Xrpl.X402 1.0.0

dotnet add package Xrpl.X402 --version 1.0.0
                    
NuGet\Install-Package Xrpl.X402 -Version 1.0.0
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Xrpl.X402" Version="1.0.0" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Xrpl.X402" Version="1.0.0" />
                    
Directory.Packages.props
<PackageReference Include="Xrpl.X402" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Xrpl.X402 --version 1.0.0
                    
#r "nuget: Xrpl.X402, 1.0.0"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Xrpl.X402@1.0.0
                    
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Xrpl.X402&version=1.0.0
                    
Install as a Cake Addin
#tool nuget:?package=Xrpl.X402&version=1.0.0
                    
Install as a Cake Tool

Xrpl.X402

Preview. x402 (HTTP-402) agentic payments for the XRP Ledger, implementing the t54 "XRPL exact scheme" wire format. Lets an AI agent / client autonomously pay for HTTP resources (APIs, model inference, services) in XRP or RLUSD/IOU, and lets a server require payment for an endpoint.

๐Ÿ“– Full documentation โ€” end-to-end flow (price โ†’ pay โ†’ receipt) with XRP and RLUSD/IOU examples: x402 Agentic Payments Guide ยท API reference.

Two packages:

Package Role
Xrpl.X402 Client โ€” a DelegatingHandler that detects HTTP 402, builds + locally signs an XRPL Payment, and retries with a PAYMENT-SIGNATURE header.
Xrpl.X402.AspNetCore Server โ€” a RequirePayment endpoint filter + a ledger-settling facilitator that returns 402, verifies the signed payment, and settles it on-ledger.

Both build on the Xrpl SDK. The client signs but does not submit โ€” the merchant's facilitator settles the transaction (per the t54 scheme).


Wire format (t54 XRPL exact scheme)

Header Direction Body (base64-encoded JSON)
PAYMENT-REQUIRED server โ†’ client (on 402) { x402Version, accepts: [ {scheme:"exact", network, asset, payTo, amount, maxTimeoutSeconds, extra} ] }
PAYMENT-SIGNATURE client โ†’ server { x402Version:2, accepted, payload:{ signedTxBlob, invoiceId } }
PAYMENT-RESPONSE server โ†’ client { success, transaction, network, payer }
  • asset is "XRP" (amount in drops) or a 40-hex currency code (e.g. RLUSD) with extra.issuer and a decimal amount.
  • The payment intent is bound to the XRPL transaction via the native InvoiceID field (Payment.InvoiceID = SHA-256(invoiceId)) and/or a Memo (MemoData = hex of the raw invoiceId), selectable via X402IntentBinding (default Both).
  • Payment.SourceTag is taken from extra.sourceTag (the x402 protocol value 804681468); DestinationTag from extra.destinationTag when present.

Client usage

using Xrpl.Client;
using Xrpl.Wallet;
using Xrpl.X402;

// A connected XRPL client + a wallet you control.
IXrplClient xrpl = /* your IXrplClient, connected */;
XrplWallet wallet = XrplWallet.FromSeed(seed);

// The signer autofills + signs locally (it never submits).
var signer = new XrplWalletX402Signer(xrpl, wallet);

var options = new X402ClientOptions
{
    Network = "xrpl:1",            // CAIP-2 network you will pay on
    MaxAmountDrops = 10_000_000,   // hard cap for XRP payments (10 XRP)
    // IouValueCaps["rIssuer..."] = 5m,   // REQUIRED to pay an IOU/RLUSD from that issuer
    // PayToAllowlist = { "rMerchant...", "rIssuer..." },  // optional allowlist
};

// Wrap any HttpClient with the payment handler.
var http = new HttpClient(new X402PaymentHandler(signer, options)
{
    InnerHandler = new HttpClientHandler()
});

// Transparent: a 402 is paid automatically and the resource is returned.
HttpResponseMessage resource = await http.GetAsync("https://api.example.com/paid");

Security model (the client treats the merchant's 402 as untrusted)

  • Spending caps enforced before signing. XRP is capped by MaxAmountDrops (always checked). IOU/RLUSD fails closed: a payment is refused unless an explicit per-issuer cap exists in IouValueCaps.
  • Optional PayToAllowlist โ€” when non-empty, both payTo and the IOU issuer must be allow-listed.
  • Anti-double-pay โ€” the client pays at most once per request; a repeated 402 throws.
  • Validity window โ€” LastLedgerSequence is capped by the requirement's maxTimeoutSeconds.
  • All refusals throw X402PaymentException (Reason carries a machine code, e.g. amount_over_cap, no_acceptable_requirement, payto_not_allowed, issuer_not_allowed, payment_rejected).

