Add x402 support: let AI agents pay per API call autonomously (USDC, no API key sharing) #758
Description
Enable autonomous agent payments on your API via x402
Right now, when AI agents call the ElevenLabs API autonomously, they use a shared operator API key. The operator pre-pays and manually tops up credits. This doesn't scale once agents run 24/7 across dozens of workflows.
x402 fixes this. It's HTTP 402 Payment Required, repurposed for machine-to-machine micropayments (Coinbase-backed, live on Base mainnet). An agent calls your endpoint, gets a 402 challenge, pays $0.01 in USDC, retries — all without human involvement. No credit card, no API key sharing, no billing dashboard.
What the integration looks like
On your end: return 402 when a request arrives without a valid X-Payment header.
HTTP/1.1 402 Payment Required
Content-Type: application/json
{
"version": "x402/1.0",
"accepts": [{
"scheme": "exact",
"network": "base-mainnet",
"maxAmountRequired": "10000",
"resource": "https://api.elevenlabs.io/v1/text-to-speech/{voice_id}",
"payTo": "0xYOUR_WALLET",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
}]
}The agent's payment handler sees the challenge, signs USDC on Base, retries with X-Payment: <proof>. Your API verifies the proof and executes.
Why this is better than API keys for agents
| API keys today | x402 | |
|---|---|---|
| Who pays | Operator (manual top-up) | Agent (autonomous per-call) |
| Per-agent attribution | None | Wallet address per agent |
| Scaling | Manual | Automatic |
| Monetization | Subscription / credits | Per-call micropayment |
Implementation
Full guide: https://github.com/tomopay/gateway/blob/main/docs/guides/x402-rest-api-integration.md
The verification step is ~10 lines of TypeScript or Python. No new infrastructure — just decode the proof, check the on-chain transaction, and route normally.
Agents using @tomopay/client (npm) handle the payment side automatically — no changes needed on agent code once the operator funds a Base wallet.
This is a different integration path from MCP — no protocol change, no SDK wrapping, just an additional 402 response on existing endpoints. Happy to answer questions or help with the verification step.