// GLOSSARY -- X402

What is the x402 Settlement Flow?

2 min read Updated

The x402 settlement flow is the multi-step process by which a client's payment payload is verified, the requested resource is served, and the payment is executed on-chain — typically via a facilitator's /verify and /settle endpoints.

WHY IT MATTERS

The x402 settlement flow follows a deliberate verify-before-settle pattern that protects both parties:

  1. Client requests resource — standard HTTP GET/POST
  2. Server returns 402 with PAYMENT-REQUIRED header containing accepted payment requirements
  3. Client constructs payment payload — selects a matching (scheme, network) pair, signs the payment authorisation (e.g. EIP-3009 for exact/EVM)
  4. Client re-requests with PAYMENT-SIGNATURE header
  5. Server forwards to facilitator /verify — confirms signature validity, amount correctness, nonce freshness, and sufficient balance
  6. Server fulfils request — performs the actual work (returns data, generates tokens, etc.)
  7. Server calls facilitator /settle — the facilitator submits the pre-signed authorisation on-chain and waits for confirmation
  8. Server returns 200 with resource body and PAYMENT-RESPONSE header containing transaction hash

This flow means the resource server can trade off settlement speed for payment guarantee. For low-value requests, the server might serve the resource immediately after verification (optimistic settlement). For high-value requests, it might wait for on-chain confirmation before responding.

Cloudflare has also proposed a deferred scheme where settlement happens later in batches — useful for crawlers and high-frequency agents that benefit from aggregated billing.

HOW POLICYLAYER USES THIS

PolicyLayer enforces policies at step 3 — before the client constructs a payment payload. The two-gate architecture validates the payment intent (Gate 1) and verifies the final transaction matches the approved intent (Gate 2), ensuring no tampering between policy approval and on-chain settlement.

FREQUENTLY ASKED QUESTIONS

Does settlement happen before or after the resource is served?
Typically after. The resource server verifies the payment is valid first, serves the resource, then settles on-chain. This means the server bears a small risk window — but the pre-signed authorisation ensures it can always collect. For high-value transactions, servers can settle first.
How fast is settlement?
On Base (the primary x402 network), block times are ~2 seconds. The facilitator submits the transaction and waits for confirmation. Including verification, a typical x402 payment completes in under 5 seconds end-to-end.
What is the deferred settlement scheme?
Proposed by Cloudflare, the deferred scheme uses HTTP Message Signatures instead of on-chain payment per request. The client signs a cryptographic commitment, and settlement happens later via traditional rails or batched stablecoin transfers — ideal for high-frequency crawlers.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.