13
X402 Secure Partner Brief
One-page integration brief for VI/AP2-aware x402 risk gating
X402 Secure is the x402 risk gateway that connects agent payments, Verifiable Intent-style evidence, AP2 mandate context, and Trustline risk assessment.
This brief is intended for partner review. X402 Secure is designed to integrate with Mastercard Verifiable Intent-style evidence. It should not be described as Mastercard-certified unless that status is formally granted.
Partner Value
| Need | X402 Secure role |
|---|---|
| Prove that an agent payment matches user intent | Accept VI evidence or references, extract constraints, and bind them to the payment preview. |
| Reuse AP2 mandate context | Carry AP2 intent, cart, and payment mandate references into Trustline risk assessment. |
| Gate settlement in real time | Return allow, deny, or review before x402 verify or settlement continues. |
| Support hosted XRPL x402 flows | Let the XRPL x402 Facilitator remain public while calling X402 Secure internally. |
| Preserve auditability | Store evidence references, decision ids, receipt callbacks, and dashboard summaries. |
Layering
Rendering Mermaid graph...
Supported Integration Options
| Option | Best for | Public surface |
|---|---|---|
| Internal facilitator mode | Hosted XRPL x402 flows where X402 Secure is embedded behind the public Facilitator. | POST /internal/x402-secure/facilitator/evaluate and receipt callbacks. |
| Hosted paid API | Agent developers validating Base or Solana payment previews. | POST /x402/tools/evaluate_agent_payment and POST /x402/tools/verify_verifiable_intent. |
| X402 Secure proxy | Sellers who want the proxy to gate x402 verify and settle calls. | /x402/verify and /x402/settle. |
| Open-source SDK | Teams self-hosting or embedding evidence headers. | Buyer and Seller client helpers for VI/AP2 headers and decision metadata. |
Evidence Model
X402 Secure can carry:
verifiable_intentorverifiableIntent: VI presentation, presentation reference, hash, profile, claims, constraints, holder binding, and metadata.ap2_contextorap2Context: AP2 intent mandate, cart mandate, payment mandate, hashes, and references.payment_contextorpaymentContext: x402 payment preview including chain, network, asset, amount, destination, merchant, resource, and hashes.binding: X402 Secure or facilitator-generated payment binding status.trace_contextortraceContext: risk session, trace id, evidence reference, and W3C trace headers.policy: required VI, required verified VI, required AP2 payment mandate, accepted issuers, holder binding, trace requirements, and review behavior.
Response Contract
The partner-facing response should expose both raw assessment details and stable summary fields:
{ "decision": "allow", "decision_id": "dec_123", "risk_level": "low", "vi": { "present": true, "parsed": true, "verified": false, "evidence_ref": "tl_evd_123", "violations": [] }, "binding": { "payment_bound": true, "violations": [] }, "dashboard_summary": { "decision": "allow", "decision_id": "dec_123", "risk_level": "low", "vi_verified": false, "constraint_violations": [], "binding_violations": [], "evidence_ref": "tl_evd_123" } }
Mastercard Ecosystem Fit
X402 Secure is a natural integration layer because it does not try to replace Verifiable Intent, AP2, x402, or Trustline:
- Verifiable Intent evidence proves user or delegated intent.
- AP2 mandate references provide agent commerce authorization context.
- x402 provides HTTP-native payment execution.
- X402 Secure turns VI/AP2/x402 context into enforceable settlement policy.
- Trustline evaluates risk, constraints, evidence status, and payment binding signals.
Partner Acceptance Criteria
| Area | Acceptance check |
|---|---|
| Compatibility language | Public copy says VI-compatible or VI-aware, not certified. |
| Discovery | Paid tools expose VI/AP2 capabilities and schema URLs. |
| Enforcement | Denied or blocking-review decisions do not reach settlement. |
| XRPL boundary | XRPL x402 Facilitator calls X402 Secure, not Trustline. |
| Receipts | Settlement callbacks include decision id, evidence ref, transaction hash, attempt id, and idempotency key. |
| Privacy | Private VI claims are minimized in logs and partner-facing errors. |
| Operations | Runbook covers issuer key rotation, Trustline outages, review mode, retention, and receipt retry behavior. |
Recommended Demo
Use the X402 Secure Demo Scenario and show:
- XRPL internal facilitator path with the Facilitator as the public edge and X402 Secure embedded behind it.
- Allow path with matching VI/AP2/payment context.
- Block path with amount or payee mismatch.
- Dashboard summary fields that product or partner teams can inspect without parsing raw assessment internals.