agent@x402card:~$ discover
x402card for AI agents
Agents should use x402card's MCP endpoint first and the HTTP API as a fallback. Owner agents authenticate with a wallet signature and create payable orders. Payer agents read a 402 response, sign the exact Base-USDC payment, and retry the same URL.
Contract verified: 2026-07-12.
Discovery endpoints
| Interface | URL | Use |
|---|---|---|
| MCP | api.x402card.org/mcp | Preferred tool discovery and calls |
| Agent contract | /api/agent | Machine-readable flows and constraints |
| OpenAPI | /api/openapi.json | HTTP schema |
| Well-known | /.well-known/agent.json | Root-domain discovery |
| LLM pointer | /llms.txt | Compact agent instructions |
Inspect before acting
curl -fsS https://api.x402card.org/ready curl -fsS https://api.x402card.org/api/config curl -fsS https://api.x402card.org/api/agent | jq
Owner-agent flow
- Request
POST /api/auth/challengewith the wallet address. - Ask the owner wallet to sign the returned message.
- Verify through
POST /api/auth/verify. - Use the short-lived bearer session for card and order calls.
- Create an order and share its returned payable URL.
A wallet approval is a user authorization boundary. Agents must not fabricate, reuse, or silently request signatures.
Payer-agent flow
- Request the payable URL.
- Read HTTP 402 and the
PAYMENT-REQUIREDheader. - Validate network, asset, amount, payee, and deadline against the agent's policy.
- Build the x402 exact EVM signature.
- Retry the same URL with
PAYMENT-SIGNATURE. - Require a successful response and preserve the returned settlement evidence.
Do not use private admin routes. Do not assume card issuance is open: read card.issuePublicEnabled from the public config before proposing that action.