Author: Shijun

Introduction

This week, I ran through the entire process of X402 from Demo to application.

Since Coinbase initially released X402 in May 2024, I have been paying attention to this protocol. Subsequently, Coinbase launched a complete payment infrastructure and collaborated with several leading companies exploring the AI + payment sector, including Google, Visa, Cloudflare, and institutions like the Ethereum Foundation and MetaMask (wallet), as can be seen from the proposal authors. Through ERC-3009 (enhanced token standard used by USDC) and ERC-8004 (on-chain reputation registration market), Coinbase has formed a fairly clear strategy for the AI + payment niche.

It can indeed be said that Coinbase is fully committed and skillfully exploring the payment sector.

However, the world of Web3 is never short of explosive points, nor is it lacking in imagination. Yet, many outrageous imaginations often confuse the audience and affect judgment.

This article aims to systematically analyze the chaotic hype, distinguishing between noise and the shortcomings that need to be addressed.

What is X402?

First of all, X402 is very simple; it is a set of process specifications for network API interaction.

X402 is named after the 402 status code and is a stateless on-chain payment protocol. By adding the "x-payment" field to the HTTP request header and utilizing a new role called Facilitator, which is responsible for verification on-chain, the service provider can be informed, and a one-time payment task can be completed.

In fact, the HTTP protocol defined 402 as a payment-related status code in its early development, but it has not been truly utilized for decades.

The specific content of x-payment can be customized; as long as the service provider believes its parameters can complete the user's payment, subsequent services can be provided.

The system itself is structurally universal, allowing any payment system to be integrated. However, since this protocol was released by Coinbase, a publicly traded exchange in the United States, it is naturally more coupled with blockchain models.

The theoretical comparison of this protocol appears to have significant advantages. Coinbase compares based on the following four points: average transaction fees, certainty of time, refund capability, and TPS (transactions per second).

• In terms of numbers, there are significant advantages in transaction fees and certainty of time, both stemming from the inherent value of blockchain as a payment system.

• In terms of shortcomings, the refund capability is insufficient—on-chain transactions cannot be easily reversed, while the TPS of traditional payment platforms like PayPal is a dynamic value, unlike the difficult scalability of blockchain.

Details are as follows:

Therefore, when we talk about X402, we must first understand: it is ultimately a payment system, not an asset issuance platform. The plethora of X402 assets that seem extravagant is merely meme logic; it may provide short-term amusement, but should not be taken seriously in the long term.

How does it work?

Mechanically, X402 adds an additional role, the Facilitator, to the traditional Client side (user, AI Agent, application, the party triggering the payment) and Server side (merchant, seller). This Facilitator acts as the central hub to help merchants determine whether a payment is successful. In fact, this role is traditionally borne by various payment platforms in the financial sector.

The core point is: the user initiates an on-chain payment, while the Facilitator is responsible for confirming whether the payment is successful.

Coinbase's Payment Strategy

ERC-3009 Enhanced Token Standard

Payments are inherently a challenging sector for C-end transformation, relying on dual-end adaptation, meaning the seller must provide services, and the buyer must be willing to use that payment method. Coinbase's strategy leverages Shopify (one of the largest e-commerce SaaS platforms globally) through Shopify's one-click plugin and SDK integration, allowing merchants to support global USDC payment capabilities without needing to understand complex encryption processes.

Many people wonder why USDC is chosen over USDT. The reason is simple: currently, the only mainstream stablecoin that supports ERC-3009 is USDC.

ERC-3009 is an enhanced standard of the ERC-20 token protocol launched in September 2020, and it has become a key asset type for achieving a gas-free experience in this payment sector, with a straightforward operational process.

Gas-Free Operation Process

1. User signs an offline message

The user uses a wallet (like MetaMask) to sign a TransferWithAuthorization type message off-chain, specifying the recipient, amount, valid time range, and a random nonce.

2. Any third party submits the transaction

Any address (usually a merchant, platform, or relayer) can carry the signed message to call the token contract that supports EIP-3009, triggering transferWithAuthorization() or receiveWithAuthorization() to achieve the actual on-chain transfer.

3. Contract verifies the signature and executes the transfer

The contract uses the EIP-712 signature format to verify the legality of the message, ensuring the nonce has not been used and is within the validAfter and validBefore time window, then completes the token transfer from -> to.

