With payments the complexity is not only in accepting a payment, but largely in doing so legally. Someone makes a request to my company's paid service, I return 402 and get a stable coin back. Who do I invoice for this revenue? What value added tax do I apply to the invoice? If someone makes 10k paid requests within one month, do I have means of generating one invoice for them for all the usage, or is every request treated separately and results in 10k invoices?
Will CloudFlare handle this for me?
Who do you invoice if, for example, you own a vending machine that sells chips and sodas for cash or contactless? Why couldn’t this be treated the same?
I am not a fan of the growing trend that Cloudflare is the gatekeeper of the internet. Personally I will never support this company, or firewall any of my websites behind it.
I recently had to build a system to drop inbound traffic originating from cloudflare ASNs to prevent bad actors using WARP proxies, no legitimate cloudflare traffic usecases for anything inbound.
Getting increasingly sick of cloudflare.
But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?
I'm old-man-yelling-at-the-clouds here. Everyone just uses Cloudflare, which is not a bad thing by itself. But do they _have_ to? Is managing your own edge really that terrifying?
Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.
And compared to cloud different offerings, their quick setup and lower cost is hard to beat.
I think DDoS attacks are really what propelled them to the heights it has. The attacks seem to get bigger and bigger by the year. You need a really big pipe to filter them out on before passing on traffic to servers with a much smaller pipe.
It would be economically impossible for me to run a small personal website without Cloudflare thanks to the sheer quantity of badly behaved automated traffic on the Internet in 2026.
I think this is a directionally good idea. I can't help but think that there's basically no way that the AI labs can actually afford to pay for their massive amounts of training data though. (This does not make me particularly sad)
> NEW YORK – MCP Dev Summit North America – April 2, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it is launching the x402 Foundation with the contribution of the x402 protocol from Coinbase. The new Foundation will serve as the neutral home for x402, a universal standard for payments that embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.
Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)
The intent is to not make companies shoulder the cost of other organizations scraping their content. When it is regular users browsing the cost incurred is trivial. When bots are scraping the entirety of a site, repeatedly, it adds up quickly.
I'm going to poke at a downstream consequence here.
Lets say this catches on (in some form or another, whether in this precise implementation or not).
So assume we have a world where resources can be gated by a payment wall that agents can interact with.
I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
---
At what point can I sue these companies for obviously failing to act in my interests?
Because that's the clear next step here.
Basically - where is the fiduciary duty that I would require for a real working relationship?
Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.
What, what? That makes no more sense than suing Walmart for having preferred suppliers. If you don’t trust Walmart’s buyers to buy groceries for you then you can shop somewhere else. Similarly here.
>I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).
When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").
Frontier AI will almost certainly continue to exist, but will be focused on specific niches.
I don't even care anymore, AI stealing the life out of everything, or Cloudflare trying to become so global internet gatekeeper, let them kill each other.
You realize humans are going to be the first wave of collateral damage right? I already basically cannot browse the internet for technical information, since most high-quality forums are behind captchas that block my iPhone.
If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.
Can't speak for GP, but I wouldn't - privacy is already eroding at a startling rate, and more KYC for things that really don't need it is just a further affront to human rights. (See also the FCC's recent request for comments on requiring government-issued ID to use a cell phone.)
Are your human rights also violated by Spotify keeping track of what songs you listen to, or Netflix and YouTube keeping tabs on what shows you are watching?
Internet non-ad monetization will also be in the form of massive syndication, where a subscriber gets access to thousands of high quality websites, and web publishers get access to millions of subscribers. But they need to take a hint from streaming services and really make massive syndicates which includes everything for everyone for this to work.
I thought the goal was to only charge agents a fee, which would either 1. stop agents from scraping your site non-stop and eliminate the need for a captcha, making the human experience better or 2. make the owner of the site some money in exchange for a bajillion bots scraping their content.
Maybe that's too optimistic though based on the responses in this thread.
All for this. Micropayments have been tried so many times before, but they all relied on user opt-in and never reached any sort of critical mass. Someone of Cloudflare's scale could actually pull it off.
I might be in the minority here, but although x402 sounds useful, it seems to me that adoption will be an uphill struggle, especially for per-request micropayments.
The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")
Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.
I dont think the x402 is the core of discussion here, if anything its been hijacked for who knows what. It seems like Cloudflare wants to be the traffic gateway for everyone that controls the access and now wants to start charging for the same.
The biggest challenge here is to distinguish between a bot and real user. Guess the big AI players would get free ticket to crawl the data and humans would be just left to prove themselves to access the content.
>"I did not make the purchase, my rogue agent did."
If you try to call customer service and report it, you get:
I'm sorry. All of our rogue agents are assisting other rogue agents.
If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.
The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.
"There is an enormous amount of value moving across the Internet today that goes unmonetized or undermonetized, not because no one would pay for it, but because the tools to charge for it have never existed."
Every road a toll road.
