🟢 Live on Cardano Mainnet

Pay for anything
with HTTP 402

The first Cardano payment facilitator on mainnet. Request a resource, get a 402, pay with ADA, access granted.

Get started → See live proof ↓
383+
Tests Passing
10
Verification Checks
Live on Mainnet
5/5
Failure Modes Caught
Protocol Flow

Seven steps. One transaction.

The full x402 payment cycle — from request to on-chain settlement — runs through seven discrete steps. No accounts, no API keys, no billing.

🔐
Client
Wallet + Lucid
🖥
Resource Server
Your API
Facilitator
x402-fac
Cardano
Blockfrost
01
Client Server POST /upload Request a paid resource — no payment header attached
02
Server Client 402 Payment Required Server returns payment requirements: amount, recipient address, network
03
Client Build & Sign Tx Client builds a Cardano transaction with Lucid Evolution and signs it with their wallet
04
Client Server POST /upload + Payment-Signature Retry the request with the signed transaction in the header
05
Server Facilitator POST /verify → POST /settle Payment gate middleware verifies the transaction, then settles it on-chain
06
Facilitator Cardano Submit Tx → Poll Confirm Transaction submitted to Blockfrost, polls every 5s until confirmed on-chain (~20s)
07
Server Client 200 OK Payment confirmed. Resource delivered. File uploaded, CID returned, downloadable for free.
On-Chain Proof

Proven on-chain. Mainnet and testnet.

Real transactions, verified on-chain. Tested end-to-end on Preview testnet, now live on Cardano mainnet — processing real ADA payments through the full x402 verify → settle pipeline.

Mainnet — First Transaction
Full verify → settle → on-chain confirmation on Cardano mainnet
Tx Hash ce1e3ab1...50ffb38a
Block 13,204,540
Network cardano:mainnet
Pipeline 10/10 checks passed → settled → confirmed
End-to-End Payment
Full 7-step x402 cycle — upload with payment, download for free
Tx Hash 3eb6f065...99ab7ce7
Block 4,116,992
Amount 2,000,000 lovelace (2 ADA)
Result File uploaded + integrity verified
🔁
Replay Attack Test
Same transaction submitted twice — dedup caught the replay
Tx Hash b07b3e60...89ac92b2
First settle Success — confirmed on-chain
Replay Idempotent — cached result returned
Dedup SHA-256 → Redis SET NX (24h TTL)
Verification Pipeline

10 checks. Every transaction.

Before any transaction touches the blockchain, it passes through a 10-check verification pipeline. All checks run — even after the first failure — so clients get a complete list of issues.

1
CBOR Valid
Base64 decode, CBOR deserialization via CML
2
Scheme
Payment scheme is "exact"
3
Network
CAIP-2 chain ID matches configured network
4
Token
Asset in hardcoded registry (ADA, USDM, DJED, iUSD)
5
Recipient
Output pays to the required address (hex comparison)
6
Amount
Payment ≥ required (overpayment accepted)
7
Min UTXO
Output has enough ADA for protocol minimum
8
Witness
Transaction has at least one VKey signature
9
TTL
Transaction validity hasn't expired (slot check)
10
Fee
Fee within configured bounds (150K–5M lovelace)
Security Testing

Every attack. Caught.

Five attack vectors tested against the live facilitator on Preview testnet. All rejected with specific, actionable error codes.

Rejected Malformed CBOR
Garbage base64 sent as a transaction payload. The CBOR deserializer catches it immediately.
invalid_cbor Transaction CBOR could not be parsed
Rejected Wrong Recipient
A valid signed transaction that pays to a different address than required. Canonical hex comparison catches it.
recipient_mismatch No output pays to the required recipient
Rejected Insufficient Amount
Transaction pays 1 ADA when 2 ADA is required. BigInt comparison with no floating-point risk.
amount_insufficient Payment amount is less than required
Rejected Expired Transaction
Transaction with TTL set 1 hour in the past. Current slot comparison catches expired validity.
transaction_expired Transaction TTL has expired
Dedup'd Replay Attack
Same signed transaction submitted twice. SHA-256 dedup key in Redis (SET NX, 24h TTL) returns the cached result idempotently. Cardano's UTXO model prevents the double-spend at chain level.
idempotent_return Same txHash returned without re-submission
Architecture

Five layers. Zero custody.

The facilitator never holds private keys. It verifies client-signed transactions and submits them to the blockchain. Your keys stay in your wallet.

HTTP
Fastify
Helmet + CORS
Rate Limit
Zod Validation
Swagger /docs
Verify
CBOR Deserializer
10 Check Pipeline
Token Registry
Settle
Re-verify
SHA-256 Dedup
Blockfrost Submit
Poll Confirmation
Chain
ChainProvider
UTXO Cache (L1+L2)
Reservation System
Lucid Evolution
Ext
Redis
Blockfrost API
Fs / IPFS Storage
SDK

Three lines to add payments.

The SDK gives any Fastify resource server x402 payment gating. Wrap any route — the middleware handles 402 responses, verification, and settlement automatically.

resource-server.ts 
import { FacilitatorClient, createPaymentGate }
  from 'x402-fac/sdk';

// Connect to your facilitator
const facilitator = new FacilitatorClient({
  baseUrl: 'http://localhost:3000'
});

// Create a payment gate
const gate = createPaymentGate({
  facilitator,
  payTo:   'addr_test1qp...',
  amount:  '2000000',   // 2 ADA
  network: 'cardano:preview',
});

// Protect any route
app.post('/api/generate', {
  preHandler: gate
}, handler);
client.ts 
// 1. Request resource → get 402
const res = await fetch('/api/generate');
// res.status === 402

// 2. Parse payment requirements
const requirements = parsePaymentRequired(
  res.headers.get('Payment-Required')
);

// 3. Build & sign Cardano tx
const tx = await lucid
  .newTx()
  .pay.ToAddress(requirements.payTo, {
    lovelace: BigInt(requirements.amount)
  })
  .complete();
const signed = await tx.sign
  .withWallet().complete();

// 4. Retry with payment → get 200
const paid = await fetch('/api/generate', {
  headers: {
    'Payment-Signature':
      encodePayment(signed)
  }
}); // paid.status === 200 🎉
Positioning

Cardano for high-value.
L2s for micropayments.

Different chains for different price tiers. The x402 protocol is chain-agnostic — Cardano handles operations worth ≥1 ADA (~$0.30), while EVM L2s handle sub-cent transactions.

< $0.01
Base / Optimism
LLM tokens, API calls
$0.01–$0.30
Ethereum L2s
Images, search queries
≥ $0.30
Cardano ← you are here
AI tasks, compute, storage

Start accepting Cardano payments.

Clone the repo, configure Blockfrost, start the server. Follow the testnet guide for an end-to-end payment in under 10 minutes.

View on GitHub Testnet guide →