Official SDK · Node.js

x402 Express SDKExpress

Express middleware for pay-per-request access control using the x402 protocol. Drop one middleware in front of any route — agents pay in USDC, keys/fees/settlement live on the platform. Thin client: signs requests, interprets challenge/verify, fails closed.

Start as a developer View source on GitHub

Source is public on GitHub — official registry packages (npm · PyPI · Packagist · Go · Maven Central · NuGet · RubyGems) are coming. Each SDK implements the same frozen X402v1 wire contract.

Add pay-per-request to any Express route with a single middleware — no settlement code in your app.

Quick start — 3 steps

01
Create an account & register a route
In the dashboard, add the route + price and issue a test or live API key.
02
Install the SDK
One package; the per-SDK command is below.
03
Add one middleware
Wrap the route — it now returns a signed x402 challenge and only serves paid content after the agent pays in USDC.

Install

npm i @x402/express express

Package id: @x402/express

Minimal usage

import express from "express";
import { x402 } from "@x402/express";

const app = express();
app.get("/premium", x402({ price: "0.10" }), (req, res) =>
  res.json({ data: "paid content" }));

Configuration

X402_API_KEY	your key id	Identifies the key (from the API Keys page).
X402_SECRET	shown once	HMAC signing secret — shown once on key creation, stored encrypted.
X402_ENV	sandbox \| live	sandbox = test key (synthetic settlement); live = real on-chain USDC.
X402_BASE_URL	https://api.payrelayer.com	Platform base URL the SDK calls.

Use a test key with X402_ENV=sandbox: payments settle synthetically so you can build and CI-assert the full challenge → pay → verify → allow loop with zero real USDC, then flip to a live key — no code change.

Built to save you time

Thin client — no settlement, custody, or crypto code runs in your process. Keys, fees, the on-chain 95/5 split and payouts all live on the platform; you add one middleware.
Fails closed — if the platform is unreachable the gated route returns 502 and never serves paid content. It cannot accidentally give away a paid response.
One frozen wire contract — X402v1 is byte-identical across all 9 SDKs, enforced by a shared known-answer signature test, so behaviour can't drift between languages.
Signed, retried webhooks (payment.settled, payout.sent, payout.failed) + a live dashboard of requests, balances and payouts — reconciliation is done for you.

Drop-in middleware: x402({ price }) in front of any route or router.
Configurable onError; sandbox keys keep test traffic fully separate from live.

FAQ

Do I need blockchain or crypto code?

No. The SDK is a thin HTTP client. Settlement, the 95/5 split and payouts happen on-chain on the platform side; you add one middleware and read the result.

Can it accidentally serve paid content for free?

No. It fails closed — if the platform is unreachable the gated route returns 502 and never serves the paid response.

How do I test without spending real USDC?

Use a test/sandbox key (X402_ENV=sandbox). Payments settle synthetically end-to-end; flip to a live key when you're ready, with no code change.

Is the payment format stable across languages?

Yes. X402v1 is a frozen wire contract, byte-identical across all 9 SDKs and enforced by a shared known-answer signature test.

Does it work with my existing Express routes?

Yes — add the x402(...) middleware to any route or router; non-gated routes are untouched.

All SDKs How it works