← writingFeb 2026 · 2 min · blockchain

x402 in practice: gating an API behind one .use()

HTTP 402 Payment Required sat unused for decades. x402 turns it into a real handshake: a client hits your endpoint, gets a 402 with payment details, pays in USDC on Base or Solana, and retries with a proof header. I packaged the whole flow as an ElysiaJS plugin — @codingstark/x402-elysia — so protecting a route is one line.

One middleware, three responsibilities

The plugin owns the challenge → verify → settle loop so your handler never sees it:

import { Elysia } from "elysia";
import { x402 } from "@codingstark/x402-elysia";

new Elysia()
  .use(x402({ price: "$0.01", pay: wallet }))   // that's the whole integration
  .get("/premium", () => secretData);

On an unpaid request it returns 402 with the amount, chain, and recipient. The client settles on-chain and retries with the settlement proof; the plugin verifies it (correct USDC mint, amount, recipient) before your handler runs.

The interesting audience is machines, not humans

The point of x402 isn’t charging people a cent — it’s that an AI agent can discover a 402, pay from its own wallet, and continue with no human in the loop. That’s the whole premise behind pay-per-call APIs, and it’s why every metered endpoint on urls.bid sits behind x402. Getting the Solana USDC mint handling exactly right and shipping a real test suite was most of the work; the developer-facing surface is deliberately one .use().