Confidential x402
x402 is an open HTTP payment protocol for machine-to-machine payments. A resource server responds with HTTP 402 Payment Required when a request lacks a valid payment. The client attaches a cryptographically signed payment to its next request; the server verifies it and settles it onchain before responding. No API keys, no subscriptions, no billing infrastructure.
The default x402 flow is fully public: every payment is visible onchain as a plain ERC-20 token transfer. This works for flat-rate APIs, but breaks down once pricing becomes dynamic: per-customer rates, volume discounts, and AI agent spending patterns are all exposed. Merces by TACEO extends x402 with a confidential transfer scheme: the payment settles onchain, but the amount stays hidden.
The client
If you want to try it out, connect a wallet and use it to pay with Confidential x402. Your balance is held as a secret-shared encrypted value distributed across three MPC nodes, and no single node knows the plaintext amount.
Fund from the faucet. Receive 1,000 testnet USDC credited to your private balance. The faucet can be used once every 24 hours.
Select a price tier. The resource server applies per-customer pricing. Choose a tier. Whatever rate you pay stays hidden onchain.
Pay for access. Sign a confidential payment, generate the ZK proof and call the protected endpoint.
The resource server
The resource server issues a 402 Payment Required challenge when no payment is attached, then forwards the client's signed payload to the facilitator for verification and settlement before serving the protected content. Its accumulated private balance grows with each successful payment, but individual amounts are never exposed onchain. The server tracks them directly, and they can be reconstructed from the MPC network if needed.
No public onchain data reveals how many payments were made at each tier, or how much revenue each tier generated. With Standard x402, all this information would be visible onchain as plain ERC-20 transfers. Switch to Confidential x402 to see how it looks onchain.
Onchain transaction log
Every payment settles as an onchain transaction. The toggle below switches between two views of the same data: the Standard x402 view shows the plaintext amount, while the Confidential x402 view shows only the amount commitment that appears onchain. The amounts never touch the public chain in cleartext.
| Tx | Sender | Receiver | Amounthidden | Timestamp |
|---|---|---|---|---|
| Loading… | ||||
Why payment privacy matters
Standard x402 settles payments as plain ERC-20 token transfers, making every amount permanently visible onchain. This works for flat-rate APIs, but breaks down the moment pricing becomes dynamic:
- Competitors read your pricing strategy off the blockchain. Every
transferWithAuthorizationcall exposes exactly what each customer paid: volume discounts, enterprise rates, and promotional pricing become public record. - Per-customer deals are impossible to keep confidential. Volume discounts, enterprise rates, and promotional pricing are all public record.
- AI agents reveal their economic strategy. Spending patterns across API providers expose which data sources an agent values and how much budget it allocates to each.
With Confidential x402, the onchain record reveals that a payment was made, including sender and receiver addresses, but not how much. Privacy is enforced by a combination of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP), so no single party ever sees the plaintext amount.