API for agents

Pay-per-call JSON endpoints over x402 v2. No API keys. No signup. Fund your agent wallet, sign, call.

Manifests

/.well-known/x402 — agent-readable JSON manifest
/api/openapi.json — OpenAPI 3.1 spec
/llms.txt — plain-text description for AI crawlers

POST /api/v1/preflight

$0.001 USDC

Pre-flight check: ask us “is it safe to pay this URL?”. Returns { ok, warnings, metadata }. Agents should call this before any paid x402 request to avoid decoys, zombies, and price traps.

curl -X POST https://x402station.io/api/v1/preflight \
  -H "Content-Type: application/json" \
  -d '{"url":"https://api.venice.ai/api/v1/chat/completions"}'
# → HTTP 402 + payment-required header on first call
# → sign with your wallet + retry → HTTP 200 + JSON report

TypeScript (@x402/fetch)

import { wrapFetchWithPaymentFromConfig } from "@x402/fetch";
import { ExactEvmScheme } from "@x402/evm";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY as `0x${string}`);
const fetch2 = wrapFetchWithPaymentFromConfig(fetch, {
  schemes: [{ network: "eip155:*", client: new ExactEvmScheme(account) }],
});

const res = await fetch2("https://x402station.io/api/v1/preflight", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify({ url: "https://api.venice.ai/api/v1/chat/completions" }),
});
const report = await res.json();
if (!report.ok) console.warn("skip:", report.warnings);

Warnings: unknown_endpoint, no_history, dead, zombie, decoy_price_extreme, suspicious_high_price, slow, new_provider. ok is true only when no critical warning fires.

POST /api/v1/forensics

$0.001 USDC

Deep 7-day report for one endpoint. Returns { ok, warnings, decoy_probability, metadata, uptime, latency, status_codes, concentration }. Superset of preflight — agents buying forensics don't need a separate preflight call.

curl -X POST https://x402station.io/api/v1/forensics \
  -H "Content-Type: application/json" \
  -d '{"url":"https://api.venice.ai/api/v1/chat/completions"}'
# → HTTP 402 + payment-required header on first call
# → sign + retry → HTTP 200 + 7-day report:
#   uptime.hourly[]          — 168 hourly buckets
#   latency.p50/p90/p99_ms   — percentiles over 7d
#   status_codes             — { "200": n, "402": n, "network_error": n }
#   concentration            — group_size, % of catalog, price vs group median
#   decoy_probability        — float [0, 1]

Extra warnings on top of preflight: dead_7d, mostly_dead, slow_p99, price_outlier_high, high_concentration.

POST /api/v1/catalog/decoys

$0.005 USDC

Full list of active endpoints currently flagged as dangerous — decoys (price ≥ $1000 USDC), zombies (100% erroring), dead_7d, mostly_dead. Pull hourly/daily, use as a local blacklist. One call returns hundreds of rows — cheaper than preflight-ing every URL.

curl -X POST https://x402station.io/api/v1/catalog/decoys \
  -H "Content-Type: application/json" -d '{}'
# → 402 + payment-required header on first call
# → sign + retry → 200 + JSON:
#   generated_at                 — timestamp of this snapshot
#   counts.total                 — number of flagged entries
#   counts.by_reason             — {decoy_price_extreme, zombie, dead_7d, mostly_dead}
#   truncated                    — true if result hit MAX_ENTRIES cap
#   entries[] = { url, service_name, price_usdc, reasons[], uptime_7d_pct, ... }

POST /api/v1/alternatives

$0.005 USDC

Routing fallback. Given a URL flagged by preflight (or a taskClass hint), returns up to 5 healthy sibling endpoints in the same provider/domain/category/price-band. Filters out 7-day-dead and 1-hour-erroring candidates; ranks by uptime + latency. Solves the question that follows ok=false from preflight: where do I go instead?

curl -X POST https://x402station.io/api/v1/alternatives \
  -H "Content-Type: application/json" \
  -d '{"url":"https://api.venice.ai/api/v1/chat/completions"}'
# → 402 + payment-required header on first call
# → sign + retry → 200 + JSON:
#   target           — target metadata (or {url, known: false})
#   match_strategy   — url_target / url_target_unknown_fallback / task_class_only
#   alternatives[]   — { url, service, provider, price_usdc,
#                        uptime_1h_pct, uptime_7d_pct,
#                        avg_latency_1h_ms, match_reason }
#   candidate_count  — total eligible BEFORE the LIMIT
#
# Body alternatives:
#   {"taskClass":"llm-completions","limit":3}     # discovery without a known URL
#   {"url":"...","limit":10}                       # cap result size

POST /api/v1/credits

$0.50 USDC = 1000 preflights

Bulk-prepaid preflight bundle. Pay $0.50 USDC once for 1000 prepaid /api/v1/preflight calls — effective rate $0.0005/call, 50% off the per-call $0.001 tier. Returns { creditId, balance, expiresAt }. Store the creditId — it's the bearer token and is not retrievable later. Pass via X-Credit-Id header on subsequent preflight calls; on exhaustion or expiry (90d) the middleware falls through to per-call x402 automatically.