How big a cut does Cloudflare want? Whose "stablecoin" does this use? How much does each on-chain stablecoin transaction cost?[1]
For comparison, FedNow bank to bank transfers cost $0.045, regardless of size.
Am I understanding this correct in that you can basically automate monetizing your web/api content to everyone or just agents ? Because I would be very much in support of charging agents per request, but I would want to still offer humans a free experience.
Their example of an /api/premium is quite nice! You could you like keep existing pages free, but provide specific output content for llm!
So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay
If not built-in, you can probably put it together through Cloudflare itself.
If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.
There are reliable ways of differentiating human from cheap, bulk scraping bots.
But if the bot is advanced / expensive enough, it gets a lot harder. Where this product's market sits is in giving a paid way to access content compared to having to spin up bots that run js, from real IP addresses, etc. all of which are more expensive
Agreed. To me this feels like the perfect solution for websites and ai crawlers. Instead of having crawlers paying proxy services and captcha solvers, they can pay the website itself. As a web scraper, I'd happily pay the website provider to get access if it meant easy access to the content. Heck, as a human, I'd pay to avoid the dumb captchas.
The focus of this seems to be entirely AI agents, but I wonder if there's a future where browsers implement this and us humans can finally get micropayments in the web. It's been tried unsuccessfully many times but always falls prey to the chicken-and-egg problem. Maybe the AI hype will finally give it the push it needs for widespread deployment.
The upside of using this is that AI shops might pay you for your content. Realistically, they just won't use your content, there is more than enough free (or synthetic) data out there. Not even to mention their contracts with firms like Mercor etc.
I guess I don't understand who this is for. If you want your worldview reflected in the latest generations of models, you probably wouldn't use this. If you don't want your worldview reflected in the models, why would a few pennies change your mind?
I think that's a pretty wild statement: there isn't just one type of content!
Twilight fan fiction? Claude probably won't pay for that.
But critical programming documentation that its bots (and their human users) rely on to do their daily job ? You better believe Anthropic will pay for that (instead of letting another AI pay for it, and steal all their customers).
Sure, they'll probably pay PyPi, the Swift Foundation, etc for that documentation - but it's a pretty small universe of relevant content. An interns tech blog with a 'hello world in javascript' post won't be paid for, the Mercor contractors are doing more (and better) than that!
I don’t think this is aimed at the labs and pre-training, it’s aimed at end users and their agents. Like if you’re a news site the paying customer isn’t a lab scraping your articles for training, it’s an end user that asked their agent to lookup the news of the day
Of course nobody wants to pay for anything, and you like me would like to be given everything for free without having to give anything in exchange. But why would somebody want to give it for free?
Internet needs an open, integrated and universal payment layer. But first the payments should be done well (look at: Taler project), then integrations should be build, not the other way around.
I know many people here would be against anything related to payment on the Internet, but I do believe the ability to have a button like "One click here to anonymously with no account pay 0.02€ and download the media" could be a net positive for Internet freedom.
Micropayments have always suffered from an early adopter problem because it’s difficult to convince ordinary users to pay for web pages. But if a big company, perhaps one of the AI labs, started paying websites using this system then it might bootstrap the system?
I think the difficult part is that LLMs are gullible and it will absolutely be gamed if any real money can be made this way.
It would be nice if this became a viable alternative to paywalls, though.
> This is what we are building toward: an agent-first Internet with Internet-scale settlement built in.
Ah yes, the starry-eyed dream of early web pioneers is finally upon us: a soulless internet filled with soulless agents and microtransactions!
But in all seriousness, it's hard to deny that the attention-based model that has propelled the web forward for the last 30 years is somewhat falling apart. And I don't have, nor have I come across, any meaningful solutions that could realistically work better. So maybe it's just time we turn off this 'internet' thing and call it a day.
I assume that if this catches on then the agents will have their own wallets and deduct fees from your account credit, just like with API-based usage. So the way you interact with them won't change, from your POV they'll just get more expensive.
article says it's mostly for agents, users will not be directly involved
> At the same time, an agent can make thousands of micropayments without friction, while asking a person to approve each payment would be impossibly burdensome.
but yes, they will need wallets
but it's also optional, you do not want to buy these paid for requests, you do not need a wallet
Actually, x402 was created because using a credit card programmatically is very difficult.
The whole business of Stripe is based on that: it's so hard for developers to do, and so many regulations, that they would rather pay an another company to do so.
Crypto can be sent just using a contract.transfer() call
Debit cards have to pay too many people. The acquiring bank, the receiving bank, the network, all take their fees. Stripe and their minimum $.30 per transactions leave no room for $0.01 API calls.
Presumably, like their captchas, this will completely break things like ad blockers, browsers with strict cookie policies, and probably things without hardware attestation.
Unless there's a privacy-preserving way this can be used to send money, then it's just another chunk of the surveillance state that's being rapidly erected over the last few years. The word "privacy" does not appear once in the article.
Even if it did, I'd be skeptical. If their payment system does allow money to be sent in a privacy and free speech preserving way, then it'll be used for money laundering.
