x402.pub
GitHub

Developer Guide

Use marketplace plugins in your own apps, or build and publish your own x402-gated APIs.

Use pluginsPublish a pluginPricingSecurity

Use plugins in your application

Every plugin in the marketplace exposes standard x402-gated HTTP endpoints. You can call them from any language or framework — just handle the 402 payment flow.

Step 1
Pick a plugin & endpoint
Browse the marketplace and find the API you need. Each plugin page lists its endpoints, parameters, and example responses.
Step 2
Call the API with x402 fetch
Use the @x402/fetch client to make requests. It handles the 402 negotiation and payment signing automatically.
import { wrapFetch } from "@x402/fetch";
import { Keypair } from "@solana/web3.js";

// Load your Solana wallet (pays for API calls in USDC)
const keypair = Keypair.fromSecretKey(
  Buffer.from(process.env.SOL_PRIVATE_KEY, "base64")
);

// Wrap fetch with x402 payment support
const x402Fetch = wrapFetch(fetch, keypair);

// Call any x402-gated endpoint — payment is automatic
const res = await x402Fetch(
  "https://x402.pub/api/x402/weather?location=Tokyo"
);
const data = await res.json();
console.log(data.current.temperature);
Step 2 (alt)
Or use axios
Prefer axios? The @x402/axios interceptor works the same way.
import { withX402 } from "@x402/axios";
import { Keypair } from "@solana/web3.js";
import axios from "axios";

const keypair = Keypair.fromSecretKey(
  Buffer.from(process.env.SOL_PRIVATE_KEY, "base64")
);
const client = withX402(axios, keypair);

const { data } = await client.get(
  "https://x402.pub/api/x402/crypto-price?coin=sol"
);
console.log(data.price);
Tip
How it works under the hood

Every x402 request follows the same flow, regardless of which client library you use:

  1. Your app sends a normal HTTP request to the endpoint
  2. Server responds 402 Payment Required with price, network, and payee in headers
  3. Client library signs a USDC transfer authorization with your wallet
  4. Client retries the request with the signed payment attached
  5. Server verifies payment, returns data, and settles on-chain

Payments are in USDC on Base, Ethereum, or Solana. The client library picks the network based on your wallet type.

Developer registration

x402.pub is a curated marketplace. To publish plugins, developers register with an annual fee — paid via x402, naturally.

Developer Program
Everything you need to publish and maintain plugins on x402.pub

$99

per year

  • Marketplace listing for all your plugins
  • Manual review and verification
  • Verified badge on all published plugins
  • Priority support for plugin submissions

How to register

Registration is paid via x402 — the same payment protocol your plugins will use. Send a POST request to the registration endpoint with your details, and the $99 fee is settled on-chain in USDC.

# Register as a developer (x402 handles payment)
curl -X POST \
  "https://x402.pub/api/x402/developer-register\
?github=your-username\
&name=Your+Name\
&email=you@example.com"

Or use the x402 fetch client to handle payment signing automatically. Once registered, you can submit plugins for review.

Why we charge a registration fee

Quality over quantity

The fee ensures every developer is committed to maintaining a working, reliable API. No abandoned endpoints cluttering the marketplace.

Manual review

Every plugin submission is reviewed and tested by our team before it goes live. The fee funds this process.

Trust signal

Users know that every plugin comes from a registered, verified developer. The verified badge means something.

Aligned incentives

Developers who invest in their listing are incentivized to build great APIs that earn back the fee many times over through usage.

Agent-native distribution

Your API is discoverable via our discovery API. Autonomous agents find your plugin when they need the capability you provide — no human browsing required.

Agent security

In a world where agents autonomously discover and use APIs, the source they connect to matters more than anything. An uncurated marketplace is an attack surface. A curated one is a trust layer.

Why this matters
When an agent can autonomously acquire and call APIs, a malicious plugin could exfiltrate conversation context, inject prompts, drain wallets, or return poisoned data. The agent has no way to distinguish a good API from a bad one on its own — it needs a trusted source.