# Buy a bundle (one-time $0.50 settlement)
curl -X POST https://x402station.io/api/v1/credits \
  -H "Content-Type: application/json" -d '{}'
# → 402 + payment-required header on first call
# → sign + retry → 200 + JSON: { creditId, balance: 1000, expiresAt, usage }

# Use the credit on subsequent preflights (no x402 payment per call)
curl -X POST https://x402station.io/api/v1/preflight \
  -H "Content-Type: application/json" \
  -H "X-Credit-Id: <creditId>" \
  -d '{"url":"https://api.example.com/route"}'
# Response carries x-credit-balance + x-credit-expires-at headers

# Check status (free, anyone with creditId can read)
curl https://x402station.io/api/v1/credits/<creditId>
# → { balance, used, expiresAt, expired, paidAmount, ... }

POST /api/v1/whats-new

$0.001 USDC

Catalog diff polling. Body { since?, limit? } — defaultsince = now - 24h, max 30 days back; limit 1..500 default 200. Returns added_endpoints[] (new since), removed_endpoints[] (deactivated since), service counts, polls_in_window, current active totals. Polling-friendly — internal ingest cron runs every 5 min, so polling more often returns identical data. Hourly polling costs ~$0.024/day.

curl -X POST https://x402station.io/api/v1/whats-new \
  -H "Content-Type: application/json" -d '{}'
# default 24h window, limit 200

curl -X POST https://x402station.io/api/v1/whats-new \
  -H "Content-Type: application/json" \
  -d '{"since":"2026-04-27T00:00:00Z","limit":50}'

# → 402 + payment-required header on first call
# → sign + retry → 200 + JSON:
#   since, until, window_hours
#   added_endpoints[]   = { url, service_name, provider, price_usdc,
#                            first_seen_at }
#   removed_endpoints[] = { url, service_name, last_seen_at, ... }
#   summary             = { added_count, removed_count,
#                            polls_in_window, current_active_*, ... }
#   truncated, limit

POST /api/v1/watch

$0.01 subscribe + 100 prepaid alerts · live

Webhook-based monitor: tell us an endpoint URL + your webhookUrl, we send an HMAC-SHA256-signed POST when subscribed signals fire/clear (zombie, decoy_price_extreme, dead, slow). 30-day subscription + 100 prepaid alerts. Free GET for status, free DELETE to unsubscribe (both secret-gated).

Read first

We probed 20,338 x402 endpoints. 161 are agent honeypots. — methodology, decoy distribution, $0.001 mainnet floor

x402station-middleware (npm)

One-line auto-shielding

Drop-in fetch wrapper for agents that already use @x402/fetch. Calls /api/v1/preflight before every paid x402 request, refuses decoy/zombie/dead endpoints automatically. Per-instance TTL cache (5 min default), creditId support for bulk-prepaid preflights ($0.0005/call), default fail-closed on preflight unavailability.

npm install x402station-middleware

import { wrapFetchWithPaymentFromConfig } from "@x402/fetch";
import { ExactEvmScheme } from "@x402/evm";
import { privateKeyToAccount } from "viem/accounts";
import { wrapWithPreflight } from "x402station-middleware";

const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY);
const x402Fetch = wrapFetchWithPaymentFromConfig(fetch, {
  schemes: [{ network: "eip155:8453", client: new ExactEvmScheme(account) }],
});

const safeFetch = wrapWithPreflight(x402Fetch, { account });

// Use exactly like fetch — preflight runs automatically.
const r = await safeFetch("https://api.example.com/x402-route");
// → throws PreflightBlockedError if endpoint is decoy / zombie / dead.

For framework builders

If you build an agent SDK (Daydreams, AgentKit, CrewAI, LangChain, Mastra) we can ship you a drop-in preflight() middleware. Open an issue on GitHub or hit the contact in the manifest.