jakiro
Preface
This week, the author fully ran through the X402 process from demo to application.
The author has been paying attention to this protocol since Coinbase initially released X402 in May 2024.Subsequently, Coinbase once again launched a complete payment infrastructure and joined forces with a number of leading companies exploring the AI+ payment track, including Google, Visa, Cloudflare, and, as can be seen from the proposal author, the Ethereum Foundation, MetaMask (wallet) and other institutions that are actually involved.Through ERC-3009 (enhanced token standard, used by USDC) and ERC-8004 (on-chain reputation registration market), Coinbase has formed a fairly clear set of AI+ payment segmentation tracks.
It can indeed be said that Coinbase is exploring the payment track this time in a comprehensive, determined and market-oriented manner.
But the world of Web3 never lacks explosive points, let alone imagination.However, many outrageous imaginations always confuse the audience and affect judgment.
Use this to sort out this article and systematically analyze what is noise in the chaotic hype and what shortcomings need to be faced squarely.
What is X402?
First of all, X402 is very simple. It is a set of process specifications for network API interaction.
X402 is named after the 402 status code and is a stateless on-chain payment protocol.By adding the “x-payment” field in the HTTP request header, and using the new role Facilitator (facilitator) to be responsible for verification on the chain, and informing the service provider, the one-time payment task can be completed.
In fact, the HTTP protocol defined 402 as a payment-related status code in the early stages of its development, but it has not been actually enabled for decades.
The specific content of x-payment here can be customized. As long as the service provider believes that its parameters can complete the user’s payment, it will provide subsequent services.
The system itself has a universal structure and can be combined with any payment system.However, since this protocol was released by Coinbase, a US-listed exchange, it is naturally more coupled with the blockchain model.
The theoretical comparison of this set of protocols seems to be full of generation-level advantages.Coinbase conducts comparisons based on the following 4 points: average handling fees, determination time, refund capability, and TPS (number of concurrency).
·numerically, there are obvious advantages in handling fees and confirmation time, which are all derived from the value of the blockchain itself as a payment system.
·From the defect, it means that the refund capability is insufficient – the transaction cannot be easily reversed on the chain, and the TPS of traditional payment platforms such as PayPal is a dynamic value, which is not as difficult to expand as the blockchain.
Details are as follows:
Therefore, when we talk about X402, we must first understand: it is a payment system after all, not an asset issuance platform.The bunch of X402 assets that are currently flying high are just meme logic, which can be used for fun in the short term, but don’t take it seriously in the long term.
How does it work?
Mechanically, X402 adds an additional role Facilitator, called a facilitator, in addition to the traditional client (user, AI Agent, application, party that triggers payment) and server (merchant, seller).It is the hub that helps merchants judge the success of payment. In fact, this role is played by each payment platform itself in traditional finance.
The core point is that the user initiates on-chain payment, and the facilitator is responsible for determining whether the payment is successful.
Coinbase payment combo
ERC-3009 Enhanced Token Standard
Payment itself is a difficult track for C-side transformation and relies on dual-end adaptation, that is, sellers can provide services and buyers are willing to use this payment form.Coinbase’s strategy is to leverage Shopify (one of the world’s largest e-commerce SaaS platforms). Through Shopify’s one-click plug-in and SDK integration, merchants can support global USDC payment capabilities without having to understand complex encryption processes.
Many people wonder, why not USDT, but USDC?The reason is simple: currently the only mainstream stablecoin that supports ERC-3009 is USDC.ERC-3009 is a set of enhanced standards for the ERC-20 token protocol launched in September 2020. In this payment track, it has become a key asset type to achieve a gas-free experience, and the operation process is also very simple.
Gas-free operation process
1.User signed offline message
Users use wallets (such as MetaMask) off-chain to verify aTransferWithAuthorizationType of message signature, specifying recipient, amount, valid time interval and random nonce.
2.Any third party submits a transaction
Any address (usually a merchant, platform or relayer) can carry this signature to call the token contract that supports EIP-3009, triggeringtransferWithAuthorization()orreceiveWithAuthorization(), realizing actual on-chain transfers.
3.The contract verifies the signature and executes the transfer
Contract useEIP-712Signature format verifies message legitimacy, verificationnonceNot used and invalidAfterandvalidBeforewithin the time window and then completefrom -> totoken transfer.
This mechanism is executed by Circle’s official USDC contract on the Ethereum mainnet. The actual test is about77,000 gas.The ordinary Gas overhead is about45,000 ~ 50,000 gas, so there is about a 40% increase in gas consumption.
