x402 Payment Modes
x402 supports two main payment modes. The choice changes the settlement flow, the recipient model, and whether callback-enabled logic is available.
Why There Are Two Modes
- DIRECT keeps the flow simple for payment-gated delivery
- DELEGATE supports more advanced settlement and callback-triggered execution
DIRECT
DIRECT is the simpler model.
Best fit
- paid APIs
- content gating
- routes where the user should pay the merchant directly
Characteristics
- settlement target is the merchant address
- no callback contract flow
- simpler operator model
- lower integration complexity
DELEGATE
DELEGATE is the advanced model.
Best fit
- callback-enabled contract execution
- apps that need settlement orchestration
- payment-triggered minting, staking, or similar actions
Characteristics
- settlement target is delegated infrastructure
- callback-capable flow
- more moving pieces, but more flexibility
Comparison
| Area | DIRECT | DELEGATE |
|---|---|---|
| User transfer target | Merchant address | Delegated / TSS settlement address |
| Callback support | No | Yes |
| Integration complexity | Lower | Higher |
| Good fit | Gated delivery | Payment-triggered execution |
| Typical flow types | ERC20_DIRECT, SOL_DIRECT | ERC20_3009, ERC20_APPROVE_XFER, SOL_APPROVE_XFER |
How to Choose
Choose DIRECT if you need:
- the shortest path to production
- straightforward payment-gated access
- fewer backend and contract dependencies
Choose DELEGATE if you need:
- callback-enabled on-chain logic
- settlement orchestration through delegated infrastructure
- a flow where payment does more than unlock a response
DELEGATE Mode and Callback Contracts
DELEGATE mode enables payments to trigger on-chain logic — NFT mints, staking, DeFi actions — via a callback contract.
- User requests an action (e.g. mint NFT).
- Backend creates an order with
callbackCalldata. - User signs the EIP-712 payload and pays to the TSS address.
- Core settles the payment and calls
adapter.onX402Callback(). - Your contract executes the business logic (mint, stake, etc.).
- Core returns success or proof to the backend.
- DApp confirms the result to the user.
Callback Interface
Your adapter contract must implement IX402CallbackAdapter:
Integration Steps
Deploy the adapter contract
Implement IX402CallbackAdapter from goatx402-contract. Use the deployment script DeployMerchantCallback.s.sol from the repo.
Register the merchant callback
Register merchant_id, chain_id, callback_contract, eip712_name, and eip712_version with the x402 operator.
Align EIP-712 fields
Ensure eip712_name, eip712_version, and spent_address are configured consistently between the backend, the callback contract, and the operator records.
Authorize the x402 caller
Add the authorized x402 caller to your callback contract's allowlist so only the expected operator can invoke onX402Callback.
Test end to end
Validate the full flow: calldataSignRequest -> signature submit -> payment -> callback.
Adapter Contract Security Checklist
- Only allow the authorized x402 Core address to call
onX402Callback. - Validate that
payeris non-zero. - Validate that
amountmatches the expected payment. - Validate the structure and bounds of
calldata_. - Use reentrancy guards if your callback invokes external contracts.
- Emit events for off-chain tracking and audit.
Reference docs: goatx402-contract/README.md, QUICK_START.md, and MERCHANT_CALLBACK.md.