Abstract
This specification defines a smart-account extension to the x402 protocol that enables programmable payment settlement using ERC-4337 smart accounts and session keys. While standard x402 settles payments via EIP-3009 ERC-20 token transfers, this extension allows settlement through arbitrary smart contract interactions—enabling subscription plans, credit-based metering, time-based access, and other programmable payment models. The extension is designed to be fully compatible with existing x402 clients and servers, requiring only the addition of thenvm:erc4337 extension payload.
1. Introduction
1.1 Background
The x402 protocol standardizes HTTP-native payments where:- A client requests a protected resource
- The server responds with HTTP 402 and payment requirements
- The client builds and signs a payment authorization
- The client retries the request with the payment payload
- A facilitator verifies and settles the payment
1.2 Motivation
Many real-world payment scenarios require more than direct token transfers:- Subscription plans — pay once, access many times
- Credit packages — purchase credits in bulk, consume over time
- Time-based access — pay for access windows (hourly, daily, monthly)
- Tiered pricing — different rates based on usage volume
- Spending limits — caps on how much can be spent per period
1.3 Design Goals
This extension:- MUST be compatible with the existing x402 HTTP handshake
- MUST use the standard x402 payload structure with an extension field
- SHOULD be generic enough to support any smart contract interaction
- SHOULD leverage established standards (ERC-4337, EIP-712)
- MUST allow facilitators to verify and execute operations on behalf of clients
2. Terminology
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.2.1 Roles
2.2 Definitions
3. Extension Structure
3.1 Scheme Identifier
The scheme identifier is:nvm:erc4337
3.2 Payload Schema
PaymentRequired Response (402)
When a server requires payment, it returns:PaymentPayload (Client Response)
The client responds with a PaymentPayload containing the selected scheme and authorization:3.3 Field Definitions
PaymentRequired Root Fields
Resource Fields
Scheme Fields (in accepts[] / accepted)
Extra Fields
PaymentPayload Fields
Payload Fields (Authorization)
Authorization Fields
Session Key Object
Each session key object MUST contain anid field and either data OR hash:
When
data is provided, the facilitator can reconstruct and verify the session key directly. When only hash is provided, the facilitator MUST have a mechanism to retrieve the session key from off-chain storage using the hash.3.4 Session Key Operations
The extension defines standard operation identifiers:
Implementations MAY define additional operation identifiers for custom use cases.
4. Protocol Flow
4.1 Overview
The protocol flow maintains compatibility with standard x402 while extending the verification and settlement phases:4.2 Step-by-Step Flow
The following steps detail the complete payment and execution flow. Steps are grouped into three phases: Initial Request, Verification, and Settlement.Phase 1: Initial Request (Steps 1-5)
Step 1. Client initiates an HTTP request to a Server (AI Agent).PAYMENT-SIGNATURE header.
Step 3. If payment is absent, Server responds with HTTP 402 Payment Required status and the PaymentRequired object in the PAYMENT-REQUIRED header (base64-encoded).
- Selects one of the
acceptsschemes returned by the server response - Creates a PaymentPayload with the selected scheme in
accepted - Creates and signs locally a
UserOperationrepresenting the Payment Intent (using ERC-4337 and EIP-712)
UserOperations in the PAYMENT-SIGNATURE HTTP header.
Phase 2: Verification (Steps 6-20)
Step 6. Server validates the incoming data and forwards the payment data to the facilitator to verify the Client request.planId, subscriberAddress (from payload.authorization.from), and agentId from the token.
Step 7. Facilitator checks the request and confirms if it includes “redeem” permissions.
Step 8. IF the request DOES NOT include “redeem” permissions:
- Facilitator rejects the request and returns an error to the server
- Server returns to the client a
HTTP 402response withPAYMENT-REQUIREDheader
- Facilitator rejects the request and returns an error to the server
- Server returns to the client a
HTTP 402 PAYMENT-FAILEDresponse
- If the verification was INVALID, the Server returns to the client a
HTTP 402 PAYMENT-FAILEDresponse - If the verification was correct, the Server continues with the request execution
The verification phase ensures that the payment CAN be settled before the server performs any work. This protects the server from executing expensive operations without guaranteed payment.
Phase 3: Settlement (Steps 21-32)
Step 21. The Server executes the task to fulfill the client request (AI Task or any necessary work). Step 22. The Server calls the/settle endpoint of the Facilitator to settle the request.
maxAmount specifies the actual credits to redeem (can be less than or equal to the verified amount).
Step 23. Facilitator queries the blockchain to check the Client balance.
Step 24. Blockchain returns the Client balance to the Facilitator.
Step 25. IF the Client does NOT have enough balance, the Facilitator executes the “order” UserOperation on behalf of the Client.
Step 26. Blockchain returns the “order” transaction to the Facilitator.
Step 27. Facilitator executes the “redeem” UserOperation on behalf of the Client.
Step 28. Blockchain returns the execution result to the Facilitator.
Step 29. IF the “redeem” OR “order” UserOperations execution FAILED, the Facilitator rejects the request and returns an error to the server.
Step 30. The Server returns to the client a HTTP 402 PAYMENT-FAILED response.
Step 31. IF the “redeem” UserOperation executed successfully, the Facilitator confirms to the server that the request is verified (including the payment tx / order tx).
Step 32. Server returns to the client the response with the transaction payment confirmation in the PAYMENT-RESPONSE header (base64-encoded).
PAYMENT-RESPONSE header contains x402-standard settlement fields. Additional Nevermined-specific info (like creditsBurned) can be included in the response body.
4.3 HTTP Header Summary
Per x402 HTTP Transport v2, all payment data is transmitted via HTTP headers using base64 encoding:All three headers use base64 encoding. The response body contains the actual resource data plus optional Nevermined-specific payment info.
5. Verification Requirements
5.1 Payload Validation
The facilitator MUST verify:5.2 Session Key Validation
For each session key, the facilitator MUST verify:5.3 Balance and Permission Checks
The facilitator MUST verify:6. Settlement Requirements
6.1 Execution Order
When executing settlement, the facilitator MUST:- Check client balance
- If balance insufficient, execute
orderUserOperation first - Wait for
ordertransaction confirmation - Execute
redeemUserOperation - Return transaction receipts
6.2 Atomicity
6.3 Receipt Format
The facilitator MUST return a receipt. ThePAYMENT-RESPONSE header contains x402-standard fields:
Additional settlement details MAY be included in the response body:
7. Error Handling
7.1 Error Codes
7.2 Error Response Format
8. Security Considerations
8.1 Signature Security
- The EIP-712 signature MUST be verified against the client’s smart account address
- Replay protection SHOULD be implemented using nonces or timestamps
- The facilitator MUST NOT execute UserOperations with invalid signatures
8.2 Session Key Security
- Session keys SHOULD have limited validity periods
- Session keys SHOULD be scoped to specific contracts and methods
- Session keys SHOULD include spending limits where applicable
- Session keys MUST be revocable by the smart account owner
8.3 Facilitator Trust Model
Clients delegate execution authority to the facilitator. This trust model assumes:- The facilitator will only execute operations after successful verification
- The facilitator will only execute operations after the server completes its work
- The facilitator acts as an honest intermediary
8.4 Network Considerations
- All network identifiers MUST be validated against a known allowlist
- Cross-network attacks MUST be prevented by including the network in signed data
9. Implementation Notes
9.1 ERC-4337 Compatibility
This extension is designed to work with any ERC-4337 compliant smart account implementation. Theprovider field in the authorization object indicates which session key format is used.
9.2 Session Key Providers
Common session key providers and their formats:
Implementations SHOULD document which providers they support.