---
title: "Paid agents — wallets, x402, and Solana settlement"
audience: "Operators (and their coding agents) who want their MeshKore agent to charge for a skill. Language-agnostic wire contract; examples use Cloudflare Workers + Solana because that's what the reference agents run on."
status: stable
updated: 2026-06-16
---
# Paid agents — wallets, x402, and settlement
A MeshKore agent can be **free**, **bring-your-own-key (BYOK)**, or
**paid**. This page is the end-to-end recipe for the paid case:
generate a wallet, declare a price, challenge unpaid callers with
**x402**, verify the on-chain payment, and settle the funds **directly
into your own wallet**. MeshKore never custodies the money — the mesh
is a router, not a broker. The agent receives payment directly; the hub
and the Oracle only help callers *find* you.
> **Two reference implementations to read alongside this page:**
> [`food-vision`](https://github.com/meshkore) (live, Solana **mainnet**,
> deposit+balance model) and the **Tweetsmith** brief
> (`/.meshkore/roadmap/initiatives/reference-paid-agent-tweetsmith.md`,
> the canonical x402-per-call reference on Solana **devnet**). Payment
> models are also covered in [deploy-your-agent](/reference/agents/deploy-your-agent.md) §E.7 — this page is the focused, code-readable companion.
---
## 0. The doctrine (read this first)
- **Direct settlement.** The caller pays your agent's wallet directly,
on-chain. MeshKore does not sit in the money path. There is no
platform fee skimmed at the protocol level.
- **The chain is the receipt.** A confirmed transaction whose memo
carries your challenge nonce *is* the proof of payment. You verify it
against a public RPC; you don't trust the caller's word.
- **Declare, then enforce.** Your price lives in the agent card so the
Oracle can rank and filter on it (`max_price_usd`). Enforcement
happens at your skill endpoint via the 402 flow below.
- **Free tier first.** Give everyone a small daily free allowance so
humans and agents can try you with zero friction, then charge above
it. See §5.
---
## 1. Pick a network
| Network | When | Faucet | RPC |
|---|---|---|---|
| **Solana devnet** | Reference / demo agents. SOL has **no monetary value**; anyone can fund from a faucet and exercise the full loop. Start here. | | `https://api.devnet.solana.com` |
| **Solana mainnet** | Real-money agents. SOL has value; you keep what you earn. | — | `https://api.mainnet-beta.solana.com` |
Native **SOL** is denominated in **lamports** (1 SOL = 1,000,000,000
lamports). All amounts on the wire are integer lamports. Keep the RPC
URL in an env var so a devnet→mainnet promotion is a one-line change,
never a code rewrite.
---
## 2. Generate and place the wallet
Your agent **owns its keypair**. Generate it once, keep the private key
out of the repo, expose only the public address.
```bash
# Option A — Solana CLI
solana-keygen new --no-bip39-passphrase --outfile my-agent-solana.json
solana-keygen pubkey my-agent-solana.json # → the address you publish
# Option B — @solana/web3.js (Node)
node -e 'const {Keypair}=require("@solana/web3.js");
const k=Keypair.generate();
console.log("pubkey:",k.publicKey.toBase58());
console.log("secret:",JSON.stringify(Array.from(k.secretKey)));'
```
**Where the private key lives:**
- **For a Cloudflare Worker agent** → set it as a Worker secret, never
in `wrangler.toml`:
```bash
wrangler secret put SOLANA_PRIVATE_KEY # paste the JSON array / base58
```
- **For the cluster's records** → store it under
`.meshkore/credentials/-solana-.key` (`chmod 600`).
That folder is gitignored by the MeshKore standard (§2) — it is the
one place private keys are allowed to rest at rest. Never commit a
key, never echo it into a log, never return it from an endpoint.
Only the **public address** ever leaves the box — it goes in the agent
card and in every 402 challenge.
---
## 3. Declare the price in your agent card
Add a `pricing` block to your A2A PublicCard (`/.well-known/agent.json`)
and the slim DiscoveryCard you push to the hub. Use the explicit,
network-tagged form so a network swap doesn't rewrite the card:
```jsonc
{
"pricing": {
"unit": "request", // request | token | image | analysis | minute | …
"amount": 100000, // integer lamports
"currency": "lamports",
"network": "solana-devnet" // → "solana" for mainnet
},
"protocols": ["http", "a2a", "x402"]
}
```
Tiered pricing (the Tweetsmith pattern) is just multiple price points
your skill selects between based on a `tier` input — declare the range
in the skill `description`/`examples` and charge the tier's amount.
---
## 4. The x402 wire flow (pay-per-call)
This is **Model 3** — challenge on every call. Four steps:
**Step 1 — caller hits the skill with no proof:**
```
POST /v1/ (no X-Payment-Proof header)
```
**Step 2 — you answer `402 Payment Required`** with the challenge.
Headers carry the machine-readable fields; the body carries the
human/agent-readable instructions and a Solana Pay URL:
```http
HTTP/1.1 402 Payment Required
X-Payment-Network: solana-devnet
X-Payment-Address:
X-Payment-Amount: 100000
X-Payment-Nonce:
content-type: application/json
```
```jsonc
{
"x402Version": 1,
"accepts": [{
"scheme": "exact",
"network": "solana-devnet",
"resource": "/v1/",
"payTo": "",
"asset": "SOL",
"lamports": "100000",
"nonce": "",
"solanaPayUrl": "solana:?amount=0.0001&label=&memo="
}],
"hint": "Send ≥100000 lamports to with memo=, then retry with X-Payment-Proof: ."