This mechanism is executed on the Ethereum mainnet by Circle's official USDC contract, with actual testing showing about 77,000 gas. The typical gas cost is around 45,000 to 50,000 gas, resulting in approximately a 40% reduction in gas consumption.

It can be said that this is one of the most cost-effective gas-free solutions available.

A typical counterexample is the previous gas-free transaction by MetaMask, which required two additional transactions, causing costs to surge threefold.

Compared to the AA model of ERC-4337, there are no early contract deployment costs for users, nor the wear and tear of cross-contract calls. Ultimately, the costs, when compared to gas-free implementations based on EIP-7702, also show slight advantages.

Refundable Payment Process

With gas-free transactions, users can hold native coins without paying, but in terms of traditional payment refund logic, it is still insufficient, as on-chain operations are inherently KYC-free.

Therefore, Coinbase has designed an additional intermediary payment process, as shown in the diagram below:

This process modifies the payment flow by adding an escrow module.

• First, the user authorizes a payment action through a signature;

• Funds move from the user's wallet into an escrow smart contract;

• The merchant captures (captures) this payment through the operator's service and ultimately withdraws it;

• If the authorization expires without execution, the user can proactively cancel the authorization and retrieve the funds.

This mechanism combines "delayed execution + forced authorization + revocable" on-chain payment control design, ensuring user safety while providing merchants with funding certainty.

The Operator acts as an intermediary service in the payment process, responsible for initiating gas payments and capturing the user's signed authorized transaction, but cannot modify the original intent, binding the payment object, amount limit, authorization validity period, etc., through hash signatures.

Private Key Custody Issues

This underlying technology relies on the recently popular TEE (Trusted Execution Environment) technology, with almost all exchange platforms launching their new TEE Wallets.

The structure of Coinbase's TEE Wallet is as follows:

This underlying technology is quite complex; the core utilizes the feature of TEE where memory cannot be read externally, and the code running in TEE has a mechanism to verify its code version. Thus, running deterministic code in a non-interfered data space brings a new private key custody security model.

Previously, the difficulty of user-local private key custody was due to the platform's inability to prove its innocence. Once a private key transaction is on-chain, there is no other basis (such as who the true initiator is) to prove whether it was a leak from the platform's custody or from the user themselves.

However, TEE can leverage open-source code audits for verification, similar to on-chain contracts, proving that there are no backdoors for leaking private keys.

In the context of the payment sector, Coinbase offers two integration methods for merchants:

• Custodial access (CDP SDK): Manage assets and generate transactions through Coinbase's Commerce account backend, where the underlying technology is TEE Wallet.

• Self-custodial Wallet API v2 access: Merchants can build their own account systems, manage keys, and connect payment notifications, suitable for merchants with medium to high technical capabilities.

In summary, Coinbase has indeed thought through and prepared a comprehensive service for both buyers and sellers.

How to Understand

From the release in May until the end of October, X402 suddenly became popular. Objectively speaking, it was the previously underestimated meme that saw a price increase of dozens of times, bringing market attention.

To specifically assess its market heat, we can first scan the platform's statistics:

The image shows: From 10.17 to 11.01, 15 days of related transactions, total transaction volume, number of buyers, and number of sellers.

Data clearly indicates a peak followed by a decline. In the face of continuous drops in buyers, many voices suggest that this is a construction phase after early experiences, and we should wait for the next wave of explosion.

But will it really be like that? We need to systematically consider its pros and cons.

Shortcomings

First of all, the X402 system is not complex, which indicates that the past bottlenecks in promoting payment implementation were not at the technical level.

The current explosive point is more about the narrative logic of the future (preemptively positioning the strongest long-term narrative of AI + Crypto integration) that brings imagination.

Currently, some mainstream token issuance models in certain circles are quite lively, reminiscent of the excitement during the inscription era. After all, once a payment is successfully recorded on-chain, users receive a response indicating success. As for what the response entails, it depends on what the service provider chooses to offer, such as sending a token, providing paid materials, or offering VIP services, etc. However, all these flashy elements do not fall under the responsibility of X402.

This means that the essence of payment has not changed. Although the 402 status code sounds impressive and powerful, what it actually returns is completely unimportant—it can return a 402, a 200 with a JSON, or anything else along with a bunch of data. Essentially, it is just an engineering encapsulation that adds a payment process.

Secondly, the current hot topic, which emphasizes the AI Agent payment experience, actually exceeds Coinbase's own expectations. Their previous strategy focused on cross-border e-commerce payment processes, which I believe is the more correct approach, including the fact that Token2049 can also utilize on-chain payments.

