@x402/next
Advanced tools
Next.js integration for the x402 Payment Protocol. This package allows you to easily add paywall functionality to your Next.js applications using the x402 protocol.
pnpm install @x402/next
Page routes are protected using the paymentProxy. Create a proxy (middleware) file in your Next.js project (proxy.ts):
import { paymentProxy, x402ResourceServer } from "@x402/next";
import { HTTPFacilitatorClient } from "@x402/core/server";
import { ExactEvmScheme } from "@x402/evm/exact/server";
const facilitatorClient = new HTTPFacilitatorClient({ url: "https://facilitator.x402.org" });
const resourceServer = new x402ResourceServer(facilitatorClient)
.register("eip155:84532", new ExactEvmScheme());
export const proxy = paymentProxy(
{
"/protected": {
accepts: {
scheme: "exact",
price: "$0.01",
network: "eip155:84532",
payTo: "0xYourAddress",
},
description: "Access to protected content",
},
},
resourceServer,
);
// Configure which paths the middleware should run on
export const config = {
matcher: ["/protected/:path*"],
};
API routes are protected using the withX402 route wrapper. This is the recommended approach to protect API routes as it guarantees payment settlement only AFTER successful API responses (status < 400). API routes can also be protected by paymentProxy, however this will charge clients for failed API responses:
// app/api/your-endpoint/route.ts
import { NextRequest, NextResponse } from "next/server";
import { withX402 } from "@x402/next";
const handler = async (_: NextRequest) => {
return NextResponse.json({ data: "your response" });
};
export const GET = withX402(
handler,
{
accepts: {
scheme: "exact",
price: "$0.01",
network: "eip155:84532",
payTo: "0xYourAddress",
},
description: "Access to API endpoint",
},
server, // your configured x402ResourceServer
);
The paymentProxy function is used to protect page routes. It can also protect API routes, however this will charge clients for failed API responses.
paymentProxy(
routes: RoutesConfig,
server: x402ResourceServer,
paywallConfig?: PaywallConfig,
paywall?: PaywallProvider,
syncFacilitatorOnStart?: boolean
)
routes (required): Route configurations for protected endpointsserver (required): Pre-configured x402ResourceServer instancepaywallConfig (optional): Configuration for the built-in paywall UIpaywall (optional): Custom paywall providersyncFacilitatorOnStart (optional): Whether to sync with facilitator on startup (defaults to true)The withX402 function wraps API route handlers. This is the recommended approach to protect API routes as it guarantees payment settlement only AFTER successful API responses (status < 400).
withX402(
routeHandler: (request: NextRequest) => Promise<NextResponse>,
routeConfig: RouteConfig,
server: x402ResourceServer,
paywallConfig?: PaywallConfig,
paywall?: PaywallProvider,
syncFacilitatorOnStart?: boolean
)
routeHandler (required): Your API route handler functionrouteConfig (required): Payment configuration for this specific routeserver (required): Pre-configured x402ResourceServer instancepaywallConfig (optional): Configuration for the built-in paywall UIpaywall (optional): Custom paywall providersyncFacilitatorOnStart (optional): Whether to sync with facilitator on startup (defaults to true)The NextAdapter class implements the HTTPAdapter interface from @x402/core, providing Next.js-specific request handling:
class NextAdapter implements HTTPAdapter {
getHeader(name: string): string | undefined;
getMethod(): string;
getPath(): string;
getUrl(): string;
getAcceptHeader(): string;
getUserAgent(): string;
}
const routes: RoutesConfig = {
"/api/protected": {
accepts: {
scheme: "exact",
price: "$0.10",
network: "eip155:84532",
payTo: "0xYourAddress",
maxTimeoutSeconds: 60,
},
description: "Premium API access",
},
};
import { paymentProxy, x402ResourceServer } from "@x402/next";
import { HTTPFacilitatorClient } from "@x402/core/server";
import { registerExactEvmScheme } from "@x402/evm/exact/server";
import { registerExactSvmScheme } from "@x402/svm/exact/server";
const facilitatorClient = new HTTPFacilitatorClient({ url: facilitatorUrl });
const server = new x402ResourceServer(facilitatorClient);
registerExactEvmScheme(server);
registerExactSvmScheme(server);
export const middleware = paymentProxy(
{
"/protected": {
accepts: [
{
scheme: "exact",
price: "$0.001",
network: "eip155:84532",
payTo: evmAddress,
},
{
scheme: "exact",
price: "$0.001",
network: "solana:EtWTRABZaYq6iMfeYKouRu166VU2xqa1",
payTo: svmAddress,
},
],
description: "Premium content",
mimeType: "text/html",
},
},
server,
);
import { createPaywall } from "@x402/paywall";
import { evmPaywall } from "@x402/paywall/evm";
import { svmPaywall } from "@x402/paywall/svm";
const paywall = createPaywall()
.withNetwork(evmPaywall)
.withNetwork(svmPaywall)
.withConfig({
appName: "My App",
appLogo: "/logo.png",
testnet: true,
})
.build();
export const middleware = paymentProxy(
routes,
server,
undefined, // paywallConfig (using custom paywall instead)
paywall,
);
If you're migrating from the legacy x402-next package:
x402-next to @x402/nextpaymentMiddleware is now paymentProxyimport { paymentMiddleware } from "x402-next";
export const middleware = paymentMiddleware(
"0xYourAddress",
{
"/protected": {
price: "$0.01",
network: "base-sepolia",
config: { description: "Access to protected content" },
},
},
facilitator,
paywall,
);
import { paymentProxy, x402ResourceServer } from "@x402/next";
import { HTTPFacilitatorClient } from "@x402/core/server";
import { ExactEvmScheme } from "@x402/evm/exact/server";
const facilitator = new HTTPFacilitatorClient({ url: facilitatorUrl });
const resourceServer = new x402ResourceServer(facilitator)
.register("eip155:84532", new ExactEvmScheme());
export const middleware = paymentProxy(
{
"/protected": {
accepts: {
scheme: "exact",
price: "$0.01",
network: "eip155:84532",
payTo: "0xYourAddress",
},
description: "Access to protected content",
},
},
resourceServer,
);
Note: The payTo address is now specified within each route configuration rather than as a separate parameter.
FAQs
x402 Payment Protocol
We found that @x402/next demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
Research
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Security News
TeamPCP is partnering with ransomware group Vect to turn open source supply chain attacks on tools like Trivy and LiteLLM into large-scale ransomware operations.