Skip to main content
Start here: need to register a service and create a plan first? Follow the 5-minute setup.
Generic patterns for integrating Nevermined payments into any HTTP server or framework.

The x402 Payment Flow

When using x402, the client typically doesn’t start with a token. Instead, the server advertises payment requirements via 402 Payment Required, and the client retries with a payment proof.

Implementation Steps

1. Extract the x402 token from the request

x402 clients send the payment token in the payment-signature header (lowercase, per x402 v2 spec):

2. Return 402 if token is missing

When no token is provided, return HTTP 402 with a base64-encoded payment-required header:

3. Verify permissions with the Facilitator

Before processing the request, verify the subscriber has sufficient credits:

4. Process the request

Execute your business logic after verification passes.

5. Settle (burn credits) after successful response

After the request completes successfully, settle the credits and include the receipt in the response:

x402 Headers Summary

When the scheme parameter is omitted from buildPaymentRequired / build_payment_required, the network is auto-derived from the scheme (eip155:84532 for nvm:erc4337, stripe for nvm:card-delegation). The middleware and helpers call resolveScheme() / resolve_scheme() to detect the correct scheme from plan metadata automatically.

HTTP Response Codes

For Express.js and FastAPI, use the built-in middleware that handles the entire x402 flow automatically:
See Express.js Integration for details.

Best Practices

For high-traffic endpoints, consider caching validation results briefly (5-30 seconds) to reduce API calls.
Set reasonable timeouts for validation calls (5-10 seconds) and have a fallback strategy.
Log all payment validations for debugging and analytics: - Token hash (not full token) - Validation result - Credits consumed - Timestamp
Always include plan information in 402 responses so clients know how to get access.

Security Considerations

  1. Never log full tokens - Hash them if you need to identify requests
  2. Use HTTPS - Tokens should only travel over encrypted connections
  3. Validate on server - Never trust client-side validation
  4. Set token expiration - Accept reasonable token ages

Next Steps

Payment Patterns

Advanced validation patterns

x402 Protocol

Implement standard HTTP 402 flows