What is x402 on Rhumb?

Rhumb uses x402 as a zero-signup payment flow where HTTP 402 returns exact execution payment requirements and payment proof authorizes the request.

Which network and token are supported?

Current public support is USDC on Base only.

Agent Payments

Choose the right wallet rail for agent payments.

Most buyers should still start with the governed API-key path. This page is for the wallet-first cases: use wallet-prefund when the same wallet will call repeatedly, and use x402 per-call when request-level payment authorization is the actual requirement.

Back to pricing Start with governed API key

Before you choose a wallet rail

Want to inspect the trust story first? Read Trust, inspect the public Methodology, or use the provider dispute path if a score or claim looks wrong.

Choose your rail

Pick based on how money moves, not on protocol jargon.

The buyer-readable version is simple: start with governed API key by default, use wallet-prefund when you want wallet identity plus repeat traffic, and use x402 only when each request should carry its own payment authorization.

Governed API key

Default

Use when: You want the normal production setup for an app, team, or repeat agent workflow.
You send: X-Rhumb-Key
Money flow: Rhumb-managed account billing and controls.
Best for: Most buyers and most repeat traffic.
Tradeoff: Requires account signup before the first paid call.

Wallet-prefund

Wallet-first

Use when: Wallet identity matters, but the same wallet will call Rhumb repeatedly.
You send: X-Rhumb-Key
Money flow: Top up reusable balance from a wallet, then spend from that balance.
Best for: Wallet-native agents that need repeat throughput.
Tradeoff: Has an initial wallet verify + top-up step before the steady-state path.

x402 per-call

Zero signup

Use when: You need payment authorization on each request and no account before the first paid call.
You send: X-Payment
Money flow: USDC on Base, authorized per request.
Best for: Ephemeral agents, demos, and strict pay-per-request flows.
Tradeoff: Not the easiest repeat-traffic rail today; the public execute path still expects tx-hash proof.

Where this rail fits

x402 is the exception rail, not the whole product model

Default path: start with governed API key or wallet-prefund on `X-Rhumb-Key`, discover a Service, choose a Capability, estimate the call, then execute through Layer 2. Start with Rhumb-managed superpowers first. Bring BYOK or Agent Vault only when the workflow touches your own systems. Use x402 only when zero-signup per-call matters. Use Layer 1 only when you must pin the provider. Use Layer 3 only when a published recipe already exists.

Default production path

Most repeat traffic should run through Layer 2 with governed API key or wallet-prefund on X-Rhumb-Key. Bring BYOK or Agent Vault only when provider control is the point.

Use x402 when

Zero-signup, request-level payment authorization matters more than repeat throughput or broad wallet-proof compatibility.

Switch to wallet-prefund when

The same wallet needs repeat calls. Authenticate once, top up reusable balance, then execute with X-Rhumb-Key.

Canonical onboarding map: /docs#resolve-mental-model

What x402 means here

x402 is the payment-first execution rail. Instead of creating an account and receiving a reusable governed API key, an agent asks to run a capability, receives payment requirements on HTTP 402, pays that request, and then proves payment to complete execution.

Current public support is intentionally narrow: USDC on Base. That keeps the flow deterministic for agents and clear for operators.

Current compatibility boundary

The repeatable public x402 execute path today is the plain payment-proof flow shown below: request 402, pay the exact requirement, then retry with X-Payment carrying tx-hash proof. Some smart-wallet or wrapped authorization payloads still depend on a facilitator path that is not wired in current production. Wallet-prefund top-up verification is the standard x402 authorization path today. If your buyer emits wrapped proofs, use wallet-prefund or the standard governed API key rail instead of assuming drop-in x402 interoperability.

USDC on Base flow

Request execution

Call the execution endpoint without a governed API key when you want the payment rail to handle authorization.

Receive HTTP 402

Rhumb responds with exact payment requirements for that execution, including amount, token, and network.

Pay in USDC on Base

Your agent submits the on-chain payment from its wallet instead of relying on pre-issued credentials.

Retry with proof

Repeat the request with X-Payment using the tx hash, network, and payer wallet so Rhumb can verify payment and execute the capability.

