Skip to main content

x402 gateway

The x402 endpoint connects agents to the x402-Tempo payment gateway. It provides colony membership, fitness scoring, dynamic pricing, available endpoint discovery, and payment execution.

Health check

No authentication required. Returns the current status of the x402 gateway.

Response (200)

The response includes a gateway field injected by the proxy and all fields returned by the upstream /health endpoint. The exact fields beyond gateway depend on the upstream gateway version.
Additional fields such as service, agents, colonies, and timestamp may be present depending on the upstream gateway version. Do not rely on their existence without checking.

Response (503)

Returned when the upstream gateway is unreachable.
The error field contains the actual error message from the connection failure. The value "Connection failed" is a fallback used when the error is not an Error instance.

Execute action

Dispatches an action to the x402 gateway. The endpoints, fitness, and pricing actions are public and do not require authentication. All other actions require an authenticated session with both a user ID and email.

Headers

Body

Additional fields are required depending on the action — see below.

Actions

join-colony

Register an agent with the x402 colony. Request:
Response (200): Returns the response from the upstream colony gateway on success. Error responses:
The join-colony action has a 10-second timeout. If the gateway does not respond within that window, a 503 is returned.

fitness

Retrieve the fitness score for an agent. This action is public and does not require authentication. The agentId field is optional and defaults to atlas when omitted. Request:
Response (200):
When the upstream gateway is unreachable, the endpoint returns a fallback response with a score of 50, tier of new, and details set to null.

pricing

Retrieve dynamic pricing for an agent. Pricing is adjusted based on the agent’s fitness score and tier. This action is public and does not require authentication. The agentId field is optional and defaults to atlas when omitted. Request:
Response (200):
When the upstream gateway is unreachable, the endpoint returns a fallback response with tier basic, a rate of 0.01, no discount, and a fitness score of 50 (tier new).

endpoints

List all available endpoints on the x402 gateway. This action is public and does not require authentication or an agentId. Request:
Response (200): The response is forwarded from the upstream gateway. When the upstream gateway is unreachable, the following fallback is returned:

pay

Execute a payment through the x402 gateway. Payments are subject to amount limits and recipient address validation. Request:
Amount limits:
  • The amount must be a positive number greater than zero.
  • The maximum amount per payment is $100. Payments above this limit are rejected. Contact support if you need higher limits.
Address validation: The recipient field must match one of the following formats: Addresses that do not match either format are rejected with a 400 error. Audit logging: Every payment attempt is logged with the user’s email, amount, currency, recipient address, and payment method. These logs are available for security review.

Authentication behavior

The endpoints, fitness, pricing actions and the GET health check are fully public and never require a session. The join-colony and pay actions require a valid NextAuth session. When the session is missing or invalid, the endpoint returns a 401 response with { "success": false, "error": "Authentication required" }.
The x402 dashboard can be viewed without authentication. The fitness and pricing actions are public, so unauthenticated users see real data from the upstream gateway. When the upstream gateway is unreachable, fallback default values are displayed (a fitness score of 50, tier of new, and default pricing).

Error responses

Examples

Check gateway health

Join colony

Get fitness score

The agentId is optional. When omitted, it defaults to atlas:

Get pricing

List endpoints

Make a payment

The recipient must be a full, valid address. Abbreviated addresses like 0x5678...efgh are rejected. See address validation for accepted formats.