x402station Forensics

Cheap due-diligence before your agent integrates an unfamiliar x402 endpoint. POST the URL, get back 7 days of probe data — uptime %, p50/p99 latency, error breakdown, active risk signals, status-code histogram, peer comparison. $0.001 USDC, settled via x402.

The whole call

POST https://x402station.io/api/v1/forensics
{
  "url": "https://api.example.com/x402-endpoint"
}
// First call returns 402 with payment requirements.
// Retry with PAYMENT-SIGNATURE → returns:

{
  "url": "https://api.example.com/x402-endpoint",
  "window_days": 7,
  "uptime_pct": 98.4,
  "latency_ms": { "p50": 142, "p90": 318, "p99": 904 },
  "status_breakdown": { "200": 412, "402": 9817, "500": 41, "504": 9 },
  "error_share_pct": 0.51,
  "signals": ["healthy"],            // active risk signals, if any
  "price": { "amount": "0.005", "currency": "USDC" },
  "first_seen_at": "2026-04-12T08:14:22Z",
  "peer_comparison": {
    "category": "Inference",
    "median_latency_ms": 180,
    "median_uptime_pct": 96.1,
    "rank_in_category": 14
  }
}

What's in the report

uptime_pct — share of probes in the 7-day window that returned 200 / 402 (the healthy x402 handshake). Anything below 95% is a routing risk for time-critical agents.
latency_ms.p50 / p90 / p99 — server-side wall-clock latency from the probe worker. p99 ≥ 5,000 ms means the tail of your agent's workflow will hit timeouts.
status_breakdown — full histogram of HTTP codes seen in the window. Lets you tell "dead" from "rate-limited" from "auth-failing" without a live probe.
signals[] — active risk flags from our signal vocabulary: dead, zombie, decoy_price_extreme, price_drift, high_concentration, healthy. Same vocabulary Guard and Watch use; reports are the "why" behind the "what."
peer_comparison — how this endpoint stacks up against other endpoints in the same category (Inference / Search / Data / Storage / Infra / etc.). Lets your agent pick the best provider without a head-to-head benchmark.
first_seen_at — when this endpoint first appeared in the catalog. Endpoints under 24h old get a softer routing weight automatically; 30+ days = stable.

Forensics vs Guard vs Watch

Three modes for three different agent timing patterns:

Guard — synchronous. $0.001 per check, called inline before every payment. Use when: agent is about to sign PAYMENT-SIGNATURE right now.
Forensics — diagnostic snapshot. $0.001 per call, batchable. Use when: evaluating whether to integrate an endpoint at all. One call returns 7 days of evidence.
Watch — async webhook. $0.01 / 30 days, 100 prepaid alerts. Use when: agent already integrated, wants push alerts when state flips.

Most production agents use all three: Forensics at integration time, Guard on every paid call, Watch for long-running policies.

Use cases

Onboarding a new endpoint into an agent loop. Cheaper than running your own 7-day pilot, faster than scraping for reviews.
Picking between two endpoints in the same category. The peer_comparison block gives a category percentile rank without a head-to-head benchmark.
Postmortem: why did my agent burn USDC last night? Run forensics on the suspect URL — the 7-day window covers the incident and tells you whether it was a one-off spike or a sustained issue.
Compliance / audit log evidence. The full report payload is a signed snapshot at fetch time; archive it alongside your agent decision logs.

Pricing

$0.001 USDC — per call. Settled via x402, no signup.
Bulk credits — same creditId mechanism as Guard; $0.50 USDC for 1,000 prepaid forensics or preflights, 50% off the per-call rate.