What are x402 Payment Headers?
x402 payment headers are the HTTP headers that carry payment negotiation data in the x402 protocol. The server sends payment requirements via the PAYMENT-REQUIRED header (base64-encoded JSON) in a 402 response, the client responds with a PAYMENT-SIGNATURE header containing the signed payment payload, and the server confirms settlement via the PAYMENT-RESPONSE header.
WHY IT MATTERS
The x402 protocol is HTTP-native by design — payment negotiation happens entirely within standard HTTP request/response headers, requiring no additional network calls or out-of-band communication.
The three core headers form a complete payment lifecycle:
PAYMENT-REQUIRED (server → client): Returned with a 402 status code. Contains a base64-encoded JSON array of PaymentRequirement objects, each specifying a scheme (e.g. exact), network (e.g. base), accepted token, amount, recipient address, and optional metadata. The client selects the requirement matching its capabilities.
PAYMENT-SIGNATURE (client → server): Contains the signed PaymentPayload matching the selected requirement. For the exact scheme on EVM, this includes an EIP-3009 transferWithAuthorization signature — authorising the exact amount to the specified recipient.
PAYMENT-RESPONSE (server → client): Returned with the 200 response after successful settlement. Contains the transaction hash and settlement confirmation as base64-encoded JSON.
This header-based approach means x402 works with any HTTP client or server — no special SDK required, though reference implementations exist in TypeScript, Python, Go, and Rust.
HOW POLICYLAYER USES THIS
PolicyLayer intercepts the payment flow after the agent receives PAYMENT-REQUIRED but before it constructs PAYMENT-SIGNATURE. The policy engine validates the payment requirements — checking amount, recipient, currency, and domain — against your configured policies before the agent signs anything.