Skip to main content
The x402 Verifier answers one question about any x402 payment: is this specific payment what your policy authorizes? Paste the payment terms (or let your agent submit them), and the harness judges them against your mandate while gathering its own evidence about the vendor. You get an ALLOW / BLOCK / ESCALATE verdict with reasoning and a signed, independently verifiable proof. One credit per run. The order matters: x402 settlement is an irreversible push payment, so the only safe sequence is receive terms → verify → sign on ALLOW. Chance never holds keys, never signs, never settles. It is the gate between the quote and the signature.
No code required to try it: the dashboard’s x402 Verifier tab ships six built-in payloads (one legitimate vendor and five attacks) and runs the same engine with a live verdict.

The six checks

Every run inspects the payment along six fixed categories. The judge’s verdict weighs all of them against your policy.

Vendor reputation, from the Coinbase Bazaar

The x402 Bazaar is Coinbase’s public index of x402 services that have actually settled payments through the CDP facilitator. For every payment, the verifier looks the recipient up and reads:
  • whether the payTo matches a listed service for the resource’s host,
  • its unique payers and paid-call count over the last 30 days,
  • when it last settled a payment.
This is settled usage, not self-reported marketing, which makes it expensive to fake. An unlisted address is treated as a caution signal rather than proof of fraud: trivial amounts to unlisted vendors can still pass, while significant ones escalate or block under the default policy.

The attack catalog

The dashboard ships these as one-click examples. Each demonstrates a real pattern the checks exist to catch; the default policy names every one of the five as grounds to block or escalate.

Integrate it in your agent

The same engine runs behind POST /api/v1/intent with venue: "x402". Probe the paid endpoint, verify the decoded terms, and only let your x402 client sign on ALLOW:
The response carries the verdict, the judge’s reasoning, and the proof receipt (transcript root, judge signature, onchain anchor) that anyone you share the run artifact with can recompute. The x402 venue page documents every recognized payload shape plus a runnable curl against live terms; agents in Claude or ChatGPT get the same check through the connector as verify_intent with venue: "x402".

Why verify agent payments?

The case for a verification layer in the agentic economy.

x402 venue reference

Recognized payloads, live curl example, and how the harness knows x402.