x402 Payments on GOAT Network
x402 is a payment protocol for crypto-native applications. It standardizes how an app or API requests payment and how settlement is verified before service delivery.
x402 is a payment + settlement layer that can be paired with trust and identity standards such as ERC-8004.
Payment Flow
┌──────────────────────────────────────────────────────────────────────────┐
│ GOAT x402 Payment Flow │
│ │
│ ┌─────────┐ ┌─────────────┐ ┌─────────────┐ ┌───────┐ │
│ │ │ 1 │ │ 2 │ │ 4 │ │ │
│ │ Client │ ───> │ Your API │ ───> │ GOAT │ ───> │ Chain │ │
│ │ │ │ │ │ Facilitator │ │ │ │
│ │ (User │ <─── │ (Server) │ <─── │ │ <─── │ │ │
│ │ or │ 6 │ │ 5 │ │ 4 │ │ │
│ │ Agent) │ │ │ │ │ │ │ │
│ └─────────┘ └─────────────┘ └─────────────┘ └───────┘ │
│ │
│ 1. Client requests protected resource │
│ 2. Server returns HTTP 402 + payment requirements │
│ 3. Client signs payment authorization │
│ 4. Facilitator verifies signature + settles on-chain │
│ 5. Facilitator returns proof │
│ 6. Server unlocks resource + returns response │
│ │
└──────────────────────────────────────────────────────────────────────────┘Supported Chains
The exact set of supported chains depends on each merchant's Core configuration.
| Chain | Chain ID | Tokens | Status |
|---|---|---|---|
| GOAT Network | 2345 | USDC, USDT | Live |
| Ethereum | 1 | USDC, USDT | Live |
| Polygon | 137 | USDC, USDT | Live |
| Arbitrum | 42161 | USDC, USDT | Live |
| BSC | 56 | USDC, USDT | Live |
| Metis | 1088 | USDT | Live |
| Solana | — | USDC, USDT | Coming Soon |
Repository Map
From the official repo:
goatx402-sdk— frontend SDK for EVM wallet integrationsgoatx402-sdk-server-ts— TypeScript server SDK source (published package:goatx402-sdk-server)goatx402-sdk-server-go— Go server SDK (module:github.com/goatnetwork/goatx402-sdk-server)goatx402-contract— callback contract examples and test utilitiesgoatx402-demo— end-to-end demo appDEVELOPER_FAST.md— concise integration guideAPI.md— endpoint and auth notes
Payment Modes
| Mode | Flow Types | User Transfer Target | Callback Support | Typical Use |
|---|---|---|---|---|
| DIRECT | ERC20_DIRECT, SOL_DIRECT | Merchant address | No | Simple payment-gated access |
| DELEGATE | ERC20_3009, ERC20_APPROVE_XFER, SOL_APPROVE_XFER | TSS / delegated settlement address | Yes | Advanced settlement and callback workflows |
For all flows, the payer transfers funds to the payToAddress returned by order creation.
Environment Variables
GOATX402_API_URL=https://api.x402.goat.network
GOATX402_API_KEY=your_api_key
GOATX402_API_SECRET=your_api_secret
GOATX402_MERCHANT_ID=your_merchant_id- For local development with the demo app, use
http://localhost:8286 - For production, use
https://api.x402.goat.networkor the base URL provided for your onboarding environment - Older docs may mention
GOATX402_BASE_URL; preferGOATX402_API_URL
⚠️
Keep GOATX402_API_SECRET server-side only. Never expose API secrets in frontend code.
Core Order Lifecycle
- Frontend requests order creation from your backend.
- Backend calls
POST /api/v1/orders. - Core returns an x402 payment-required payload (HTTP 402 is the expected success path for order creation).
- If
calldataSignRequestexists, frontend signs it and backend submits the signature. - Frontend performs the token transfer to
payToAddress. - Backend polls order status until a terminal state.
- Backend retrieves proof after confirmation.
- Backend cancels stale unpaid orders when they remain cancellable.
Order States
CHECKOUT_VERIFIED— order created, waiting for payment (only cancellable state)PAYMENT_CONFIRMED— payment observed and confirmedINVOICED— completed in the current flowFAILED— failedEXPIRED— expired before completionCANCELLED— cancelled while still cancellable
API Reference
Authentication
Backend requests use HMAC-SHA256 authentication with these headers:
X-API-Key— your API keyX-Timestamp— Unix seconds (validated within ~5 minutes)X-Sign— HMAC-SHA256 hex signature
Signature algorithm: take request body fields + api_key + timestamp, remove sign field and empty values, sort ASCII, build k1=v1&k2=v2 string, HMAC-SHA256 with API secret, hex-encode result.