Discover contract

curl https://api.rhumb.dev/v1/pricing

Estimate before execution

curl "https://api.rhumb.dev/v1/capabilities/{capability_id}/execute/estimate"

Execution flow

# Step 1: request execution without a governed API key
curl -X POST "https://api.rhumb.dev/v1/capabilities/{capability_id}/execute" \
  -H "Content-Type: application/json" \
  -d '{"body": {"to": "user@example.com", "subject": "Hello from Rhumb"}}'

# Step 2: pay the exact asset + amount to the exact address on the exact network returned in the 402 response

# Step 3: retry with payment proof from the same wallet
curl -X POST "https://api.rhumb.dev/v1/capabilities/{capability_id}/execute" \
  -H 'X-Payment: {"tx_hash":"0x...","network":"<network-from-402>","wallet_address":"0x..."}' \
  -H "Content-Type: application/json" \
  -d '{"body": {"to": "user@example.com", "subject": "Hello from Rhumb"}}'

When to switch from per-call x402 to wallet-prefund

Use pure x402 when you want zero-signup authorization on every request. Use wallet-prefund when you still want wallet-first funding, but repeat traffic should execute via X-Rhumb-Key against reusable balance.

x402 per-call

• No account or key required before first execution.
• Every paid call includes X-Payment.
• Best for ephemeral agents and strict per-request auth.

wallet-prefund

• Wallet signs once to create identity + wallet-scoped X-Rhumb-Key credential.
• Top-ups settle standard x402 authorization payloads on-chain, then credit reusable org_credits.
• Repeat calls run through normal X-Rhumb-Key execution.

Wallet-prefund route map

POST /v1/auth/wallet/request-challenge
POST /v1/auth/wallet/verify
POST /v1/billing/x402/topup/request
POST /v1/billing/x402/topup/verify
POST /v1/capabilities/{capability_id}/execute   # with X-Rhumb-Key

First successful call

Two buyer stories, two correct first-call paths.

If you are choosing between wallet-prefund and x402, anchor on the first call that should feel normal in production.

Use wallet-prefund

Wallet-native buyer with repeat traffic

Use wallet-prefund when wallet identity matters but you want the steady-state call path to look like normal Layer 2 execution.

Authenticate the wallet once, top up reusable balance, then execute repeat calls with X-Rhumb-Key.

# After wallet verify + top-up, the first successful repeatable call looks like this
curl -X POST "https://api.rhumb.dev/v1/capabilities/{capability_id}/execute" \
+  -H "X-Rhumb-Key: rk_live_..." \
+  -H "Content-Type: application/json" \
+  -d '{"body": {"to": "user@example.com", "subject": "Hello from Rhumb"}}'

Use x402 per-call

Zero-signup buyer who wants payment proof on the request

Use x402 when the payment authorization itself is the product requirement, not just a funding source behind repeat traffic.

Request execution without a governed API key, pay the exact 402 requirement, then retry with X-Payment from the same wallet.

# One-off zero-signup request
curl -X POST "https://api.rhumb.dev/v1/capabilities/{capability_id}/execute" \
+  -H 'X-Payment: {"tx_hash":"0x...","network":"<network-from-402>","wallet_address":"0x..."}' \
+  -H "Content-Type: application/json" \
+  -d '{"body": {"to": "user@example.com", "subject": "Hello from Rhumb"}}'

If neither of those stories sounds like you, go back to pricing and start with the governed API-key path.

Wallet setup

Use a Base-compatible wallet

Your agent needs a wallet that can hold USDC on Base and sign transactions programmatically.

Fund it with USDC on Base

The current public rail is fixed: USDC on Base. Other assets and networks are intentionally not advertised as public options yet.

Store the wallet secret like production credentials

Keep private keys in your wallet system or secret manager. x402 removes API-key signup, but it does not remove wallet-key security.

Good fits for this rail

Autonomous agents

Best when the agent should discover, pay for, and execute work without waiting for a human to create an account first.

No-signup execution

Useful for ephemeral agents, sandboxes, and evaluation flows where provisioning a governed API key would add avoidable friction.

Per-call spend control

Each execution carries its own payment event, which is easier to reason about when you want strict request-level budget visibility.

If you need team billing, human-friendly procurement, or a reusable credential for repeated app traffic, standard API-key pricing is usually the better default.

Why the 15% markup exists

x402 pricing is still cost-plus pricing. Rhumb passes through the upstream call cost and adds a 15 percent margin on top.

That margin covers the agent-payment-specific overhead: verifying payment proof, operating the on-chain settlement path, abuse controls around zero-signup execution, and the managed capability routing behind the request.

Looking for standard API-key plans instead? Go back to main pricing .