Curation is the security model

Every plugin is reviewed for malicious behavior, excessive permissions, and data handling before it goes live. The $99 developer fee ensures accountability — every publisher has a verified identity and financial commitment on record.

Security review checklist

Beyond functional testing, we check for context exfiltration, prompt injection vectors, wallet drain attempts, undisclosed network calls, and privacy violations. Plugins that fail security review are rejected.

Access policies

Even with a curated marketplace, operators need fine-grained control over what their agents can access. Access policies let you define exactly which plugins, categories, and authors your agent is allowed to use.

Allowlists
Restrict your agent to only specific plugins, categories, or authors. Everything else is blocked by default.
Blocklists
Block specific plugins, categories, or authors even if they match an allow rule. Blocklists always take priority.
Spending limits
Cap per-call price and total session spend. Prevent runaway costs from autonomous agents making unexpected calls.
// Pass as X-Access-Policy header to the discovery API
{
  "name": "production-agents",
  "allow": {
    "categories": ["Data", "Finance"],
    "authors": ["x402-pub"]
  },
  "block": {
    "plugins": ["experimental-plugin"]
  },
  "maxPricePerCall": 0.01,
  "maxSessionSpend": 5.00
}

Policies are enforced server-side at the discovery layer. If a plugin isn't in your agent's policy, it won't even appear in search results — your agent never knows it exists.

Publish a plugin

Ship an API, gate it with x402, register as a developer, and submit for review. Get paid per call — no billing infrastructure needed.

Step 1
Register as a developer
Pay the annual $99 registration fee via x402. This gets you access to submit plugins and the verified badge on all your listings.
Step 2
Build your API
Create any HTTP API — a Next.js route, Express server, or anything that serves HTTP. Deploy it anywhere.
Step 3
Gate it with x402
Add x402 middleware to your API endpoint. A few lines of code gate it behind payments on Base, Ethereum, and Solana.
import { withX402, x402ResourceServer } from "@x402/next";
import { HTTPFacilitatorClient } from "@x402/core/server";
import { ExactSvmScheme } from "@x402/svm/exact/server";

const SOLANA = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";

const server = new x402ResourceServer(
  new HTTPFacilitatorClient()
).register(SOLANA, new ExactSvmScheme());

async function handler(req) {
  return NextResponse.json({ data: "your response" });
}

export const GET = withX402(handler, {
  accepts: {
    scheme: "exact",
    price: "$0.001",
    network: SOLANA,
    payTo: "YourSolanaAddress...",
  },
  description: "My paid API",
}, server);
Step 4
Create a Claude Code plugin
Bundle a skill and MCP server config into a Claude Code plugin. The skill provides the user-facing command, the MCP server handles the x402 payment flow.
# Plugin structure
my-plugin/
  .claude-plugin/
    plugin.json
  skills/
    my-skill/
      SKILL.md       # The /my-skill command
  mcp-server/
    index.ts         # Handles x402 payment + API call
Step 5
Submit for review
Push your plugin to GitHub and submit it for review. Our team tests the API, verifies the plugin works end-to-end, and checks for quality and reliability. Once approved, it appears in the marketplace with the verified badge.

Plugin submission form coming soon. For now, open an issue on GitHub with your plugin repo link and we'll kick off the review.

What we review

Every plugin goes through our review process before it's listed. Here's what we check:

  • API responds correctly to documented endpoints and parameters
  • x402 payment gating is properly configured and working
  • Plugin installs cleanly in Claude Code
  • Skills are well-documented and produce useful output
  • No malicious behavior, data exfiltration, or privacy violations
  • Reasonable pricing relative to the value provided

Your API, discoverable by agents

Once listed, your plugin appears in our discovery API. Autonomous AI agents can search for capabilities they need, find your API, and start paying for calls — without any human needing to browse the marketplace or install anything manually.

This is the future of API distribution: agents that acquire skills on demand, paid per use. Your API becomes a capability that any agent in the ecosystem can pick up when the task calls for it.