Skip to main content

Abstract

This specification defines a delegation extension to the x402 protocol that enables payment settlement through on-chain credit burns with delegated spending permissions. The delegation model is shared between crypto and fiat payment providers:
  • Crypto delegations (provider: 'erc4337'): Use ERC-4337 smart accounts and session keys for on-chain settlement, with crypto-funded ordering when the subscriber’s balance is insufficient.
  • Fiat delegations (provider: 'stripe' | 'braintree' | 'visa'): Use the configured Payment Service Provider (Stripe PaymentIntents, Braintree transaction.sale, or — for Visa Agentic Tokens — Stripe Connect against the seller’s connected account) backed by pre-authorized card delegations for automatic card-funded credit top-ups when the subscriber’s balance is insufficient.
All providers use the same DelegationConfig interface with spendingLimitCents and durationSecs to control delegation scope. The PSP is selected per plan via the seller’s fiatPaymentProvider metadata. Visa adds a per-delegation device-binding step (consumerPrompt + assuranceData) imposed by the Visa Trusted Agent Protocol. The fiat scheme identifier is: nvm:card-delegation The extension is designed to be fully compatible with existing x402 clients and servers, requiring only the addition of the delegation extension payload.

1. Introduction

1.1 Background

The x402 protocol standardizes HTTP-native payments where:
  1. A client requests a protected resource
  2. The server responds with HTTP 402 and payment requirements
  3. The client builds and signs a payment authorization
  4. The client retries the request with the payment payload
  5. A facilitator verifies and settles the payment
Standard x402 implementations use EIP-3009 signatures to authorize ERC-20 token transfers, and the smart accounts extension uses ERC-4337 UserOperations for programmable on-chain settlement. Both approaches require clients to hold cryptocurrency and interact with blockchain infrastructure.

1.2 Motivation

Many real-world payment scenarios involve users and organizations that prefer or require traditional payment methods:
  • Enterprise adoption --- organizations with existing credit card infrastructure should not need crypto wallets to consume AI services
  • Regulatory compliance --- some jurisdictions require fiat-denominated billing and traditional payment rails
  • User experience --- end users are familiar with credit card payments and may not want to manage blockchain wallets
  • Budgetary controls --- organizations need spending limits, approval workflows, and reconciliation against traditional accounting systems
  • Instant onboarding --- new users can start consuming services immediately with an existing payment card, without acquiring tokens
This extension enables these use cases by funding on-chain credit purchases through a Payment Service Provider (PSP) — currently Stripe or Braintree — authorized through pre-established delegations managed by the facilitator. Settlement itself uses the same on-chain credit burn mechanism as the smart accounts extension. The delegation model (DelegationConfig) is shared across all providers, giving the SDK and middleware a single interface for creating and managing payment permissions regardless of which PSP settles the charge.

1.3 Design Goals

This extension:
  • MUST be compatible with the existing x402 HTTP handshake
  • MUST use the standard x402 payload structure with an extension field
  • MUST support spending limits and transaction caps per delegation
  • SHOULD leverage the PSP’s off-session payment capabilities for seamless settlement
  • SHOULD support multi-party settlement so funds reach merchant-owned accounts (Stripe Connect, Braintree OAuth Connect)
  • MUST ensure PCI compliance by never exposing raw card data to the facilitator or server
  • MUST allow facilitators to verify and settle payments on behalf of clients

2. Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.

2.1 Roles

2.2 Definitions

3. Extension Structure

3.1 Scheme Identifier

The scheme identifier is: nvm:card-delegation

3.2 Payload Schema

PaymentRequired Response (402)

When a server requires payment via card delegation, it returns:

PaymentPayload (Client Response)

The client responds with a PaymentPayload containing a JWT token that encodes the delegation authorization:

3.3 Field Definitions

PaymentRequired Root Fields

Resource Fields

Scheme Fields (in accepts[] / accepted)

Extra Fields

PaymentPayload Fields

Payload Fields

JWT Claims

The token field contains a signed JWT with the following claims:
The nvm claims are namespaced under a single nvm object within the JWT payload to avoid collisions with standard JWT claims. The jti and nvm.delegationId MUST contain the same value for consistency.