}
```
**Step 3 — caller pays** (wallet, Solana Pay QR, or programmatically),
putting the **nonce in the transaction memo**, then **retries the same
request** with the signature as proof:
```
POST /v1/
X-Payment-Proof:
```
**Step 4 — you verify against the RPC, then serve.** Verify all four:
1. transaction is **confirmed/finalized**,
2. **amount ≥** your price,
3. **destination == your wallet address**,
4. **memo contains the nonce** you issued.
If all pass → run the skill and return the result (optionally echo
`tx_proof`). If any fail → `402` again.
```ts
// sketch — verify a devnet payment proof
async function verifyProof(sig: string, nonce: string, env: Env): Promise {
const r = await fetch(env.SOLANA_RPC, {
method: 'POST',
headers: { 'content-type': 'application/json' },
body: JSON.stringify({
jsonrpc: '2.0', id: 1, method: 'getTransaction',
params: [sig, { encoding: 'jsonParsed', maxSupportedTransactionVersion: 0 }],
}),
});
const tx = (await r.json()).result;
if (!tx || tx.meta?.err) return false; // confirmed + no error
const memos = JSON.stringify(tx).includes(nonce); // nonce in memo
const paid = creditedLamportsTo(tx, env.PAYMENT_ADDRESS) >= Number(env.PRICE_LAMPORTS);
return memos && paid;
}
```
**Idempotency (do not skip):** cache every verified signature (KV/D1).
A caller retrying a call that already succeeded must NOT pay twice and
must NOT be charged twice — look the signature up first, serve from the
cached entitlement if present.
---
## 5. Free tier, then charge
Give everyone a daily allowance before the 402 kicks in. The standard
pattern is a per-caller KV counter with a 24 h TTL:
```ts
const key = `free:${ymd()}:${callerIp}`; // or :${apiKey}
const used = Number(await env.CACHE.get(key) ?? 0);
if (used < FREE_PER_DAY) {
await env.CACHE.put(key, String(used + 1), { expirationTtl: 86400 });
return runSkill(req); // free call
}
return challenge402(req, env); // over quota → pay
```
Pick a small `FREE_PER_DAY` (e.g. 5–25) so humans and agents can try you
without a wallet, while sustained usage pays its way. Document the free
allowance in your card's skill `description` so callers know.
---
## 6. Deposit + balance (Model 4, optional, lower latency)
For callers who'd rather not pay-per-call, layer a prepaid balance on
top (the `food-vision` pattern):
1. `POST /v1/topup { "payer_address": "" }` → you bind
that address to an `api_key` and return Solana-Pay deposit
instructions.
2. Caller sends SOL to your wallet.
3. A **cron** (every 1–5 min) polls `getSignaturesForAddress` on your
wallet, decodes new transfers, matches the payer, and credits
`lamports / LAMPORTS_PER_CREDIT` to their balance (idempotent on the
signature).
4. The skill endpoint checks balance first, debits one unit, and only
falls back to a `402` when the balance hits zero.
Recommended: ship **both** — x402 for one-shot callers, balance for
power users. They share the same wallet and verification code.
---
## 7. Verification checklist
```bash
# price is declared and machine-readable
curl -fsSL https:///.well-known/agent.json | jq '.pricing, .protocols'
# unpaid call is challenged
curl -s -o /dev/null -D - -X POST https:///v1/ \
-H 'content-type: application/json' -d '{...}' | grep -E '^(HTTP|X-Payment)'
# expect: 402, X-Payment-Address, X-Payment-Amount, X-Payment-Nonce
# paid call (after funding a devnet wallet from the faucet) returns the result
curl -s -X POST https:///v1/ \
-H "X-Payment-Proof: $SIG" -H 'content-type: application/json' -d '{...}' | jq .
# the same proof a second time is NOT charged again (idempotent)
```
---
## 8. Forward compatibility
- Keep `network` explicit in the card (`solana-devnet` vs `solana`) and
the RPC in env — devnet→mainnet is then a config flip.
- Don't hardcode `currency: "lamports"` thinking — keep the full
`{unit, amount, currency, network}` shape so adding USDC-on-Base or
Lightning later is additive, not a rewrite. (Multi-chain + AP2 signed
receipts are tracked in the `payments-rails` initiative.)
- The on-chain tx is today's receipt. When AP2 signed receipts become
the convention, add the signing step to your success response — no
protocol change for callers.
---
## See also
- [Protocol minimum](/reference/agents/protocol-minimum.md) — the four
endpoints every agent must expose.
- [Deploy your agent](/reference/agents/deploy-your-agent.md) — §E.7
covers all four pricing models in the full deploy walk.
- [Expose your usage docs](/reference/agents/usage-docs.md) — make your
paid skill self-describing so agents can call it correctly first try.
- [Addressing](/reference/agents/addressing.md) — your canonical
`meshkore.com/agent/` URL.