You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Payment methods**| Stablecoins only | Stablecoins, cards, digital wallets, and many other methods |
25
25
|**Sessions**| No | Yes—off-chain vouchers for sub-cent streaming |
26
26
|**Error format**| Custom |[RFC 9457](https://www.rfc-editor.org/rfc/rfc9457) Problem Details |
@@ -40,9 +40,9 @@ The request lifecycle is the same—only the header names and encoding change.
40
40
participant Client
41
41
participant Server
42
42
Client->>Server: GET /resource
43
-
Server-->>Client: 402 + X-PAYMENT-REQUIRED
44
-
Client->>Server: GET /resource + X-PAYMENT
45
-
Server-->>Client: 200 + X-PAYMENT-RESPONSE
43
+
Server-->>Client: 402 + PAYMENT-REQUIRED
44
+
Client->>Server: GET /resource + PAYMENT-SIGNATURE
45
+
Server-->>Client: 200 + PAYMENT-RESPONSE
46
46
`} />
47
47
48
48
**MPP**
@@ -60,30 +60,30 @@ The request lifecycle is the same—only the header names and encoding change.
60
60
61
61
MPP uses three protocol objects in every payment flow—the same lifecycle x402 uses, with standardized names:
62
62
63
-
-**Challenge** — The server's `402` response advertising what payment is required. Sent in the `WWW-Authenticate: Payment` header. Equivalent to x402's `X-PAYMENT-REQUIRED`.
64
-
-**Credential** — The client's signed payment authorization. Sent in the `Authorization: Payment` header. Equivalent to x402's `X-PAYMENT`.
65
-
-**Receipt** — The server's confirmation that payment settled. Sent in the `Payment-Receipt` header. Equivalent to x402's `X-PAYMENT-RESPONSE`.
63
+
-**Challenge** — The server's `402` response advertising what payment is required. Sent in the `WWW-Authenticate: Payment` header. Equivalent to x402's `PAYMENT-REQUIRED`.
64
+
-**Credential** — The client's signed payment authorization. Sent in the `Authorization: Payment` header. Equivalent to x402's `PAYMENT-SIGNATURE`.
65
+
-**Receipt** — The server's confirmation that payment settled. Sent in the `Payment-Receipt` header. Equivalent to x402's `PAYMENT-RESPONSE`.
66
66
67
67
## Running MPP and x402 side by side
68
68
69
69
MPP and x402 use completely different HTTP headers (see [comparison above](#what-mpp-adds)), so they coexist on the same server without conflict. This lets you adopt MPP incrementally—add it to new endpoints while existing x402 clients continue working.
70
70
71
-
A single `402` response can include **both** sets of headers simultaneously. x402 clients read `X-PAYMENT-REQUIRED` and ignore `WWW-Authenticate`, while MPP clients read `WWW-Authenticate: Payment` and ignore the `X-` headers.
71
+
A single `402` response can include **both** sets of headers simultaneously. x402 clients read `PAYMENT-REQUIRED` and ignore `WWW-Authenticate`, while MPP clients read `WWW-Authenticate: Payment` and ignore the x402 headers.
On the return trip, MPP clients send `Authorization: Payment <credential>` while x402 clients send `X-PAYMENT: <payload>`. Your server checks which header is present and verifies accordingly:
81
+
On the return trip, MPP clients send `Authorization: Payment <credential>` while x402 clients send `PAYMENT-SIGNATURE: <payload>`. Your server checks which header is present and verifies accordingly:
Because MPP uses the standard `WWW-Authenticate` scheme, it works with HTTP intermediaries (proxies, CDNs, API gateways) that understand [RFC 7235](https://www.rfc-editor.org/rfc/rfc7235) authentication. x402's custom `X-` headers are opaque to these intermediaries.
104
+
Because MPP uses the standard `WWW-Authenticate` scheme, it works with HTTP intermediaries (proxies, CDNs, API gateways) that understand [RFC 7235](https://www.rfc-editor.org/rfc/rfc7235) authentication. x402's custom `PAYMENT-*` headers are opaque to these intermediaries.
0 commit comments