3.4 Visa Extensions

For provider: 'visa' delegations, the Visa Trusted Agent Protocol imposes two additional inputs on the create-delegation request (NOT carried in the resulting JWT): The facilitator MUST reject provider: 'visa' requests that are missing either consumerPrompt or assuranceData with BCK.VISA.0014 (HTTP 400). The facilitator MUST also reject Visa delegations whose plan seller has not completed Stripe Connect onboarding with BCK.VISA.0016, because Visa settlements route through Stripe Connect.
assuranceData is cryptographically single-use and bound to the spending limit, duration, and merchant context shown to the cardholder. Replaying or recombining it across delegations produces an upstream Visa rejection (surfaced as BCK.VISA.0003). The Nevermined SDK therefore cannot create Visa delegations programmatically — both inputs require the in-browser ceremony, which has no headless equivalent.

4. Protocol Flow

4.1 Overview

The protocol flow extends standard x402 with a card enrollment phase and replaces on-chain settlement with an external Payment Service Provider (PSP). Stripe, Braintree, and Visa (Trusted Agent Protocol) are all supported; the active PSP is selected per plan via the seller’s fiatPaymentProvider metadata, and the design allows for additional providers to be added in the future. Visa adds a per-delegation device-binding step ahead of Phase 1, embedded in the cardholder’s browser via Visa VTS.

4.2 Step-by-Step Flow

The following steps detail the complete payment and execution flow. Steps are grouped into four phases: Card Enrollment, Delegation Creation, Verification, and Settlement.

Phase 0: Card Enrollment (Steps 1-10)

Card enrollment is a one-time process that securely saves a client’s payment method for future use. Step 1. Client requests a SetupIntent from the facilitator.
Step 2. Facilitator creates a SetupIntent and returns the client_secret to the client. Step 3. Client submits card details through a VGS (Very Good Security) proxy. The VGS proxy tokenizes the card data before it reaches any Nevermined infrastructure, ensuring PCI compliance. Step 4. VGS forwards the tokenized card data to the PSP to confirm the SetupIntent. Step 5. PSP confirms the SetupIntent and attaches the PaymentMethod. Step 6. Client notifies the facilitator that enrollment is complete.
Step 7. Facilitator retrieves the confirmed PaymentMethod from the PSP and stores the customer-to-payment-method mapping. Step 8. Facilitator confirms enrollment to the client.
Card enrollment only needs to happen once per payment method. A single enrolled card can back multiple delegations with different spending limits and expiry times.

Phase 1: Delegation Creation (Steps 9-12)

Step 9. Client creates a delegation using the createDelegation API, specifying the provider (required: 'stripe', 'braintree', 'visa', or 'erc4337'), spending limits, and optional constraints. The DelegationConfig interface is shared across all providers. For Visa, the request MUST additionally include consumerPrompt, assuranceData, and planId (see Section 3.4); both extras are produced by the in-browser Visa VTS device-binding ceremony immediately before this request. The supported flow is create-first: create the delegation with createDelegation, then request the access token by passing only its delegationId (shown below). Inline create-on-the-fly (passing creation fields in delegationConfig to getX402AccessToken instead of a delegationId) is deprecated and emits a runtime deprecation warning; it remains reachable for backward compatibility but should not be used in new integrations. provider and currency are required on createDelegation (no silent default); a delegation is plan-agnostic unless planId is supplied (Visa always requires planId). Using the createDelegation API directly:
For Braintree-priced plans, the same payload uses provider: "braintree", the paymentMethodToken returned at enrollment as providerPaymentMethodId, and the seller’s per-currency Braintree merchantAccountId:
For Visa Trusted Agent Protocol plans, the same payload uses provider: "visa", the Visa Agentic Token (vat_…) as providerPaymentMethodId, a mandatory planId, and the two device-binding extras produced by the browser ceremony:
Requesting the token by delegationId (the supported create-first form):
For provider: 'visa', only the delegationId form is reachable from non-browser callers — the inline delegationConfig shortcut would need the browser-only device-binding inputs. Step 10. Facilitator validates the client’s enrolled payment method and creates a delegation record with status Active. For provider: 'visa', the facilitator additionally calls VGS POST /intents with the forwarded consumerPrompt + assuranceData to provision the upstream Visa mandate, persisting the returned intent id on the delegation as vgsIntentId. If VGS rejects the intent, the delegation is not created and the caller receives BCK.VISA.0003. Step 11. Facilitator signs a JWT token containing the delegation claims (see Section 3.3) and wraps it in a standard x402 PaymentPayload structure. The resource and accepted fields echo back the values from the client’s request:
Step 12. Facilitator base64-encodes the PaymentPayload and returns it to the client. This token is what the client will include in the PAYMENT-SIGNATURE header when accessing protected resources.

