Modular Rust SDK for the x402 payment protocol — client signing, server gating, and facilitator settlement over HTTP 402.
r402 is a comprehensive restructuring of x402-rs, fully aligned with the official feature set — adding Permit2 transfers, lifecycle hooks, and 44 built-in chain deployments. For the upstream community implementation, see x402-rs.
Warning
This software has not been audited. See Security before using in production.
| Crate | Description | |
|---|---|---|
r402 |
 |
Core library — protocol types, scheme traits, facilitator abstractions, and hook system |
r402-evm |
 |
EVM (EIP-155) — ERC-3009 transfer authorization, multi-signer management, nonce tracking |
r402-svm |
 |
Solana (SVM) — SPL token transfers, program-derived addressing |
r402-http |
 |
HTTP transport — Axum payment gate middleware, reqwest client middleware, facilitator client |
See also facilitator — a production-ready facilitator server built on r402.
use alloy_primitives::address;
use axum::{Router, routing::get};
use r402_evm::{Eip155Exact, USDC};
use r402_http::server::X402Middleware;
let x402 = X402Middleware::new("https://facilitator.example.com");
let app = Router::new().route(
"/paid-content",
get(handler).layer(
x402.with_price_tag(Eip155Exact::price_tag(
address!("0xYourPayToAddress"),
USDC::base().amount(1_000_000u64), // 1 USDC (6 decimals)
))
),
);use alloy_signer_local::PrivateKeySigner;
use r402_evm::Eip155ExactClient;
use r402_http::client::{ReqwestWithPayments, ReqwestWithPaymentsBuild, X402Client};
use std::sync::Arc;
let signer = Arc::new("0x...".parse::<PrivateKeySigner>()?);
let x402 = X402Client::new().register(Eip155ExactClient::new(signer));
let client = reqwest::Client::new()
.with_payments(x402)
.build();
let res = client.get("https://api.example.com/paid").send().await?;| r402 | x402-rs | |
|---|---|---|
| Built-in chains | 44 (42 EVM + 2 Solana) | 18 (14 EVM + 2 Solana + 2 Aptos) |
| Permit2 | Dual path — ERC-3009 + x402Permit2Proxy |
ERC-3009 only |
| Lifecycle hooks | FacilitatorHooks + ClientHooks |
None |
async_trait |
Zero — RPITIT / Pin<Box<dyn Future>> |
Required |
| Facilitator trait | Unified — dyn-compatible Box<dyn Facilitator> |
Separate per-scheme |
| Server wire format | V2-only (CAIP-2, Payment-Signature header) |
V1 + V2 |
| Settlement errors | Explicit — failed settle → 500 |
Silent |
| Network definitions | Decoupled — per-chain crate | Core crate |
| Linting | pedantic + nursery + correctness (deny) |
Default |
Each chain and transport crate uses feature flags to minimize compile-time dependencies:
| Crate | server |
client |
facilitator |
telemetry |
|---|---|---|---|---|
r402-http |
Axum payment gate | Reqwest middleware | HTTP facilitator client | tracing spans |
r402-evm |
Price tag generation | EIP-712 / EIP-3009 signing | On-chain verify & settle | tracing spans |
r402-svm |
Price tag generation | SPL token signing | On-chain verify & settle | tracing spans |
Caution
This software has NOT been audited by any independent security firm.
This library interacts with blockchain networks and processes real financial transactions. Bugs or vulnerabilities may result in irreversible loss of funds.
- No warranty. Provided "AS IS" without warranty of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, and non-infringement.
- Unaudited. The codebase has not undergone a formal security audit. Undiscovered vulnerabilities may exist despite extensive testing and strict linting.
- Use at your own risk. The authors and contributors accept no responsibility for financial losses, damages, or other liabilities arising from the use of this software.
- Testnet first. Always validate on testnets before deploying to mainnet.
- Key management. Users are solely responsible for the secure handling of private keys and signing credentials.
To report a vulnerability, please open a GitHub Security Advisory — do not file a public issue.
- x402-rs/x402-rs — upstream Rust implementation (community)
- x402 Protocol Specification — protocol design by Coinbase
- coinbase/x402 — official reference implementations (TypeScript, Python, Go)
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT License (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project shall be dual-licensed as above, without any additional terms or conditions.