It can be said that it is one of the most cost-effective among many gas-free solutions.
A typical counterexample is the previous official gas-free transaction of MetaMask. With 2 additional transactions, the cost increased by 3 times.
Compared with ERC-4337’s AA model, there is no cost of early contract deployment for users, and there is no wear and tear of cross-contract calls.The final cost, compared with the gas-free implementation based on the EIP-7702 class, can also be slightly advantageous.
Refundable payment process
After being free of gas, it allows users to hold native coins without paying, but it is still insufficient compared to the refundable logic of traditional payments. After all, the chain has a natural KYC-free model.
Therefore, Coinbase has designed an additional payment intermediate process, as shown below:
The payment process has been transformed and a new hosting module Escrow has been added.
·First, the user authorizes a payment behavior through signature;
·Funds go from the user’s wallet into an escrow smart contract;
· The merchant captures the payment through the operator’s service and finally withdraws the cash;
· If the authorization expires and is not executed, the user can actively cancel the authorization and withdraw the funds.
This mechanism combines the on-chain payment control design of “delayed execution + mandatory authorization + revocability” to bring financial certainty to merchants while ensuring user safety.
Operator is an intermediary service provider in the payment process. Its responsibility is to initiate gas payment and capture the authorized transaction signed by the user. However, it cannot modify the original intention and bind the payment object, amount limit, authorization validity period, etc. through hash signature.
Private key escrow issue
This bottom layer relies on TEE (Trusted Execution Environment) technology, which has become popular in recent years. Almost all exchange platforms have launched their new TEE Wallet.
Coinbase’s TEE Wallet structure is as follows:
This underlying technology is relatively complex. In fact, the core utilizes the feature that the memory in the TEE cannot be read externally, and the code running in the TEE will have a mechanism to verify its code version.Therefore, running deterministic code in an uninterrupted data space brings a new private key custody security model.
The reason why it was so difficult to use users’ local managed private keys before was because it was difficult for the platform to prove its own innocence.Once the private key transaction is on the chain, there is no other basis (such as who is the real initiator) to prove whether the private key hosted by the platform is leaked or the user himself.
However, TEE can rely on the audit verification of open source code, just like on-chain contracts, to prove that it has no backdoor to leak private keys.
Combined with the payment track, Coinbase provides two methods for merchants to integrate:
· Managed access (CDP SDK): Manage assets, generate transactions, etc. through Coinbase’s Commerce account backend. The bottom layer here is TEE Wallet technology.
· Self-hosted Wallet API v2 access:Merchants can build their own account systems, manage keys, connect payment notifications, etc., and are suitable for merchants with mid-to-high-level technical capabilities.
In summary, Coinbase has indeed thought clearly and prepared, and provides one-stop services to buyers and sellers.
How to understand
From its release in May until the end of October, X402 suddenly exploded in popularity. Objectively speaking, it was the dozens of times of price growth of the meme that had not been favored before that attracted market attention.
To specifically assess its market popularity, you can first scan the platform’s statistics:
The picture is: 10.17 → 11.01, the 15 days revolve around related transactions, total transaction amount, number of buyers, and number of sellers.
From the data, it is obvious that it has gone up and fallen back.Faced with the continuous decline in Buyers, many voices believe that this is the construction stage after everyone has had an initial experience in the early stage, and they have to wait for the next wave of outbreaks.
But will it really be so?We need to systematically conceive of its advantages and disadvantages.
Disadvantages
First of all, the X402 system is not complicated, which shows that the card points that promoted the implementation of payment in the past were not technical.
The current explosive point is more about the imagination brought about by future narrative logic (advance blocking of AI + Crypto fusion, the most certain long-term narrative).
The current mainstream currency issuance model in some circles is quite similar to the excitement of the inscription era.After all, after the payment is successfully uploaded to the chain, the user will get a successful response.As for the response, it depends on what the service provider wants to give you, such as sending you a token, sending you charging materials, sending you VIP services, etc.But none of these bells and whistles are the responsibility of the X402.
But this means that the essence of payment has not changed.Although the 402 status code sounds very scary and awesome, it actually doesn’t matter what is returned – it can return a 402, it can return a 200 with a JSON, or it can return anything and a bunch of data.Essentially, it’s just a project encapsulation and a payment process is added.
