At a Glance
- x402 is an open payment protocol that uses HTTP status code 402 ("Payment Required") to build pay-per-request payments directly into HTTP. Coinbase kick-started the standard, but the current documentation explicitly positions it as an open, neutrally documented protocol.
- Primary use case: AI agents pay automatically for content access — no accounts, no API keys, no checkout pages.
- The official x402 documentation now covers seller quickstarts, MCP integration, testnet setups, and production facilitators, and the ecosystem is visibly growing.
- Our new TYPO3 extension typo3-x402-paywall implements the protocol as PSR-15 middleware — for headless APIs and classic TYPO3 frontends.
- It ships a Capabilities.yaml manifest, putting into practice what we introduced in the first part of this series.
Table of Contents
Capability Manifest
Transparent declaration of all extension capabilities
Series: EmDash for TYPO3
Part 2 of the architecture ideas from Cloudflare's EmDash
The web's business model is under pressure. Ad-funded content works as long as a human visits the site and sees the adverts. But what happens when the "visitor" is an AI agent fetching content on a user's behalf? The agent sees no adverts. It clicks no affiliate links. It buys no subscription.
Publishers need new ways to be compensated for their content. This is exactly the problem x402 addresses.
What is x402?
x402 uses the HTTP status code 402 Payment Required, which has been reserved since 1997 but never widely used. The principle is simple: a client requests a resource. If payment is required, the server responds with a 402 and the payment terms. The client pays and repeats the request, this time with proof of payment.
The entire payment exchange happens within HTTP headers. No redirect to a payment page, no mandatory accounts, no API keys. This is crucial for AI agents: they can pay programmatically, with no human in the loop.
Why now?
Three developments make x402 particularly relevant right now:
1. AI Agents are becoming content consumers
Claude, GPT, Gemini, and specialised agents increasingly call web APIs to fetch information for their users. Each of these requests has value, yet until now there has been no standardised way to pay for it.
2. Stablecoins enable micropayments
Payments of $0.001 per request were never viable with traditional methods such as credit cards: the transaction fees dwarfed the payment itself. With stablecoins like USDC on faster networks and suitable facilitators, micropayment flows become practical, even though network and settlement costs vary from chain to chain.
3. The ecosystem is growing
| Actor | Role |
|---|---|
| x402 Documentation | Official quickstarts for sellers, buyers, and MCP integration |
| Coinbase Developer Platform | Early initiator of the standard, SDKs, and facilitator ecosystem |
| Cloudflare | EmDash with built-in x402 support as a real-world CMS example |
| x402 Ecosystem | Public overview of facilitators, tools, APIs, and infrastructure |
| Base / Solana | Networks mentioned in the official x402 documentation for production flows |
Our TYPO3 Extension: typo3-x402-paywall
The extension webconsulting/typo3-x402-paywall implements x402 as PSR-15 middleware with two modes:
For TYPO3 headless setups (for example, with a Next.js frontend). The middleware intercepts API requests:
Every request to /api/v1/content/42 without a payment header receives a structured 402 response:
Architecture
Interactive Demo: x402 in Action
Experience the x402 payment flow step by step — from the first request to the response:
Wählen Sie ein Szenario und beobachten Sie Schritt für Schritt, was im HTTP-Protokoll passiert -- so wie ein AI-Agent es erlebt.
Wählen Sie ein Szenario und starten Sie die Simulation.
PSR-14 Events: Connecting Custom Logic
The extension dispatches two events to which you can attach your own listeners:
Triggered when a 402 is returned. Useful for analytics:
Capability Manifest: Transparency through Declaration
The extension ships its own Configuration/Capabilities.yaml, putting into practice the concept we introduced in the first part of this series:
An administrator can see at a glance: this extension intercepts requests (middleware), reads the Pages table, and talks to exactly one external host (the x402 facilitator). No wildcard network access, no XCLASS.
Who is this relevant for?
Current Limitations and Outlook
For now, x402 relies on crypto-native payments and on-chain settlement. For Austrian enterprise customers, this can remain a hurdle, both in regulatory and organisational terms. Native fiat rails are not yet part of the core protocol; if you need ACH, SEPA, or cards, you will have to add gateways or wrappers.
What already works today:
- Testnet mode (Base Sepolia) for development and demos — free of charge
- Mainnet payments with USDC via production facilitators on supported networks like Base or Solana
- AI agent access to TYPO3 headless APIs
What is still missing:
- Native fiat rails in the core protocol
- Wallet Connect UI component for human visitors (our v1.2 target)
- Backend dashboard with revenue analytics (our v1.1 target)
Installation
Then in your site configuration:
typo3-x402-paywall on GitHub
Complete TYPO3 extension with PSR-15 middleware, TCA integration, event system, unit tests, and its own Capability Manifest. Ready to use immediately with the Base Sepolia Testnet.
Roadmap
v1.0: PSR-15 Middleware (current)
v1.1: Backend Dashboard
v1.2: Next.js Wallet Connect
v2.0: MCP Server + Fiat
Series: EmDash Ideas for TYPO3
This article is Part 2 of a series in which we transfer the best architecture ideas from Cloudflare's EmDash to TYPO3:
- Capability Manifests — Extension security through declarative capability manifests
- x402 Paywall — Content monetisation for AI agents (this article)
- MCP Server for TYPO3 — see Agent Skills FAQ: MCP Integration
- AI Agent Skills for TYPO3 — see Agent Skills: 30 Questions and Answers and our Skills Repository on GitHub
Conclusion
x402 solves a problem most TYPO3 agencies do not feel yet, but soon will. When AI agents account for 10%, 20%, or 50% of the traffic on content sites, publishers need a way to get paid for that access. x402 is the first serious standard to offer one.
For TYPO3, it comes down to this: a PSR-15 middleware, a YAML configuration, and your headless API gains a clear path to monetisation. You can test it on the testnet today; for production, you will also need a robust facilitator, a wallet, and a compliance strategy.
Key Takeaways:
- x402 is more than a futuristic experiment: the official documentation now covers testnet, mainnet, and MCP scenarios
- The TYPO3 integration is a middleware configuration, not an infrastructure project
- Testnet mode lets you test without risk
- AI agent monetisation is becoming a strategic necessity