This whole "agents bad" framing is complete BS. It's the reality of how people use the internet now, and, frankly, ad blockers have been a thing since forever. On the other hand, if successful, this infrastructure will give Cloudflare centralized control over internet publishing and also centralized surveillance of all users with no opt out.
Piracy is looking better and better. So does the small web. Come to think of it, the library does too. Any good solutions for non-destructively scanning books?
Step two: Sell keys to the gate
Muah ha ha
But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?
Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.
And compared to cloud different offerings, their quick setup and lower cost is hard to beat.
It's about convenience, not fear. Cloudflare is free for most companies until you need more advanced features.
I'll show myself out ...
I often see threads complaining about Cloudflare, never see suggestions for better alternatives.
Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)
you get paid in crypto
> The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft.
Lets say this catches on (in some form or another, whether in this precise implementation or not).
So assume we have a world where resources can be gated by a payment wall that agents can interact with.
I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
---
At what point can I sue these companies for obviously failing to act in my interests?
Because that's the clear next step here.
Basically - where is the fiduciary duty that I would require for a real working relationship?
Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.
That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).
When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").
Frontier AI will almost certainly continue to exist, but will be focused on specific niches.
I don't even care anymore, AI stealing the life out of everything, or Cloudflare trying to become so global internet gatekeeper, let them kill each other.
If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.
Internet non-ad monetization will also be in the form of massive syndication, where a subscriber gets access to thousands of high quality websites, and web publishers get access to millions of subscribers. But they need to take a hint from streaming services and really make massive syndicates which includes everything for everyone for this to work.
Maybe that's too optimistic though based on the responses in this thread.
The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")
Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.
The biggest challenge here is to distinguish between a bot and real user. Guess the big AI players would get free ticket to crawl the data and humans would be just left to prove themselves to access the content.
If you try to call customer service and report it, you get:
I'm sorry. All of our rogue agents are assisting other rogue agents.
If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.
The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.
Every road a toll road.
How big a cut does Cloudflare want? Whose "stablecoin" does this use? How much does each on-chain stablecoin transaction cost?[1]
For comparison, FedNow bank to bank transfers cost $0.045, regardless of size.
[1] https://www.spark.money/tools/stablecoin-fee-calculator
So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay
If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.
But if the bot is advanced / expensive enough, it gets a lot harder. Where this product's market sits is in giving a paid way to access content compared to having to spin up bots that run js, from real IP addresses, etc. all of which are more expensive
I guess I don't understand who this is for. If you want your worldview reflected in the latest generations of models, you probably wouldn't use this. If you don't want your worldview reflected in the models, why would a few pennies change your mind?
Twilight fan fiction? Claude probably won't pay for that.
But critical programming documentation that its bots (and their human users) rely on to do their daily job ? You better believe Anthropic will pay for that (instead of letting another AI pay for it, and steal all their customers).
This could also make abusing use / DDoS attack very costly
I know many people here would be against anything related to payment on the Internet, but I do believe the ability to have a button like "One click here to anonymously with no account pay 0.02€ and download the media" could be a net positive for Internet freedom.
In the future, an AGEnt will attest that you are old enough to access the resource.
Oh boy!
I expect much more of this type of thing going forward.
I think the difficult part is that LLMs are gullible and it will absolutely be gamed if any real money can be made this way.
It would be nice if this became a viable alternative to paywalls, though.
Let's say a part of the subscription is used to pay for it.
So far, I'm having trouble figuring out how to get that out of x402.
Ah yes, the starry-eyed dream of early web pioneers is finally upon us: a soulless internet filled with soulless agents and microtransactions!
But in all seriousness, it's hard to deny that the attention-based model that has propelled the web forward for the last 30 years is somewhat falling apart. And I don't have, nor have I come across, any meaningful solutions that could realistically work better. So maybe it's just time we turn off this 'internet' thing and call it a day.
> At the same time, an agent can make thousands of micropayments without friction, while asking a person to approve each payment would be impossibly burdensome.
but yes, they will need wallets
but it's also optional, you do not want to buy these paid for requests, you do not need a wallet
Stablecoins doesn't make sense here and prefer not to use crypto at all.
The whole business of Stripe is based on that: it's so hard for developers to do, and so many regulations, that they would rather pay an another company to do so.
Crypto can be sent just using a contract.transfer() call
Unless there's a privacy-preserving way this can be used to send money, then it's just another chunk of the surveillance state that's being rapidly erected over the last few years. The word "privacy" does not appear once in the article.
Even if it did, I'd be skeptical. If their payment system does allow money to be sent in a privacy and free speech preserving way, then it'll be used for money laundering.
This whole "agents bad" framing is complete BS. It's the reality of how people use the internet now, and, frankly, ad blockers have been a thing since forever. On the other hand, if successful, this infrastructure will give Cloudflare centralized control over internet publishing and also centralized surveillance of all users with no opt out.
Piracy is looking better and better. So does the small web. Come to think of it, the library does too. Any good solutions for non-destructively scanning books?