Secondly, the current hot point, the AI Agent payment experience, is quite beyond Coinbase’s own expectations.Its previous approach was focused on the cross-border e-commerce payment process, but I think this is more correct, including Token2049, which can also use on-chain payments.
The reason why this is a shortcoming is that the actual demand for AI Agent to combine with payment flow has not yet arrived.Because the AI Agent calls an API to obtain data or other content, but with the addition of payment logic, the entire process will become very long.But obviously, the author has also developed MCP, and basically uses Agent to complete daily work. All actual users have to ask themselves, is AI that reliable in long processes?
Therefore, when faced with a scenario where I really need to purchase data, I would rather integrate it into a low-frequency operation and turn it into an extremely simplified process.
Moreover, the payment process of X402 is actually not perfect.We now think why do many cross-border payments take 1-2 days to actually settle?These poor experiences are not without reason. There are many pits at the bottom that eventually formed the upstream form.For example, as a payment-oriented protocol, the rigor of this product as a financial middleware is completely ignored.
As for the user, they have no idea how it handles actual requests after payment caused by network fluctuations, and they don’t see any binding relationship between API requests and transaction records.The current situation is that the payment is made, but the payment situation is only valid in this request, and other contexts disappear completely..
Then return to the payment process of Web2 without using 402 because there are many special situations to deal with.Payment not only has a callback method (jumping to the merchant’s designated page after the payment is completed), but also regular re-requests (if the callback is not executed, it will try to call back again in different time periods such as 3 seconds, 5 seconds, 1 minute, etc. until it succeeds to prevent the loss of the transaction).
Moreover, although the world of Web3 is pursuing efficiency and decentralization, this system naturally has no KYC and no supervision, and it seems to be in line with the concept of decentralization.However, merchants are not looking for decentralization. What they want is nothing more than a more convenient payment experience to make it more convenient for users.But aren’t they afraid of being held accountable by local agencies?
The result is that if you really use X402 to pay, would you dare to use it for large amounts?Do merchants dare to provide it?Do you dare to build private key custody into AI?
Therefore, X402 is more like QR code payment, one-way and simple, but it needs to be matched with other devices to be truly commercially used.This is also the direction that Builders are currently working on.For example, Cloudflare’s solution is to add a delayed payment, then abandon blockchain payment and return to traditional credit cards to solve this problem; another example is that Coinbase itself integrates a refundable contract to solve these problems.
Advantages
Objectively speaking, the payment track is really difficult to implement because user habits and trust are too difficult to transfer.This leads to every change in the payment platform as a result of large-scale technology updates and iterations.At present, AI payment is just beginning to sprout, and cross-border payments have an opportunity to comply with stable currency regulations.This background is a sign that the strong wind started at the end of Qingping.
Moreover, this time Coinbase really brought in many good teammates.In the X402 link, there is also ERC-8004. Among the designers of this on-chain Agent reputation market are Google, the Ethereum Foundation, MetaMask, and Coinbase itself, with one person each, forming a significant strategic alliance.
In addition, there are fewer and fewer tracks that VC institutions understand (laughs), and payment is one of them.
As a typical winner-take-all track with huge future profits, it can be said that as long as you have some products and a decent background, it will be easier to get VC support.Therefore, we can see that many institutions have published research reports on X402 immediately. This story is easy for LPs to tell, and it is based on the advantages of the blockchain’s own payment capabilities.
Coinbase CEO Brian Armstrong just stood up for X402 again on Twitter, and almost all the leading exchanges have intervened in this melee. Many disadvantages will be gradually resolved in the construction of regular troops.
It is at this time that X402 Builders need to calm down.
This is the rare formation of a new wave of consensus, and the entire military cannot enter the launch platform.
In the Web3 market, launch is the final hymn, a profit distribution link, and the key to attracting early attention, but launch is only a means, not an end.
finally
Objectively, there are advantages and disadvantages. In terms of trends, the author believes thatThe follow-up X402 will enter a period of silence, and he needs to wait for a better opportunity..
Because payment requires a lot of skill, let us recall the story of the Pearl Harbor surprise attack on Alipay when it was developed in the merchant scene and was paid with WeChat’s New Year’s red envelope.What x402 is currently most focused on is the cross-border payment scenario. After all, countless people have experienced difficulties when making OpenAI payments.
Let the new payment system combine with the global payment demand of a popular product to lead more people to try the blockchain payment experience for the first time.
Until a certain leading platform once again triggered the TGE airdrop period, using the perspective of trading and mining to stir up popularity again, and continued to break through the cognitive circle.