Phase 2: Verification (Steps 13-22)

Step 13. Client initiates an HTTP request to a Server (AI Agent).
Step 14. Server validates whether the request contains a valid payment in the PAYMENT-SIGNATURE header. Step 15. If payment is absent, Server responds with HTTP 402 Payment Required status and the PaymentRequired object in the PAYMENT-REQUIRED header (base64-encoded).
Step 16. The Client selects the nvm:card-delegation scheme from accepts[] and uses the base64-encoded PaymentPayload (received in Step 12) as the x402 access token. Step 17. Client sends an HTTP request to the server including the base64-encoded PaymentPayload in the PAYMENT-SIGNATURE HTTP header.
Step 18. Server validates the incoming data and forwards the payment data to the facilitator for verification.
Step 19. Facilitator base64-decodes the PaymentPayload, extracts the JWT from the payload.token field, and performs the following verification checks:
  1. JWT signature verification --- validates the JWT was signed by the facilitator’s private key
  2. Delegation status check --- confirms the delegation record exists and has status Active
  3. Expiry check --- confirms exp claim is in the future
  4. Credit balance check --- if planId is present, checks the subscriber’s on-chain credit balance
  5. Session key validation --- if authorization is present, validates the burn session key exists and is active
Step 20. IF any verification check fails, the facilitator returns an error to the server. Step 21. IF all verification checks pass, the facilitator confirms verification to the server. Step 22. The Server, after obtaining the verification result from the Facilitator (and BEFORE executing any task), checks the verification result:
  • If the verification was INVALID, the Server returns to the client a HTTP 402 PAYMENT-FAILED response
  • If the verification was correct, the Server continues with the request execution
The verification phase ensures that the delegation CAN be settled before the server performs any work. This protects the server from executing expensive operations without guaranteed payment.

Phase 3: Settlement (Steps 23-32)

Step 23. The Server executes the task to fulfill the client request (AI Task or any necessary work). Step 24. The Server calls the /settle endpoint of the Facilitator to settle the request.
The maxAmount specifies the number of credits to burn for this request (not cents). Step 25. Facilitator resolves the subscriber’s blockchain address and loads the plan from the on-chain registry. Step 26. Facilitator checks the subscriber’s on-chain credit balance for the plan. Step 27. IF balance is insufficient for the requested maxAmount:
  • Calculate plan price in cents from plan.price.amounts
  • Atomically increment the delegation’s spend counter (card charge ceiling)
  • Create an off-session PSP PaymentIntent to charge the card for the plan price
  • On PSP failure: roll back spend counter, return settlement failure
  • On PSP success: mint credits to the subscriber’s blockchain address
  • Wait for the credit balance to update on-chain
Step 28. Facilitator burns the requested credits on-chain using the burn session key from the token’s authorization.sessionKeys. Step 29. IF the credit burn fails, the facilitator returns a settlement failure. Step 30. Facilitator returns the settlement receipt to the server. Step 31. Server returns to the client the response with the payment confirmation in the PAYMENT-RESPONSE header (base64-encoded).
Decoded PAYMENT-RESPONSE:
The PAYMENT-RESPONSE header contains x402-standard settlement fields. The network echoes the value used at verification (stripe or braintree). For Braintree, orderTx is the Braintree merchant transaction ID. Additional Nevermined-specific info (like creditsRedeemed and remainingBalance) can be included in the response body.
Steps 27-28 represent a failure scenario where the server has already performed work but settlement failed. Implementations SHOULD have mechanisms to handle this edge case, such as retry logic or dispute resolution.

4.3 HTTP Header Summary

Per x402 HTTP Transport v2, payment data is transmitted via HTTP headers:

5. Verification Requirements

5.1 JWT Verification

The facilitator MUST verify the following aspects of the JWT token:

5.2 Delegation Status Verification

The facilitator MUST verify:

5.3 Balance and Permission Checks

The facilitator MUST verify:
Unlike the previous cents-based budget check, verification always returns valid for active delegations. The settle step handles insufficient credits by auto-ordering via card charge. The delegation’s spending limit serves as a ceiling on total card charges, not a per-request budget.