Server usage (Xrpl.X402.AspNetCore)

using Xrpl.X402.AspNetCore;
using Xrpl.X402.Wire;

IXrplClient xrpl = /* your connected IXrplClient */;
IX402Facilitator facilitator = new LedgerSettlingFacilitator(xrpl);

app.MapGet("/paid", () => "premium content")
   .RequirePayment(facilitator, ctx => new PaymentRequirement
   {
       Scheme = "exact",
       Network = "xrpl:1",
       Asset = "XRP",
       PayTo = "rYourMerchantAddress...",
       Amount = "1000000",            // 1 XRP in drops
       MaxTimeoutSeconds = 60,
       Extra = { ["invoiceId"] = JsonSerializer.SerializeToElement("inv-123") }
   });

Without a PAYMENT-SIGNATURE the endpoint returns 402 + PAYMENT-REQUIRED. With a valid signature, LedgerSettlingFacilitator verifies the destination, settles the transaction (SubmitRequestAndWait, waits for tesSUCCESS), sets PAYMENT-RESPONSE, and runs your handler.

Two IX402Facilitator implementations ship:

  • LedgerSettlingFacilitator(IXrplClient) โ€” settles locally against your own connected node.
  • T54Facilitator(HttpClient, baseUrl) โ€” delegates verify + settle to an external t54 facilitator over HTTP (POST /settle with { paymentPayload, paymentRequirements }). Default base URL is the t54 testnet facilitator.

Implement IX402Facilitator yourself for any other facilitator.


Interop notes / configurability

Intent binding โ€” how the payment id is bound to the XRPL transaction, via X402ClientOptions.IntentBinding. The id is read as any string from extra.invoiceId (key configurable via InvoiceIdExtraKey, default "invoiceId"). This matches the t54 reference payer exactly.

Mode Binding
Both (default) sets both of the below โ€” matches the t54 reference payer
InvoiceIdField Payment.InvoiceID = SHA-256(invoiceId) (uppercase hex)
Memo a single MemoData = uppercase hex of the UTF-8 invoiceId string

The PAYMENT-SIGNATURE payload carries both signedTxBlob and invoiceId. For t54, the requirement's extra.sourceTag is stamped onto Payment.SourceTag (t54 enforces it โ€” the x402 protocol sourceTag is 804681468); IOU payments include a matching SendMax.

Status & limitations (preview)

  • Assets: XRP and RLUSD/IOU, exercised end-to-end against a standalone rippled.
  • Schemes: only exact โ€” the only scheme t54 advertises for XRPL (GET /supported โ†’ {scheme:"exact", network:"xrpl:1"}). Extensible, but no other XRPL scheme exists today.
  • Live t54 interop โ€” CONFIRMED (XRP + RLUSD/IOU): the client's PAYMENT-SIGNATURE is accepted by the live t54 testnet facilitator โ€” /verify returns isValid:true and /settle settles on-chain. Both an XRP payment and an issued-currency (RLUSD-coded, own testnet issuer) payment with SendMax are verified live. Matching t54 requires: payload carrying invoiceId; Payment.InvoiceID = SHA-256(invoiceId); a MemoData = hex(invoiceId); and the requirement's extra.sourceTag (804681468) stamped on the tx (t54 enforces SourceTag). T54Facilitator calls the real /verify + /settle. The live tests in X402T54LiveInteropTests (TestT54LiveSettlesXrpOnTestnet, TestT54LiveSettlesRlusdOnTestnet) run in dotnet test; they depend on the public testnet faucet + the t54 hosted facilitator, so they are kept out of the repo's TestI/TestU CI filters by name.
  • Verifiable Intent: passthrough only โ€” set X402ClientOptions.VerifiableIntentProvider and its extensions object is attached to each PAYMENT-SIGNATURE under x402Secure.verifiableIntentChain. The SD-JWT L1โ†’L3 chain (Mastercard Agentic / Trustline) is not generated by this package โ€” supply it from your own provider.

References

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
  • net10.0

  • net8.0

  • net9.0

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Xrpl.X402:

Package Downloads
Xrpl.X402.AspNetCore

ASP.NET Core server middleware (x402 require_payment) for accepting XRPL agentic payments. Adds a RequirePayment endpoint filter plus ledger-settling and t54 facilitators that verify and settle x402 PAYMENT-SIGNATUREs on the XRP Ledger.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 119 6/24/2026