Endpoints
| Server SDK Method | Endpoint | Auth |
|---|---|---|
createOrder | POST /api/v1/orders | Yes |
getOrderStatus | GET /api/v1/orders/{order_id} | Yes |
getOrderProof | GET /api/v1/orders/{order_id}/proof | Yes |
submitCalldataSignature | POST /api/v1/orders/{order_id}/calldata-signature | Yes |
cancelOrder | POST /api/v1/orders/{order_id}/cancel | Yes |
getMerchant | GET /merchants/{merchant_id} | No |
Create Order Request
| Field | Type | Required | Description |
|---|---|---|---|
dapp_order_id | string | Yes | Your app's unique order identifier |
chain_id | number | Yes | Target chain (e.g. 2345 for GOAT Network) |
token_symbol | string | Yes | Payment token (e.g. USDC) |
token_contract | string | No | Token contract address |
from_address | string | Yes | Payer address |
amount_wei | string | Yes | Token amount in wei |
callback_calldata | string | No | For DELEGATE mode only |
merchant_id | string | No | Merchant identifier |
Order Response Fields (Frontend)
When the backend normalizes the x402 response for frontend use, the fields builders most often consume are:
orderId— Core order identifierpayToAddress— the address the user actually transfers toamountWei— token amount for the transfercalldataSignRequest— optional EIP-712 payload for callback-enabled flowsstatus— the latest order state from backend polling
Error Handling
| Status | Meaning |
|---|---|
200 | Success |
400 | Validation or business errors |
401 | Authentication error |
402 | Payment Required — normal success path for order creation |
403 | Authorization error |
404 | Not found |
500 | Internal error |
Fast Start
1) Clone and install
git clone https://github.com/GOATNetwork/x402.git
cd x402
cd goatx402-demo && pnpm install
cd ../goatx402-sdk-server-ts && pnpm install
cd ../goatx402-demo2) Configure the demo backend
Create goatx402-demo/.env:
GOATX402_MERCHANT_ID=your_merchant_id
GOATX402_API_URL=http://localhost:8286
GOATX402_API_KEY=your_api_key
GOATX402_API_SECRET=your_api_secret
PORT=3001GOATX402_MERCHANT_ID, GOATX402_API_KEY, and GOATX402_API_SECRET are onboarding credentials for your x402 environment. Replace GOATX402_API_URL with your hosted base URL if you are not running Core locally.
3) Run the demo
pnpm dev4) Verify backend health and config
curl http://localhost:3001/api/health
curl http://localhost:3001/api/configDELEGATE Mode and Callback Contracts
DELEGATE mode enables payments to trigger on-chain logic — NFT mints, staking, DeFi actions — via a callback contract.
┌─────────────────────────────────────────────────────────────────────────┐
│ DELEGATE Mode Payment Flow │
│ │
│ ┌────────┐ ┌──────────┐ ┌─────────────┐ ┌───────────────┐ │
│ │ │ 1 │ │ 2 │ │ 4 │ │ │
│ │ User │ ──> │ DApp │ ──> │ GOAT x402 │ ──> │ Your Adapter │ │
│ │ │ │ Backend │ │ Core │ │ Contract │ │
│ │ │ <── │ │ <── │ │ <── │ │ │
│ │ │ 7 │ │ 6 │ │ 5 │ │ │
│ └────────┘ └──────────┘ └─────────────┘ └───────────────┘ │
│ │ │ │
│ │ 3 │ │
│ └────────────────────────────────┘ │
│ (User signs & pays to TSS) │
│ │
│ 1. User requests action (e.g. mint NFT) │
│ 2. Backend creates order with callbackCalldata │
│ 3. User signs EIP-712 + pays to TSS address │
│ 4. Core settles payment + calls adapter.onX402Callback() │
│ 5. Your contract executes logic (mint, stake, etc.) │
│ 6. Core returns success/proof │
│ 7. DApp confirms to user │
│ │
└─────────────────────────────────────────────────────────────────────────┘Callback Interface
Your adapter contract must implement IX402CallbackAdapter:
interface IX402CallbackAdapter {
function onX402Callback(
address payer,
address token,
uint256 amount,
bytes calldata calldata_
) external returns (bool success);
}Integration Steps
- Deploy your adapter contract implementing
IX402CallbackAdapterfromgoatx402-contract - Use the deployment script
DeployMerchantCallback.s.solin the repo - Register the merchant callback metadata with the x402 operator:
merchant_id,chain_id,callback_contract,eip712_name,eip712_version
- Ensure
eip712_name,eip712_version, andspent_addressare configured consistently - Add the authorized x402 caller to the callback contract allowlist
- Test the full
calldataSignRequest -> signature submit -> payment -> callbackflow
Adapter Contract Security Checklist
- Only allow the x402 Core address to call
onX402Callback - Validate
payeraddress (non-zero) - Validate
amountmatches expected payment - Validate
calldata_structure and bounds - Use reentrancy guards if calling external contracts
- Emit events for off-chain tracking
Reference docs:
goatx402-contract/README.mdgoatx402-contract/QUICK_START.mdgoatx402-contract/MERCHANT_CALLBACK.md
Production Checklist
- Keep API credentials isolated on the backend
- Use
https://api.x402.goat.networkas the production base URL - Monitor fee balance because insufficient balance blocks order creation
- Auto-cancel stale
CHECKOUT_VERIFIEDorders to reclaim reserved balance and fees - Implement bounded polling with retries and timeouts
- Retrieve and persist settlement proof for auditability
- For DELEGATE flows, test calldata-signature and callback paths end to end
References
- GOAT x402 repository: https://github.com/GOATNetwork/x402 (opens in a new tab)
- README: https://github.com/GOATNetwork/x402/blob/main/README.md (opens in a new tab)
- Developer guide: https://github.com/GOATNetwork/x402/blob/main/DEVELOPER_FAST.md (opens in a new tab)
- API reference: https://github.com/GOATNetwork/x402/blob/main/API.md (opens in a new tab)
- Demo app README: https://github.com/GOATNetwork/x402/blob/main/goatx402-demo/README.md (opens in a new tab)
- Contract README: https://github.com/GOATNetwork/x402/blob/main/goatx402-contract/README.md (opens in a new tab)
- Contract quick start: https://github.com/GOATNetwork/x402/blob/main/goatx402-contract/QUICK_START.md (opens in a new tab)
- Merchant callback notes: https://github.com/GOATNetwork/x402/blob/main/goatx402-contract/MERCHANT_CALLBACK.md (opens in a new tab)