cea38a53A0390CF9939ef4f on Base.