6. Settlement Requirements

6.1 Execution Order

When executing settlement, the facilitator MUST:
  1. Decode the x402 token and verify the delegation JWT
  2. Resolve the subscriber’s blockchain address from their userId
  3. Load the plan from the on-chain asset registry
  4. Check the subscriber’s on-chain credit balance
  5. If balance is insufficient for maxAmount: a. Calculate plan price: sum(plan.price.amounts) (in cents) b. Atomically increment delegation spend counter c. Create off-session PSP PaymentIntent for the plan price d. On PSP failure: roll back spend counter, return error e. Mint credits to subscriber using the node account f. Wait for balance update on-chain
  6. Burn credits on-chain using the burn session key
  7. Return settlement receipt with creditsRedeemed and remainingBalance

6.2 Atomicity

The spend counter MUST be incremented atomically BEFORE the PSP PaymentIntent is created. If the PSP charge fails, the spend counter MUST be rolled back. This prevents race conditions where concurrent requests could exceed spending limits.

6.3 Delegation Lifecycle

Delegations transition through the following states: The facilitator MUST update the delegation status to Exhausted when:
  • spentCents >= nvm.spendingLimitCents
  • Transaction count reaches nvm.maxTransactions (if set)

6.4 PSP Connect Routing

When nvm.merchantAccountId is present, the facilitator MUST route funds to the merchant’s connected account on the PSP that backs the plan:
  • Stripe: route via Stripe Connect using the transfer_data.destination parameter on the PaymentIntent. The facilitator MAY apply platform fees via application_fee_amount.
  • Braintree: settlement is split across two transaction.sale calls. The facilitator first charges the platform fee on the platform’s gateway against the platform’s per-currency merchantAccountId, then charges the merchant share on the merchant’s OAuth-connected gateway against nvm.merchantAccountId. If the merchant leg fails, the platform leg MUST be voided to avoid collecting a fee for a payment that never reached the merchant.
  • Visa: the facilitator calls VGS enroll-cryptogram against the delegation’s vgsIntentId to mint a single-use Visa cryptogram, then submits the cryptogram to Stripe Connect (transfer_data.destination set to the seller’s Stripe Connect account) as the PaymentMethod. The facilitator MAY apply platform fees via application_fee_amount. Each settlement consumes one cryptogram — they are not reusable, even within the same delegation’s spending limit.
In all cases the facilitator MUST select a merchantAccountId whose currency matches nvm.currency. For Braintree this is enforced both at plan creation (sellers must have a child merchant account in the chosen currency) and at settlement time; a mismatch fails the charge with CURRENCY_MISMATCH. For Visa, the seller’s Stripe Connect account is resolved from the plan’s owner profile — if Connect onboarding is incomplete, delegation creation fails with BCK.VISA.0016 before settlement is ever attempted.

6.5 Receipt Format

The facilitator MUST return a receipt. The PAYMENT-RESPONSE header contains x402-standard fields: Additional settlement details MAY be included in the response body:

7. Error Handling

7.1 Error Codes

Errors come from two distinct response paths. Scheme-level codes are returned in the facilitator’s verify / settle JSON body and can apply to any provider. Nevermined API codes appear in the code field of a structured NVMException response from POST /api/v1/delegation/create or POST /api/v1/delegation/enroll-visa — never on the x402 verify/settle path.

Scheme-level (verify / settle)

Nevermined API — Visa-specific

Returned by POST /api/v1/delegation/create (with provider: 'visa') and POST /api/v1/delegation/enroll-visa. See API error codes for the full catalogue.

7.2 Error Response Format

8. Security Considerations

8.1 JWT Security

  • JWT tokens MUST be signed using asymmetric cryptography (RS256 or ES256)
  • The facilitator’s signing private key MUST be stored in a secure key management system
  • JWT tokens SHOULD have limited validity periods (RECOMMENDED: 30 days maximum)
  • Replay protection is inherent through the atomic spend counter and transaction tracking

8.2 Spending Limits

  • Every delegation MUST have a finite spending limit (nvm.spendingLimitCents)
  • Spend counters MUST be incremented atomically to prevent race conditions
  • The facilitator MUST reject requests that would exceed the spending limit, even by a single cent

