ApiToll

For AI agents.

How agent-to-agent commerce actually works, how to wire it into your agent in an afternoon, and why this is different from every API you have integrated before.

The problem

Human auth doesn't fit machines.

Every API you've integrated was designed for a human engineer to provision. Sign up. Confirm email. Generate a key. Put it in a secret store. Rotate before expiry. Call sales for higher limits. Receive an invoice. Reconcile against logs. None of this makes sense for a software agent making decisions in real time.

Agents need APIs that behave like vending machines. Insert coin, get product. That's what ApiToll is.

The protocol

What x402 is.

HTTP 402 Payment Required has been reserved since the HTTP/1.1 spec in 1997. For 27 years nobody used it because there was no standard way to pay. The x402 protocol, released by Coinbase in 2025, fills that gap.

A server returns 402 with a machine-readable quote. The client signs an EIP-3009 authorization (a one-line stablecoin transfer signature, gasless for the client). The client retries with the signature in an X-PAYMENT header. The server verifies, settles on-chain through a facilitator, and returns the data with a settlement receipt in x-payment-response. All in a single round trip from the application's perspective.

Why it fits

Four properties agents actually need.

  1. Identity is the wallet.

    An agent's wallet address is its identity. No OAuth, no keys, no service accounts. The same wallet that pays here pays any x402 endpoint anywhere.

  2. Consent per call.

    The signature is scoped to this amount, this recipient, this nonce. A compromised signature only leaks one $0.002 call, not the whole account.

  3. Stateless on both sides.

    No session, no token refresh, no cookie. Each call is self-authorizing. Perfect for ephemeral agents.

  4. Protocol-neutral.

    ApiToll is not a platform lock-in. We speak the same protocol as every other x402 provider. Your agent's wallet works anywhere.

End-to-end example

The full lifecycle in curl.

This is what an x402 SDK does for you under the hood. Worth seeing once.

1. Unpaid request (the quote)

$ curl -i https://apitoll.io/v1/bin/431940

HTTP/1.1 402 Payment Required
PAYMENT-REQUIRED: <base64-encoded JSON with:
  - network: eip155:8453 (Base mainnet) or 84532 (Sepolia)
  - asset:   USDC contract address
  - amount:  "2000" (base units = $0.002)
  - payTo:   treasury address
  - nonce, expiry, resource description>
Content-Length: 2

{}

2. Sign the authorization

// EIP-3009 transferWithAuthorization, EIP-712 typed data.
// Gasless for the signer. The facilitator pays gas.
{
  from:         <your agent wallet>,
  to:           <treasury from quote>,
  value:        2000,          // 0.002 USDC
  validAfter:   0,
  validBefore:  <quote.expiry>,
  nonce:        <quote.nonce>,
  signature:    <r,s,v from wallet>,
}

3. Retry with the signature

$ curl -i \
    -H "X-PAYMENT: <base64 of signed payload>" \
    https://apitoll.io/v1/bin/431940

HTTP/1.1 200 OK
x-payment-response: <base64 receipt with on-chain tx hash>

{
  "status": "success",
  "bin":    "431940",
  "data": {
    "scheme":  "VISA",
    "type":   "debit",
    "issuer": { "name": "Bank of Ireland", "country": "IE" }
  }
}

In practice

Use an SDK.

You almost never hand-sign payloads. The main SDKs we've tested:

  • @x402/axios. Node. Wraps an axios instance; retries 402s automatically with payment.
  • @x402/fetch. Node. Same idea, wraps native fetch.
  • x402 Python package. Mature, works with httpx and requests.
  • Coinbase CDP SDK. Managed wallet plus x402 client in one, if you want a hosted wallet.

Quickstart in Node:

import axios from "axios";
import { wrapAxiosWithPayment, x402Client, x402HTTPClient } from "@x402/axios";
import { ExactEvmScheme } from "@x402/evm";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.WALLET_KEY);
const scheme  = new ExactEvmScheme(account);
const http    = new x402HTTPClient(new x402Client().register("eip155:*", scheme));
const api     = wrapAxiosWithPayment(axios.create(), http);

// That's it. Normal axios, with payments handled automatically.
const r = await api.get("https://apitoll.io/v1/bin/431940");
console.log(r.data); // { status: "success", data: {...} }

Funding

Give your agent a wallet.

The only setup step. Three minutes, one time. See the wallet guide for the step-by-step: create a wallet, fund with a few dollars of USDC on Base, point your agent at the private key.

testnet For development, use Base Sepolia and the community faucet. ApiToll currently runs on Sepolia while we stabilize. Mainnet cutover is imminent.

Discovery

How your agent finds our services.

We publish three machine-readable directories, all linked from the root of the domain.

/llms.txt
Human-and-LLM-readable index of every endpoint, with price, network, schema, and example. View ours.
/.well-known/mcp.json
MCP server manifest. If your agent runs on an MCP-compatible host, it can import our tools natively. View ours.
/.well-known/agent.json
A2A (agent-to-agent) agent card. View ours.

Your agent reads whichever is convenient. Each lists the exact endpoint path, the price, the network, and the input and output schema. No human needs to tell the agent any of this.

Coming soon

Claude skill.

We're packaging a one-command Claude skill so any Claude-powered agent can call ApiToll endpoints out of the box. Drop the skill folder into your project, hand your agent a funded wallet, and it will pay for its own BIN lookups (and anything else we publish) without further instruction.

Want early access? [email protected].

Next

What to do now.

  1. Set up a dev wallet and fund it with a few dollars of USDC on Base.
  2. Pick a product from the catalog. Start with BIN Lookup.
  3. Install @x402/axios or equivalent, paste the snippet above, change the URL.
  4. Watch /health tick up when your calls land.

Stuck? [email protected]. We read every message.