handleVerify and handleSettle from @glideco/x402-facilitator are called
directly in route handlers — there is no Express middleware abstraction. The client
side constructs and sends the X-Payment header with a payment payload.
F1 rule: the server verifies payment via server-side RPC, never by trusting a
facilitator response body. on_chain_tx in the receipt is always server-fetched from
chain RPC.
Audience: developers who want to monetize an API call without a billing dashboard.
Prerequisites
- Node 22+ and pnpm.
- A Base Sepolia wallet with test USDC — get some from the Coinbase faucet.
- Optional: a Chainalysis API key if you want real sanctions screening instead of the permissive demo screener.
Steps
1. Clone the example
2. Set environment variables
3. Build the server (src/server.ts)
The server exposes three routes:
GET /api/weather— returns 402 (no payment) or 200 (valid payment)POST /x402/verify— verify a payment payload; returns{ isValid, ... }POST /x402/settle— settle on-chain (mocked in the example); returns{ success, txHash }
@glideco/connector-chainalysis in production —
the ComplianceScreener interface is the same.
/x402/verify route. Decodes the payment payload and runs the compliance pipeline.
In production, replace the demo decoder with EIP-712 signed transfer authorization
validation.
/x402/settle route. Derives a content-bound idempotency key, replays on cache hit,
re-verifies (TOCTOU defense), then broadcasts.
X-Payment, return 402 with the payment
requirements. On a request with X-Payment, call handleVerify directly before
returning data.
4. Write the client (src/client.ts)
The client follows the four-step x402 flow: probe → verify → settle → retry with header.
No special x402 client library is needed — standard fetch throughout.
Run it
Extend it
- Swap the permissive screener for
@glideco/connector-chainalysisto get real OFAC screening on every payment. - Move
idempotencyCacheto Redis so replay protection survives server restarts. - Add tiered pricing: return different
maxAmountRequiredvalues per endpoint in the 402 body. - Port to a Next.js API route — call
handleVerifyandhandleSettledirectly in the route handler; the pattern is identical. - Derive the idempotency cache key using
deriveIdempotencyCacheKeyfrom@glideco/x402-facilitator— it binds the key to(payTo, network, payloadHash)to prevent cross-tenant cache poisoning.
Source
github.com/darshanbathija/axtior-neobank/tree/main/examples/x402-paid-apiReading list
@glideco/x402-facilitatorpackage —handleVerify,handleSettle,runCompliancePipeline,deriveIdempotencyCacheKeyAPI reference.@repo/connectors-coinbase-x402—decodeXPaymentHeader,encodeXPaymentHeader,handleX402Requestfor production client-side payment construction.- Receipt schema — how x402 receipts map to the Glide receipt model.
- F1 rule — why
on_chain_txmust be server-fetched, never from a facilitator body.