Tessera
Try the demo
[X0]x402 · Base Mainnet · v2

Tessera x402 Payments. Pay-per-call credit data for agents.

HTTP-native micropayments for agent-to-API calls. Score lookups, agent profiles, and credit attestations — priced in USDC on Base, settled in seconds via the public x402 facilitator. Two endpoints live today, with an opt-in encrypted-response extension that hides the payload from the server itself.

Try the privacy demoSee live endpointsRead the full spec
Live endpoints
2
Score + Agent
Spec
v2
CAIP-2 + new headers
Asset
USDC
Base · eip155:8453
Privacy
Phase 1
encrypted responses
[01]

Why we built this.

Agents transact in tenths of a cent. Stripe minimums + monthly invoices don’t fit. x402 is the HTTP-native standard for agent-to-API micropayments — every paid request is an EIP-3009 signed USDC transfer, settled on Base, no account, no key, no invoice cycle. Tessera ships the credit-data layer of that stack.

Pay-as-you-go

No key, no account, no invoice

Sign one EIP-3009 authorization per request. Public facilitator settles in seconds. Same DX as Stripe checkout — minus the floor + the friction.

Free path still free

SDK consumers unchanged

The free /api/score and /api/agent endpoints stay free for SDK + dapp consumers. The paid x402 variants exist so x402-native agents have a wallet-native way to consume Tessera.

Standards-track

Built to the public spec

x402 v2 wire format end-to-end: CAIP-2 network IDs, PAYMENT-SIGNATURE header, accepts[] discovery payload. Verifies + settles via the public x402 Foundation facilitator on Base.

[02]

Live endpoints.

Two endpoints are live on Base mainnet today. Both implement x402 v2 (CAIP-2 network identifiers, PAYMENT-SIGNATURE header, accepts payload nested under accepts[]) so any v2-aware client or discovery indexer can consume them.

LiveGET/api/x402/score/[address]$0.001 USDC

Paid Tessera Score lookup

Same response shape as the free /api/score/[address] — Score 0–100, tier, percentile, credit-line estimate, full input breakdown, ecosystem label. Gated by a $0.001 USDC payment.

  • score · 0–100 deterministic credit score
  • tier · New / Bronze / Silver / Gold / Platinum / Diamond
  • percentile · 0–99 rank across the agent population
  • creditLineEstimate · USDC whole-dollar projected line
  • inputs · { lifetimeVolumeUsd, txCount, distinctCounterparties, monthsActive, revertRate }
  • indexer · { source, lookbackWindow, eventsScanned, fromBlock, toBlock, empty }
LiveGET/api/x402/agent/[address]$0.002 USDC

Full agent profile (Score + Directory)

One call replaces three. Returns Score + tier + credit estimate + five-input breakdown + the Agent Directory record (if listed). Built for underwriters + dapp gating systems that want one round-trip per agent.

  • Everything in /score
  • directory · { displayName, description, visibility, links, signedAt } or null
  • verified · true if the agent is listed in the Tessera directory
  • paidVia · 'x402'
  • generatedAt · ISO timestamp
Same data, different door. The paid endpoints don’t lock anything away from the free tier. They exist so wallet-native agents have a wallet-native way to consume Tessera, and so the protocol surfaces on every x402 discovery registry.
[03]

The x402 v2 handshake.

Unauthenticated request returns 402 Payment Required with an accepts[] payload describing the asset, network, recipient, and price. Client signs an EIP-3009 TransferWithAuthorization and retries with the PAYMENT-SIGNATURE header. The route handler runs, the facilitator settles the transfer on-chain, and the response includes a PAYMENT-RESPONSE settlement receipt.

The 402 response (what discovery sees)

402-response.jsonjson
{
  "x402Version": 2,
  "error": "PAYMENT-SIGNATURE header is required",
  "accepts": [{
    "scheme": "exact",
    "network": "eip155:8453",
    "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
    "payTo": "0x...tessera-x402-recipient",
    "maxAmountRequired": "1000",
    "resource": "https://www.tesseracredit.com/api/x402/score/0xabc...",
    "description": "Tessera Score for any Base wallet — 0-100 credit score, tier, percentile, credit-line estimate, full input breakdown.",
    "mimeType": "application/json",
    "maxTimeoutSeconds": 60,
    "extra": { "name": "USD Coin", "version": "2" }
  }]
}

