Appearance

x402 Checkout

What it is

A FluxA-hosted page where a signed-in person pays any x402 resource — FluxA's own or an external merchant's — in the browser, with no x402 client or wallet code of their own. Pay with your FluxA wallet (mandate-based) or by connecting your own crypto wallet (USDC).

Unlike Payment Link Checkout, which pays a FluxA-issued link, this pays an arbitrary x402 resource URL.

Open the checkout 

https://agentwallet.fluxapay.xyz/checkout?url=<percent-encoded x402 resource URL>

The url parameter is the resource's full https:// URL (the scheme is required), percent-encoded. Always encode it — if the resource URL carries its own query string, its ?, &, and # would otherwise be read as part of the checkout URL and truncate it.

For example, to pay https://merchant.example/api/report?id=42 — that is, encodeURIComponent("https://merchant.example/api/report?id=42"):

https://agentwallet.fluxapay.xyz/checkout?url=https%3A%2F%2Fmerchant.example%2Fapi%2Freport%3Fid%3D42

Don't want to encode it yourself? Open the checkout with no parametershttps://agentwallet.fluxapay.xyz/checkout — and paste the resource link into the box. The page encodes it and takes you to the payment.

You'll be asked to sign in with FluxA if you aren't already.

Requirements on the resource URL

The resource URL is fetched and vetted before anything is shown:

  • https:// only. Plain http:// URLs are rejected.
  • Publicly accessible. The resource must be reachable on the public internet.
  • A real x402 resource. It must answer 402 Payment Required with an x402 challenge; anything else is not payable here.

How it works

x402 checkout flowOpen checkoutwith the URLFluxA showsthe offerPick a method& confirmResult inyour browser
  1. You open the checkout with the resource URL.
  2. FluxA fetches the resource and shows you what it costs and who gets paid.
  3. You choose how to pay and confirm.
  4. The paid result is delivered to your browser.

Pay methods

  • FluxA wallet (mandate-based) — USDC or credits. Pick one of your agents; if no existing mandate covers the amount, you're prompted to approve one for exactly this payment. XRP is not supported in this checkout.
  • Own crypto walletUSDC on Base mainnet only. Connect your wallet and sign the transfer; FluxA never holds the funds.

Getting your result

After payment, your browser fetches the paid result directly from the merchant when the merchant's CORS policy allows it — FluxA never sees or stores the content. Otherwise it comes back through FluxA's SSRF-guarded relay. Depending on its type it opens in a new tab or downloads.

The result lives only in your browser tab — it is not stored anywhere. Save it before you leave the page; a refresh loses it, and the payment can't be replayed.

Security

  • No bait-and-switch. FluxA re-fetches the challenge server-side and signs only the amount and recipient the merchant actually advertises — a merchant can't change them after you review the payment.
  • 2FA. Payment-checkout 2FA applies before any funds move.

Released under the MIT License.

Copyright © 2025-present