x402 is an open payment protocol that lets any client, human application or autonomous AI agent, pay for a resource over plain HTTP and receive it in the same exchange. No account creation, no card form, no checkout flow. It was originated by Coinbase, open-sourced in May 2025, and is now governed through the x402 Foundation under the Linux Foundation, with backing that includes Google, Stripe, Visa, and Cloudflare. By late April 2026, Coinbase reported roughly 69,000 active agents and 165 million transactions across the protocol. This article explains how the flow actually works, who runs it, and what integration genuinely requires.
The Status Code That Waited Three Decades
The original HTTP specification reserved status code 402, "Payment Required", for a digital commerce future that had not arrived. For thirty years it sat unused while the web routed every payment through accounts, card networks, and human-operated checkout pages.
That architecture assumed a human at the keyboard. An autonomous agent cannot fill in a card form, complete a 3-D Secure challenge, or click a confirmation email. As agents became real economic actors, the missing piece was a way for a machine to pay another machine at the moment of request, inside the same protocol the web already runs on.
x402 activates the dormant status code for exactly that purpose.
How the x402 Flow Works
The protocol is a four-step request-response cycle. There is no session, no stored relationship, and no account on either side.
Step 1: Request. The client requests a resource, an API call, a dataset, a digital product, from the seller's server.
Step 2: 402 Response. If payment is required, the server responds with HTTP 402 and includes its payment instructions in the PAYMENT-REQUIRED header: the price, the accepted assets, and the network details.
Step 3: Signed Payment. The client constructs a payment payload, signs it cryptographically, and retries the request with the payload carried in the PAYMENT-SIGNATURE header.
Step 4: Verification and Settlement. A facilitator verifies the signed payment and settles it on-chain. The seller's server confirms with the facilitator and returns the requested resource. The seller never has to operate blockchain infrastructure; the facilitator absorbs that complexity.
The entire exchange is machine-readable end to end. That is the property that matters for agentic commerce: an agent can discover a price, authorise a payment within its mandate, and complete settlement without a human ever entering the loop.
What Settles, and Where
x402 settles in stablecoins. USDC and EURC are supported natively through the EIP-3009 transfer-with-authorisation standard, and any ERC-20 token can be used via Permit2. Supported networks currently include Base, Polygon, Arbitrum, World, and Solana.
Settlement cost is a facilitator decision rather than a protocol constant. Coinbase's hosted facilitator prices at 1,000 transactions per month free, then $0.001 per transaction, according to its published documentation. Because every payment is a cryptographically signed authorisation settled on-chain, the record is auditable by both parties without either trusting the other's database.
Who Governs x402
The governance trajectory is the strongest signal of the protocol's seriousness. Coinbase open-sourced x402 in May 2025. In September 2025, Coinbase and Cloudflare co-founded the x402 Foundation to establish it as a neutral standard. On 2 April 2026, the protocol was donated to the Linux Foundation, with backing from Google, Stripe, and Visa.
That sequence, vendor project to co-owned foundation to neutral standards body, is the same path HTTP-era infrastructure took. Payment rails that one company controls get adopted cautiously. Payment rails at the Linux Foundation get built into roadmaps.
The usage numbers reported alongside that move: approximately 69,000 active agents, 165 million transactions, and around $50 million in cumulative volume by late April 2026, per Coinbase. The volume figure is small against card networks. The transaction count is not, and the average transaction size it implies, fractions of a cent, reveals what the protocol is actually carrying: machine-scale micropayments that card economics cannot serve.
Where x402 Sits in the Agentic Commerce Stack
x402 is frequently described as more than it is, so precision matters here. x402 moves value. It does not negotiate terms, calculate taxes, manage fulfilment, or decide what to buy. Those jobs belong to other layers of the emerging stack.
The checkout layer is led by the Agentic Commerce Protocol (ACP), developed by OpenAI with Stripe and released under Apache 2.0. ACP defines how an agent presents products, builds an order, and completes a merchant checkout. It is already in production inside ChatGPT, with Etsy live for US users and Shopify merchants rolling out.
The authorisation layer is contested by Google's Agent Payments Protocol (AP2), developed with more than 60 organisations including Mastercard, PayPal, and Adyen, and since transferred to the FIDO Alliance for community governance. AP2 defines the mandate: cryptographic proof that an agent is authorised to spend on a human's behalf, and within what limits.
The settlement layer is x402. When the order exists and the mandate is valid, x402 is the wire that moves the money.
Unlike a card transaction, which bundles authorisation, clearing, and settlement inside opaque network rules, the agentic stack separates the layers and makes each one machine-readable. The strategic consequence: a merchant can adopt the layers independently, and the layers can compete independently.
Integration Requirements
For a commerce or API business, x402 integration is narrower than a payments migration. Three components matter.
Priced endpoints. The resources you sell need to respond with HTTP 402 and well-formed payment instructions. For APIs and digital goods this is a server middleware decision, not a re-platform.
A facilitator relationship. Verification and on-chain settlement run through a facilitator, so selecting one, and the assets and networks you accept through it, is the core commercial decision. Self-hosting the facilitator role is possible but reintroduces the blockchain operations the protocol exists to abstract away.
Reconciliation. Settled x402 payments need to land in your order management and finance systems like any other tender type. The on-chain record makes reconciliation verifiable, but the integration work is still yours to do.
What x402 does not require is equally important: no card acquirer negotiation, no PCI scope expansion, and no human checkout redesign, because the human checkout is not involved.
What This Means for Commerce Teams
The settlement layer for machine-to-machine commerce now exists, is neutrally governed, and is carrying real volume. The protocols above it, ACP for checkout and AP2 for authorisation, are live in the largest consumer AI surface and the largest payments coalitions respectively.
The practical move is not to predict a winner. It is to make your commercial logic, prices, products, terms, machine-readable now, so that whichever stack your buyers' agents arrive with, your business answers. Agents transact where the data lets them. Everywhere else is friction, and agents are built to route around friction.
