- Paid Solana RPC and DAS routes — Alchemy and Helius, gated with standard x402
exacton Solana mainnet. - Auth-only Tokens API routes — proxied with a server-side API key and gated with x402 SIWX.
High-level flow
Paid route lifecycle (x402 exact)
Paid Solana RPC / DAS routes use the standard x402 exact payment flow:
- Client sends the request (e.g.
POST /v1/x402/solana/mainnet/alchemy/rpc/getBalance). - Gateway returns
402 Payment Requiredwith anx402envelope describing:scheme: "exact"network: solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpasset: USDCmaxAmountRequiredderived from upstream PAYG pricingpayTo: the gateway’s settlement walletfacilitator.url: CDP facilitator endpoint
- Client builds and signs an SVM exact transfer for that amount, encodes it into
PAYMENT-SIGNATURE, and retries the same request. - Gateway verifies the signature against the CDP facilitator’s
/verifyendpoint. - Gateway calls the upstream provider (Alchemy or Helius) with the real request payload.
- Gateway only settles the payment through CDP’s
/settleendpoint after a successful upstream response. A failed upstream means no settlement — the payment authorization is discarded. - Gateway returns the upstream JSON response plus the settlement transaction in
X-PAYMENT-RESPONSE.
Auth-only route lifecycle (x402 SIWX)
Tokens API routes use the sign-in-with-x extension of x402:- Client sends the request (e.g.
GET /v1/x402/tokens/health). - Gateway returns
402 Payment Requiredwith asign-in-with-xextension declaring:- acceptable
networks (Solana mainnet and devnet) - a sign-in
statement - an
expirationSecondswindow (300 seconds)
- acceptable
- Client constructs and signs a SIWX message with their wallet, encodes it into
SIGN-IN-WITH-X, and retries the request. - Gateway verifies the signature, enforces expiration, and records a short-lived session key to defend against replay.
- Gateway calls the Tokens API with its server-side
x-api-keyand returns the response.
Bazaar discovery
The gateway supports CDP’s Bazaar crawler for x402 discovery:- Paid routes advertise their input and output schemas, pricing, and asset in the
402 Payment Requiredenvelope. - The Bazaar crawler probes routes with an empty request body. Paid routes must still return
402 Payment Requiredfor that probe, so body validation happens after the initial challenge is issued. GET /v1/catalogreturns the same catalog data clients can render directly without hitting each endpoint.
Upstreams
| Provider | Clusters | Surfaces | Notes |
|---|---|---|---|
| Alchemy | mainnet, devnet | rpc, das (mainnet only) | Compute-unit PAYG pricing |
| Helius | mainnet, devnet | rpc, das | Per-credit PAYG pricing |
| TokensAPI | n/a | tokens | Server-side API key, SIWX auth for clients |
State and observability
Stateful concerns are intentionally pushed to Upstash Redis so Vercel stays stateless:- Replay protection — paid payment authorizations and SIWX sessions are cached and reject reuse.
- Rate limiting — per-route limits keyed by IP (unpaid challenges) or wallet (authenticated calls).
- Usage counters — simple hit counters for paid, unpaid, and failed flows.
stdout and collected by Vercel. See Rate limiting & guardrails for the limits table.
Internal facilitator
The gateway also ships a thin self-hosted facilitator at/api/internal/facilitator/{supported,verify,settle}. These routes are server-to-server only, gated by a shared secret, and exist to let a trusted caller fall back to the gateway’s own facilitator signer instead of CDP. They are not part of the public surface and are not advertised in discovery.
See Facilitator for details.

