HTTP Payments
How paid HTTP resources become OpenPermit payment intents.
OpenPermit treats x402, MPP, and onchain payment challenges as HTTP payment inputs that must be normalized before authorization. AP2/Verifiable Intent artifacts, Web Bot Auth signatures, and provider-issued credentials can accompany those challenges as authorization evidence.
The common flow is:
- A buyer agent calls a paid seller resource.
- The seller returns
402 Payment Requiredwith challenge headers. - OpenPermit normalizes the challenge into a
PaymentIntent. - Optional evidence is verified or attached by hash.
- The policy engine authorizes or denies the intent against a mandate.
- Payment execution creates retry credential headers.
- Short-lived vouchers or provider credentials can be used for low-latency retries when the selected provider supports them.
- The buyer retries the seller request with those credentials.
- The seller verifies the payment before returning the resource.
The buyer SDK automates this flow for x402 and MPP:
import { wrapFetch } from '@openpermit/sdk/buyer';
const paidFetch = wrapFetch(fetch, {
client: openpermit,
mandateId: 'mandate_...',
});
const response = await paidFetch('https://seller.example/paid/data');Onchain seller challenges use the same policy path, but the buyer submits a transaction through caller-provided viem clients before retrying with settlement headers.
For high-frequency low-value resources, future provider adapters can use batchedSettlement: OpenPermit authorizes each request and records receipts, while a provider aggregates transactions and submits settlement later.
Mastercard Agent Pay for Machines should be treated as a potential future provider adapter behind existing payment methods and settlement modes, not as a separate OpenPermit payment method or partnership claim.