8.3 Atomic Operations

  • The spend counter increment and PSP PaymentIntent creation MUST be treated as a logical unit
  • If the PSP charge fails after the counter is incremented, the counter MUST be rolled back
  • Concurrent settlement requests for the same delegation MUST be serialized or use optimistic concurrency control

8.4 PCI Compliance

  • Raw card numbers (PAN), CVV, and expiry dates MUST NEVER be transmitted to or stored by the facilitator
  • Card enrollment MUST use a PCI-compliant proxy (VGS) that tokenizes card data before it reaches Nevermined infrastructure
  • Only PSP-issued tokens (Customer IDs, PaymentMethod IDs) are stored by the facilitator
  • The facilitator MUST maintain PCI DSS compliance for the handling of any cardholder data references

8.5 Delegation Revocation

  • Clients MUST be able to revoke delegations at any time
  • Revoked delegations MUST immediately fail verification
  • In-flight settlements at the time of revocation MAY complete if the PSP PaymentIntent has already been confirmed

8.6 Session Key Security

  • Burn session keys MUST be scoped to specific plan IDs and subscriber addresses
  • Session keys MUST have expiration times aligned with the delegation expiry
  • Session keys MUST be stored securely in the facilitator’s database
  • The facilitator MUST validate that the session key referenced in the token matches an active permission record
  • Session key policies MUST limit the maximum burn amount per operation

9. Implementation Notes

9.1 Stripe Integration

For Stripe-backed plans, this extension uses: Implementations MUST use Stripe API version 2023-10-16 or later.

9.2 Braintree Integration

For Braintree-backed plans, this extension uses: Sellers MUST have at least one child merchant account in the plan’s currency on their Braintree account; the facilitator discovers the available currencies at OAuth time via merchantAccount.all() and persists the resulting currency → merchantAccountId map on the seller’s profile. Plan creation in a currency the seller does not support is rejected up-front.

9.3 Visa Trusted Agent Protocol Integration

For Visa-backed plans, this extension uses: Card enrolment and delegation creation for Visa are both browser-only because the FIDO/passkey ceremony has no headless equivalent. The SDK can list and consume an existing Visa delegation (by delegationId) but cannot create one.

9.4 PCI-Compliant Card Capture

Card enrollment flows MUST tokenize card data in the browser before any data reaches Nevermined infrastructure:
  • Stripe path: card details are collected in a VGS (Very Good Security) Collect iframe and tokenized by VGS before being forwarded to Stripe. The facilitator only ever sees Stripe-issued tokens (SetupIntent IDs, PaymentMethod IDs).
  • Braintree path: card details are collected by the Braintree Drop-in or hosted fields, which post directly to Braintree and return a single-use payment-method nonce. The facilitator exchanges the nonce for a permanent paymentMethodToken via the server-side Braintree SDK; raw card data never reaches Nevermined infrastructure.
  • Visa path: card details are collected in a VGS Collect iframe whose form.createCard() posts the tokenized card directly to CMP via VGS-internal routing. The browser receives a CMP cardId; the facilitator then enrolls that card as an Agentic Token. No PAN reaches Nevermined infrastructure on the enrolment path.
All three paths satisfy the requirement that raw card numbers, CVVs, and expiry dates never transit the facilitator.

9.5 Connect / OAuth for Merchant Routing

When merchants (server operators) have a connected PSP account, the facilitator routes settlement funds to that account:
  • Stripe: merchants complete Stripe Connect onboarding. Direct charges use transfer_data.destination; the facilitator MAY deduct a platform fee using application_fee_amount. The nvm.merchantAccountId in the JWT identifies the destination account.
  • Braintree: merchants complete OAuth Connect (Braintree Auth) authorization, granting the platform scoped access to their gateway. The facilitator builds a merchant-scoped BraintreeGateway per request and charges the merchant share on the merchant’s connected account, using a child merchantAccountId whose currency matches the plan. The platform fee is charged separately on the platform’s own gateway against a platform-side per-currency merchantAccountId.

9.6 Idempotency

Implementations SHOULD pass an idempotency key when creating Stripe PaymentIntents (idempotency_key) or Braintree transactions (transaction-level idempotency) to prevent duplicate charges in case of network failures or retries. The idempotency key SHOULD be derived from the delegation ID and a request-specific nonce.

10. References