Skip to main content

How x402 Works

Payment Flow

Buyer-initiated (MPC Signing)

Seller Settlement (Facilitator)

Upto Scheme (Variable Amount)

EIP-712 Typed Data Signing

x402 uses EIP-712 structured data signing to create payment authorizations. This ensures:
  • Domain separation — Signatures are bound to a specific chain and contract
  • Human-readable — Wallets can display the authorization details before signing
  • Replay protection — Each authorization has a unique nonce

Domain Separator

EIP712Domain(string name, string version, uint256 chainId, address verifyingContract)
  • name: Token name (e.g., “USD Coin” or “Circle USDC”)
  • version: Token version (e.g., “2”)
  • chainId: Chain ID (e.g., 84532 for Base Sepolia)
  • verifyingContract: USDC contract address

Authorization Hash

keccak256(0x19 || 0x01 || domainSeparator || structHash)
This hash is what the MPC engine signs via threshold signing.

Transfer Methods

ERC-3009 (TransferWithAuthorization)

The native USDC transfer method. The payer signs an authorization that allows anyone to submit it on-chain: 
TransferWithAuthorization(from, to, value, validAfter, validBefore, nonce)
  • Exact scheme only — The value is bound in the signature
  • Gasless for payer — The seller (or Facilitator) pays gas to execute
  • Single transaction — Direct token transfer, no approval needed

Permit2 (PermitWitnessTransferFrom)

A universal method that works with any ERC-20 token via the Uniswap Permit2 contract: 
PermitWitnessTransferFrom(permit, owner, witness, signature)
  • Exact and Upto schemes — The amount in permit is the maximum; actual transfer can be less
  • Proxy contracts — Paratro calls the x402 Permit2 proxy which handles the Permit2 interaction
  • Witness data — Includes recipient address and validAfter timestamp
SchemeProxy ContractAddress
exactx402ExactPermit2Proxy0x402085c248EeA27D92E8b30b2C58ed07f9E20001
uptox402UptoPermit2Proxy0x4020a4f3b7b90CCA423b9FabCC0CE57c6c240002

Solana (Pre-signed Transaction)

For Solana, the payer constructs and signs a complete SPL Token TransferChecked transaction:
  • The Facilitator validates the transaction instructions (mint, amount, destination)
  • Settlement broadcasts the pre-signed transaction to Solana RPC
  • No additional signing needed — the transaction is ready to submit

MPC Threshold Signing

Paratro uses a 3-of-3 threshold signature scheme (TSS) to sign EIP-712 hashes:
  1. Gateway computes the EIP-712 hash and dispatches to the TSS engine
  2. Three signing nodes independently compute partial signatures
  3. Partial signatures are combined into a valid ECDSA signature (v, r, s)
  4. No single node ever holds the complete private key

On-Chain Settlement

After the Facilitator submits the settlement transaction:
  1. The smart contract verifies the EIP-712 signature on-chain
  2. USDC is transferred from payer to recipient
  3. An AuthorizationUsed event (ERC-3009) or Transfer event (Permit2) is emitted
  4. Paratro monitors the event and updates the transaction status to SETTLED
  5. The payer’s locked balance is deducted; the recipient’s balance is credited