Settlement guarantees

  • Pay only on success. Settlement only happens AFTER the route handler returns a 2xx. Clients aren’t charged for indexer failures, invalid addresses, or upstream errors.
  • Public facilitator. Verify + settle runs through facilitator.x402.org — the x402 Foundation reference implementation. No Tessera- custom payment infra to trust.
  • CAIP-2 native. Network is identified as eip155:8453 (Base mainnet, chain ID 8453). Same identifier discovery registries use — no name-mapping required.
  • EIP-3009 authorizations. Standard USDC transferWithAuthorization flow. Any wallet that can sign typed data can pay.
[04]

Calling it from an agent.

Use the v2 @x402/fetch (or @x402/axios) wrapper. It intercepts 402 responses, signs an EIP-3009 payment authorization with the agent’s wallet, and retries with the payment header automatically. One call, payment handled invisibly.

install.shbash
npm install @x402/fetch viem
agent-paying-x402.tstypescript
import { wrapFetchWithPayment } from "@x402/fetch";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.AGENT_PK as `0x${string}`);
const fetchWithPayment = wrapFetchWithPayment(fetch, account);

// Paid Score lookup — wrapper handles 402 + signature + retry under the hood
const res = await fetchWithPayment(
  "https://www.tesseracredit.com/api/x402/score/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
);

const { score, tier, percentile, creditLineEstimate, paidVia } =
  await res.json();

console.log(`Vitalik scored ${score} (${tier}) — line estimate $${creditLineEstimate}`);
// paidVia: "x402" confirms the response came from the paid path
Free path is identical. Drop the wrapper, point at /api/score/[address] (no /x402), and you get the same JSON without paying. The paid path is for agents that prefer wallet-native consumption + want to count as x402 spend on their on-chain track record.
[05]

Private x402 — encrypted responses.

Both paid endpoints support an opt-in Tessera Encrypted Response extension. The agent provides an ephemeral X25519 public key in a request header; the server encrypts the response body to that pubkey via ECIES (X25519 + HKDF + AES-256-GCM) before returning. Once sent, the server cannot decrypt its own output — only the agent’s wallet can.

This is Phase 1 of four. Reuses the same audited primitives we shipped for Tessera Pay encrypted memos. Zero new crypto to review.

Try the live demo

Two-line integration (SDK)

agent.tstypescript
import { wrapFetchWithPayment } from "@x402/fetch";
import { wrapFetchWithEncryption } from "@tessera/sdk";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.AGENT_PK as `0x${string}`);

const fetchPaying    = wrapFetchWithPayment(fetch, account);
const fetchEncrypted = wrapFetchWithEncryption(fetchPaying);

// One call. Payment + encryption both handled under the hood.
const res = await fetchEncrypted(
  "https://www.tesseracredit.com/api/x402/score/0xd8dA6BF2..."
);
const { score, tier } = await res.json();   // already decrypted

Raw wire format (no SDK)

raw-wire.shbash
# 1. Agent generates X25519 keypair locally
# 2. Sends pubkey (base64url, 43 chars) in request header

curl https://www.tesseracredit.com/api/x402/score/0xabc... \
  -H "PAYMENT-SIGNATURE: <signed-payment>" \
  -H "X-Tessera-Encrypt-Pubkey: <base64url X25519 pubkey>"

# 3. Server responds:
#
#   X-Tessera-Encrypted: true
#   Content-Type: application/json
#   { "v": 1,
#     "scheme": "ecies-x25519-aes256gcm",
#     "ephemeralPubkey": "<server's per-request pubkey>",
#     "iv": "<base64url, 12 bytes>",
#     "ciphertext": "<base64url, body + AES-GCM auth tag>" }
#
# 4. Derive shared secret via X25519(privateKey, ephemeralPubkey),
#    HKDF-SHA256 with salt = ephemeralPubkey||ourPubkey (64 bytes),
#    info = "tessera-pay-memo/v1/aes256gcm", to a 32-byte AES key.
#    Decrypt via AES-256-GCM. Server cannot replay the decrypt.

Backwards compatible

  • Clients that don’t send the X-Tessera-Encrypt-Pubkey header get the same cleartext response as before. Existing x402 clients keep working unchanged.
  • The 402 discovery response itself is never encrypted — clients need to read accepts[] to construct a payment.
  • Error responses (4xx / 5xx) pass through cleartext so clients can debug. Only successful 2xx responses get wrapped.
  • Bad pubkey format falls back to cleartext with an X-Tessera-Encrypt-Error hint header — the underlying request was paid for, so we never swallow it.

