Confidential x402
x402 is an open HTTP payment protocol for machine-to-machine payments. A resource server responds with HTTP 402 Payment Required when a request lacks a valid payment. The client attaches a cryptographically signed payment to its next request; the server verifies it and settles it on-chain before responding — no API keys, no subscriptions, no billing infrastructure.
The default x402 flow is fully public: every payment is visible on-chain as a plain ERC-20 token transfer. This works for flat-rate APIs, but breaks down once pricing becomes dynamic — per-customer rates, volume discounts, and AI agent spending patterns are all exposed. Merces by TACEO extends x402 with a confidential transfer scheme: the payment settles on-chain, but the amount stays hidden.
The client
To follow along, connect a wallet first. Your balance will be held as a secret-shared encrypted value distributed across three MPC nodes — no single node knows the plaintext amount.
The resource server
The resource server issues a 402 Payment Required challenge when no payment is attached, then forwards the client's signed payload to the TACEO facilitator for verification before serving the protected content. Its accumulated private balance grows with each successful payment — individual amounts are never exposed on-chain. The server tracks them directly, and they can be reconstructed from the MPC network if needed.
This pricing tier breakdown is reconstructed from the server's records of each payment's plaintext amount and the corresponding price tier. No public on-chain data reveals how many payments were made at each tier, or how much revenue each tier generated. With normal x402, all this information would be visible on-chain as plain ERC-20 transfers. Switch to Confidential x402 to see what actually appears on-chain.
On-chain transaction log
Every payment settles as an on-chain transaction. The toggle below switches between two views of the same data — the Normal x402 view shows the plaintext amount, while the Confidential x402 view shows only the amount commitment that appears on-chain. The amounts never touch the public chain in cleartext.
| Tx | Sender | Receiver | Amounthidden | Timestamp |
|---|---|---|---|---|
| Loading… | ||||
Why payment privacy matters
Standard x402 settles payments as plain ERC-20 token transfers — every amount is permanently visible on-chain. This works for flat-rate APIs, but breaks down the moment pricing becomes dynamic:
- Competitors read your pricing strategy off the blockchain. Every
transferWithAuthorizationcall exposes exactly what each customer paid — volume discounts, enterprise rates, and promotional pricing become public record. - Per-customer deals are impossible to keep confidential. A buyer on a higher tier cites on-chain evidence to demand the rate paid by others.
- AI agents reveal their economic strategy. Spending patterns across API providers expose which data sources an agent values — and by how much budget it allocates to each.
With Confidential x402, the on-chain record reveals that a payment was made — including sender and receiver addresses — but not how much. Privacy is enforced by a combination of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP), so no single party ever sees the plaintext amount.
More information
Want to learn more about confidential payments and the technology behind Merces? Read our blog posts: