See all insights

x402: How AI agents buy gift cards autonomously

x402: How AI agents buy gift cards autonomously
Darwin Delrosario
Enlightenments(Updated
8 Min read
x402 lets AI agents pay for gift cards, top-ups, and eSIMs using USDC on Base with no account or API key. Here's how the protocol works in 2026.
x402: How AI agents buy gift cards autonomously

x402 is how AI agents pay for things on the internet


The HTTP protocol has had a status code for payment since 1998. Code 402, "Payment Required," was reserved for future use and left dormant for over two decades because there was no standard way to act on it. In May 2025, Coinbase activated it.

x402 is a payment protocol built directly into HTTP. When an AI agent requests a resource behind a paywall, the server replies with a 402 response containing the price and a stablecoin address. The agent signs a USDC transfer, retries the request with proof of payment attached, and receives the resource. The entire exchange is a single HTTP round trip. There is no account registration, no OAuth flow, no API key issuance, no subscription billing, and no human in the loop.

That last detail is the one that matters. Most AI agents today are capable of doing complex, multi-step work autonomously. The point where autonomy ends is usually payment. The agent encounters a paid service and stops: it cannot enter a credit card number, cannot complete an email verification loop, cannot agree to terms of service on behalf of a user. x402 removes that wall by making payment a programmable HTTP primitive rather than a human-facing checkout flow.
 

How the x402 payment flow works


The mechanics are straightforward. An agent sends a standard HTTP GET or POST to a resource. The server, if that resource requires payment, returns a 402 response with a X-Payment header containing the amount, accepted token, receiving address, and network. The agent constructs and signs a stablecoin transfer authorization without broadcasting it (on Base, this uses EIP-3009 transferWithAuthorization; on Solana, a partially-signed v0 transaction). It attaches the signed authorization to the retry request. The server passes the authorization to a facilitator, which verifies the signature and settles on-chain. The resource is returned.

The facilitator layer is worth noting. On Base, Coinbase operates a public facilitator that handles on-chain relay, meaning the agent itself does not need to hold ETH for gas. The same design applies on Solana: the Coinbase Developer Platform facilitator acts as fee-payer, so the agent needs only USDC SPL, not SOL. Gas abstraction matters for agent wallets because top-ups are a friction point that breaks autonomous workflows.

x402 V2, released in December 2025, added reusable payment sessions, multi-chain routing, and automatic service discovery. Reusable sessions allow an agent to pre-authorize a spending limit for a given provider rather than signing each request individually, which matters for high-frequency workflows where per-request signing overhead becomes a bottleneck.

Networks currently live: Base, Solana, Ethereum mainnet, Arbitrum, Polygon, and Stellar. Base and Solana carry the majority of volume. On Solana alone, the protocol processed over 35 million transactions and more than $10 million in volume in the six months following its mid-2025 launch.
 

What x402 means for buying gift cards with an AI agent


Gift cards are a natural fit for x402 commerce. The transaction is discrete, the price is known at quote time, delivery is digital and immediate, and there is no physical logistics layer. An agent that can autonomously buy a gift card can fund a streaming subscription, top up a phone, provision a travel eSIM, or transfer value across borders, all without a human touching the checkout. Gift card APIs for fintech and rewards platforms covers how this infrastructure layer is used by developers building on top of Cryptorefills.

Cryptorefills integrated x402 in May 2026, making it among the first e-commerce platforms to deploy the protocol at production checkout. An agent with a funded Base wallet can now call the Cryptorefills endpoint, receive a 402 response with the USDC price and receiving address, sign a transferWithAuthorization, and complete the purchase in one HTTP round trip. No account. The gift card code is delivered to the address provided in the request.

The x402 integration is the second agent payment rail on the platform. The first was the MCP server released in October 2025, which supports the full purchase lifecycle: catalog search, price retrieval, order validation, payment across all supported coins (Bitcoin, Lightning, ETH, USDC, USDT, SOL, and others), and delivery tracking. MCP handles the guided, tool-assisted flow that works well when an agent has a conversational interface. x402 handles the autonomous, no-handshake flow where an agent executes a purchase as a subroutine inside a larger workflow, with no interface at all. For a step-by-step walkthrough of the x402 flow in practice, see how AI agents buy gift cards using Pay.sh and Solana x402.

The two rails serve different contexts and are not substitutes for each other. An agent helping a user pick and buy a specific gift card interactively is a good fit for MCP. An agent autonomously restocking a prepaid balance, or buying an eSIM as part of a travel planning workflow, is a better fit for x402. In the latter case, a human may have authorized the spending policy in advance but is not present at execution.

For developers building on top of Cryptorefills' agent infrastructure, the open-source repository at github.com/Cryptorefills/agents includes the cryptorefills-x402 skill with runnable examples that connect to the live endpoint. The documentation is released under CC0; example code is Apache 2.0. The Cryptorefills API integration guide covers authentication, endpoints, and order lifecycle for developers building broader integrations.
 

Frequently asked questions

What is x402 and why does it use that name?

x402 is an open payment protocol for AI agents and software, built on top of the HTTP 402 status code. HTTP 402, labeled "Payment Required," was included in the original HTTP specification in 1998 and reserved for future use but never formally activated. Coinbase's protocol uses the code as its mechanism: a server returns a 402 response containing payment instructions, the client pays, and the server delivers the resource. The name is a direct reference to that status code.
 

Which blockchains and stablecoins does x402 support?

As of mid-2026, x402 is live on Base, Solana, Ethereum mainnet, Arbitrum, Polygon, and Stellar. USDC is the primary settlement currency across all chains. The protocol is chain-agnostic; additional networks can be added by deploying a compatible facilitator. Base and Solana are the most active networks, both supported by free public facilitators from Coinbase.


How does an AI agent pay with x402 without holding gas tokens?

On both Base and Solana, the Coinbase Developer Platform operates a facilitator that acts as the gas relay and fee-payer respectively. On Base, the agent signs a USDC transferWithAuthorization using the EIP-3009 standard without broadcasting it. The facilitator receives the signed authorization, broadcasts the transfer on-chain, and handles the gas cost. On Solana, the facilitator is the fee-payer on a partially-signed v0 transaction. In both cases, the agent only needs USDC in its wallet.
 

Can I use x402 to buy gift cards on Cryptorefills without a Cryptorefills account?

Yes. The Cryptorefills x402 integration requires only a funded Base wallet holding USDC. An agent calls the Cryptorefills endpoint, receives the 402 response with price and receiving address, signs the transfer, and retries. The purchase completes in one HTTP round trip with no account registration, no OAuth, and no API key. Gift card delivery goes to the email address or identifier provided in the request parameters.
 

What is the difference between the Cryptorefills MCP server and x402?

The MCP server supports the full interactive purchase lifecycle: catalog search across 6,600+ brands, price quotes, order validation, payment across 15+ cryptocurrencies (Bitcoin, Lightning, ETH, USDC, USDT, SOL, and others), and delivery tracking. It is designed for agents with a conversational or tool-assisted interface. x402 is designed for fully autonomous execution with no interface: the agent calls an endpoint, pays, receives the product. MCP handles guided workflows; x402 handles unattended ones. Both are available and run in parallel on the platform.
 

What is a "facilitator" in the x402 protocol?

A facilitator is optional middleware that handles the on-chain portion of an x402 payment: verifying the signed payment authorization, broadcasting the stablecoin transfer, confirming finality, and relaying that confirmation to the merchant server. Facilitators abstract away direct blockchain interaction so agents and servers do not need to run their own nodes or manage gas. Coinbase operates public facilitators for Base and Solana at no charge. Merchants can also verify payments directly if they prefer to run their own on-chain infrastructure.
 

Is x402 limited to crypto-native applications?

The protocol itself is chain-settled, so a wallet holding USDC is a prerequisite. However, the companies building on x402 span well beyond crypto-native platforms: AWS, Google, Visa, Stripe, and Cloudflare all have active integrations or foundation membership. Galaxy Research's January 2026 analysis categorized x402 as positioning blockchains as background infrastructure for mainstream applications. The relevant question for any specific use case is whether the agent or system initiating the payment can hold a stablecoin balance, which is increasingly a standard capability in production agent frameworks.