x402 for TYPO3: How Your Website Can Charge AI Agents

At a Glance  

• x402 is an open payment protocol that uses the HTTP status code 402 ("Payment Required") to embed pay-per-request payments directly into HTTP. Coinbase initiated the standard early on, but the current documentation explicitly positions it as an open, neutrally documented protocol.
• Primary use case: AI agents pay automatically for content access — no accounts, no API keys, no checkout pages.
• The official x402 documentation now covers seller quickstarts, MCP integration, testnet setups, and production facilitators; the ecosystem is visibly growing.
• Our new TYPO3 extension typo3-x402-paywall implements the protocol as PSR-15 middleware — for headless APIs and classic TYPO3 frontends.
• Includes Capabilities.yaml — the extension practises what we introduced in the first part of this series.

Table of Contents  

The web's business model is under pressure. Ad-financed content works as long as a human visits the site and views adverts. But what happens when the "visitor" is an AI agent retrieving content on behalf of a user? The agent sees no adverts. It clicks no affiliate links. It does not buy a subscription.

Publishers need new ways to be compensated for their content. This is exactly the problem x402 addresses.

What is x402?  

x402 uses the HTTP status code 402 Payment Required, which has been reserved since 1997 but never widely used. The principle: A client requests a resource. If this requires payment, the server responds with a 402 and the payment terms. The client makes the payment and repeats the request — this time with proof of payment.

Why now?  

Three developments make x402 particularly relevant right now:

1. AI Agents are becoming content consumers  

Claude, GPT, Gemini, and specialised agents increasingly access web APIs to retrieve information for their users. Each of these accesses has value — but until now, there has been no standardised way to pay for it.

2. Stablecoins enable micropayments  

Payments of $0.001 per request were never economically viable with traditional payment methods like credit cards — transaction fees exceeded the payment amount. With stablecoins like USDC on faster networks and suitable facilitators, micropayment flows become practical, even if network and settlement costs vary depending on the chain.

3. The ecosystem is growing  

Our TYPO3 Extension: typo3-x402-paywall  

The extension webconsulting/typo3-x402-paywall implements x402 as PSR-15 middleware with two modes:

# config/sites/main/config.yaml
x402_paywall:
  enabled: true
  wallet_address: "0xYOUR_WALLET_ADDRESS"
  network: "base-sepolia"
  default_price: "0.01"
  currency: "USDC"
  gated_route_patterns:
    - "/api/v1/content/*"
    - "/api/v1/articles/*"
  free_routes:
    - "/api/v1/health"
    - "/api/v1/navigation"

{
  "status": 402,
  "message": "Payment Required",
  "x402": {
    "version": "2",
    "requirements": [{
      "scheme": "exact",
      "network": "eip155:84532",
      "maxAmountRequired": "10000",
      "payTo": "0xYOUR_WALLET",
      "asset": {
        "address": "0x036CbD53842c...",
        "symbol": "USDC",
        "decimals": 6
      }
    }]
  },
  "human_readable": {
    "price": "0.01 USDC",
    "description": "Article: AI in the labour market"
  }
}

Architecture  

Interactive Demo: x402 in Action  

Experience the x402 payment flow step by step — from the first request to the response:

Anfrage erscheint nach Start...

Antwort erscheint nach Simulation...

PSR-14 Events: Connecting Custom Logic  

The extension dispatches two events to which you can attach your own listeners:

use Webconsulting\X402Paywall\Event\PaymentRequiredEvent;
use TYPO3\CMS\Core\Attribute\AsEventListener;

#[AsEventListener]
final class PaywallAnalyticsListener
{
    public function __invoke(PaymentRequiredEvent $event): void
    {
        // Log: which content is being requested?
        $this->logger->info('Paywall hit', [
            'uri' => $event->requestUri,
            'price' => $event->price,
        ]);
    }
}

Capability Manifest: Transparency through Declaration  

The extension includes its own Configuration/Capabilities.yaml, thereby implementing the concept we introduced in the first part of this series:

capabilities:
  version: "1.0"
  subsystems:
    - database:read
    - database:schema
    - site:middleware
    - tca:override
  network:
    outbound:
      - host: "x402.org"
        purpose: "x402 facilitator — payment verification and settlement"
        protocol: "https"
  events:
    dispatches:
      - Webconsulting\X402Paywall\Event\PaymentRequiredEvent
      - Webconsulting\X402Paywall\Event\PaymentReceivedEvent
  risk:
    level: "medium"
    justification: "Middleware, outbound network to facilitator"

An administrator sees immediately: This extension intercepts requests (middleware), reads the Pages table, and communicates with exactly one external host (the x402 facilitator). No wildcard network access, no XCLASS.

Who is this relevant for?  

Current Limitations and Outlook  

What already works today:

• Testnet mode (Base Sepolia) for development and demos — free of charge
• Mainnet payments with USDC via production facilitators on supported networks like Base or Solana
• AI agent access to TYPO3 headless APIs

What is still missing:

• Native fiat rails in the core protocol
• Wallet Connect UI component for human visitors (our v1.2 target)
• Backend dashboard with revenue analytics (our v1.1 target)

Installation  

# Verified entry point:
# https://github.com/dirnbauer/typo3-x402-paywall

Then in your site configuration:

# config/sites/<identifier>/config.yaml
x402_paywall:
  enabled: true
  wallet_address: "0xYOUR_WALLET_ADDRESS"
  network: "base-sepolia"  # Testnet for testing
  default_price: "0.01"
  gated_route_patterns:
    - "/api/v1/content/*"

Roadmap  

Series: EmDash Ideas for TYPO3  

This article is Part 2 of a series in which we transfer the best architecture ideas from Cloudflare's EmDash to TYPO3:

1. Capability Manifests — Extension security through declarative capability manifests
2. x402 Paywall — Content monetisation for AI agents (this article)
3. MCP Server for TYPO3 — see Agent Skills FAQ: MCP Integration
4. AI Agent Skills for TYPO3 — see Agent Skills: 30 Questions and Answers and our Skills Repository on GitHub

Conclusion  

x402 solves a problem that most TYPO3 agencies do not yet feel today — but soon will. When AI agents account for 10%, 20%, or 50% of the traffic on content websites, publishers need a way to be paid for this access. x402 is the first serious standard for this.

For TYPO3, this means: A PSR-15 middleware, a YAML configuration, and your headless API gains a clear path to monetisation. You can test it on the testnet today; for production, you will additionally need a robust facilitator, wallet, and compliance strategy.

Key Takeaways:

• x402 is not just a futuristic experiment — the official documentation now covers testnet, mainnet, and MCP scenarios
• The TYPO3 integration is a middleware configuration, not an infrastructure project
• Testnet mode allows for risk-free testing
• AI agent monetisation is becoming a strategic necessity