The full Private x402 roadmap

Phase 1 · live

Encrypted response extension

Server-to-client response body encryption via ECIES (X25519 + AES-256-GCM). Hides what was bought from anyone watching the network.

Phase 2 · queued

Stealth recipients (ERC-5564)

Each x402 payment to Tessera routed to a fresh stealth address, unlinkable to our main wallet without our viewing key. Hides which service was paid.

Phase 3 · queued

Pedersen amount commitments

Payment amount becomes a Pedersen commitment on-chain. Bulletproof range proof prevents abuse. Hides how much was paid.

Phase 4 · planned

Shielded sender (ZK pool)

Agent deposits USDC into a Tessera Shield (UTXO-style commitment pool). Noir ZK circuits prove ownership without revealing identity. Hides who paid.

Phase 5 · planned

Credit-gated privacy overlay

Every private endpoint requires a Tessera attestation proving caller's Score is ≥ a configurable tier. Bad actors can't access privacy. Compliance has a clean story.

The first complete privacy stack for HTTP-native agent payments. x402 today exposes five observable things; the Tessera roadmap hides every one of them — culminating in a credit-gated overlay that makes the whole stack regulatorily defensible. Roadmap details in docs/private-x402.md.
[06]

Pricing + revenue.

EndpointPriceAssetStatus
GET /api/x402/score/[address]$0.001USDC · BaseLive
GET /api/x402/agent/[address]$0.002USDC · BaseLive
POST /api/x402/attest$0.005USDC · BaseBuilding
POST /api/x402/score/batch$0.001 per addressUSDC · BaseBuilding
GET /api/x402/receipts/[txHash]$0.0005USDC · BasePlanned
FeeTreasury → $TESSERA. Revenue from paid x402 lookups routes to a dedicated FeeTreasury address (separate from the settlement vault). Phase 1 of token utility wires this treasury into a buy-and-burn loop on $TESSERA. Every paid lookup compounds protocol value back to holders.
[07]

Standards + source.

Tessera implements the public x402 spec end-to-end. The endpoints, the SDK, and the encrypted-response extension are open source — fork, audit, or run your own.

[08]

What ships next.

  • Live

    Score + Agent endpoints, v2 spec, encrypted response extension

    Both endpoints live on Base mainnet, implementing the full x402 v2 wire format. Phase 1 of Private x402 shipped — agents can opt into ECIES-encrypted responses today.

  • Phase 1.5

    SDK helper for agent-side encryption

    wrapFetchWithEncryption export on @tessera/sdk so agents can adopt the encrypted-response extension with one line instead of rolling their own X25519 keypair + decrypt flow.

  • Phase 1.6

    Upstream PR — encrypted response standard

    Propose the Tessera Encrypted Response extension as an official x402 standard. Submit to x402-foundation/x402 with reference implementation.

  • Phase 1.7

    Live demo at /privacy/x402

    Browser demo: generate a keypair, pay an endpoint, decrypt the response in-browser, render side-by-side with the cleartext path. Shows the extension in action.

  • Phase 2

    Stealth recipients (ERC-5564)

    Per-payment derived recipient addresses. Hides which service was paid from on-chain observers. ~4 weeks build, no audit required.

  • Phase 3

    Pedersen amount commitments

    Payment amounts hidden via Pedersen commitments + Bulletproof range proofs. ~6 weeks build, ~$15k light audit.

  • Phase 4

    Shielded sender (ZK pool)

    UTXO-style commitment pool with Noir ZK proofs. Hides who paid. ~3 months build, ~$125k audit. The moonshot.

  • Phase 5

    Credit-gated privacy overlay

    Privacy access gated on Tessera Score attestation. Only credentialed agents get privacy. Compliance story for the whole stack.

  • Pay-on-credit

    x402 calls paid on Tessera credit lines

    Agents with high-enough Score can call paid endpoints on credit. Tessera underwrites; agent settles weekly. Credit identity becomes the credit substrate of x402 itself.

[09]

Resources.

Endpoints live on Base mainnet · x402 v2 compliant · Private x402 Phase 1 shipped. Last updated May 29, 2026.