The downside here is that the actual demand for AI Agents combined with payment flows has not yet materialized. An AI Agent may call an API to retrieve data or other content, but with the addition of this payment logic, the entire process becomes very lengthy. However, I have also developed MCP and primarily used Agents to complete daily tasks. Users should honestly ask themselves: how reliable is AI in a long process?

Therefore, in scenarios where data needs to be purchased, I would prefer to integrate it into a low-frequency operation, transforming it into an extremely simplified process.

Moreover, the X402 payment process is not actually complete. We often wonder why many cross-border payments take 1-2 days for actual settlement. These poor experiences are not without reason; many underlying issues ultimately shape the upstream forms. For instance, as a payment-oriented protocol, it completely overlooks the rigor of this product as a financial middleware.

When it comes to users, they are entirely unaware of how it handles network fluctuations that affect the processing of actual requests after payment, nor do they see any binding relationship between API requests and transaction records. The current situation is that payment has been made, but the status of this payment is only valid for this one request, with all other context completely disappearing.

Returning to the Web2 payment process, the absence of 402 is due to the need to handle many special cases. Payment involves not only Callback methods (redirecting to a merchant-specified page after payment completion) but also periodic retries (if the callback does not execute, it will attempt to re-trigger the callback at intervals of 3 seconds, 5 seconds, 1 minute, etc., until successful, to prevent transaction loss).

Furthermore, while the Web3 world pursues efficiency and decentralization, this system is inherently KYC-free and unregulated, which seems to align with the principles of decentralization. However, merchants are not seeking decentralization; they merely want a more convenient payment experience for users. But are they not afraid of being held accountable by local authorities?

The result is that if you truly use X402 for payments, would you dare to use it for large amounts? Would merchants dare to provide it? Would you dare to embed private key custody within AI?

Thus, X402 resembles QR code payments—unidirectional and simple—but requires additional support to be truly commercially viable. This is also the direction that builders are currently striving for. For example, Cloudflare's solution adds a delayed payment feature and then reverts to traditional credit card solutions to address this issue; similarly, Coinbase has integrated refundable contracts to resolve these problems.

Advantages

Objectively speaking, the payment sector is indeed challenging to promote because user habits and trust are difficult to shift. This leads to the fact that every transition of payment platforms stems from large-scale technological updates and iterations. Currently, AI payments are just beginning to emerge, and cross-border payments have gained an opportunity for stablecoin compliance. This backdrop is a sign that the winds are rising from the edge of the green rush.

Moreover, Coinbase has genuinely brought in several good partners. In the X402 ecosystem, there is also ERC-8004, designed by a team that includes Google, the Ethereum Foundation, MetaMask, and Coinbase itself, each contributing one person to form a significant strategic alliance.

Additionally, there are fewer and fewer sectors that VC institutions can understand, and payments are one of them.

As a typical winner-takes-all sector with enormous future profits, it can be said that as long as a product is launched and the background is not too poor, it is relatively easy to gain VC support. Thus, we can see that many institutions have released research reports on X402 at the first opportunity; this story is easy to sell to LPs and stands firmly on the advantages of blockchain's payment capabilities.

Coinbase's CEO Brian Armstrong recently reiterated his support for X402 on Twitter, and leading exchanges have almost all become involved in this chaotic battle, with many disadvantages gradually being resolved through the construction of regular forces.

At this moment, the builders of X402 need to remain calm.

This is a rare opportunity for a new wave of consensus to form; we cannot all rush onto the launch platform.

In the Web3 market, launching is the final anthem, a stage for profit distribution, and a key to attracting early attention, but launching is merely a means, not an end.

Conclusion

Objectively, there are both advantages and disadvantages. From a trend perspective, I believe that X402 will enter a period of dormancy, as it needs to wait for a better opportunity.

Because payments require a great deal of finesse, let us recall how Alipay developed in the merchant scene, only to be unexpectedly attacked by WeChat Pay during the New Year red envelope season. Currently, X402's best opportunity lies in the cross-border payment scenario, as countless users have already encountered numerous difficulties when making payments with OpenAI.

Let the new payment system combine with the global payment demands of a popular product, leading more people to try the blockchain payment experience for the first time.

Until a leading platform once again attracts TGE airdrop periods, leveraging transaction mining perspectives to reignite interest and continuously break through cognitive barriers.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。