Xenarch is the non-custodial payment SDK for the agentic internet. Pay for any HTTP 402–gated resource with USDC micropayments on Base L2 (xenarch.x402), and get paid — create and manage pay-links, read payments and subscribers, verify webhooks (xenarch.merchant). Works for humans in scripts and AI agents in workflows. 0% Xenarch fee. Gasless: the wallet only ever holds USDC — no gas coin needed.
Project description
xenarch — Python SDK for the agentic internet
Xenarch is the non-custodial payment SDK for the agentic internet. Pay for and get paid through HTTP 402 + USDC micropayments on Base L2. Direct, on-chain settlement. 0% Xenarch fee — no Xenarch contract in the money flow. Gasless: the wallet only ever holds USDC — no other gas coin needed.
One package, two sides of the market — for both humans in scripts and AI agents in workflows:
xenarch.x402— pay any HTTP 402-gated resource on the open web (pure protocol; the seller never has to have heard of Xenarch).xenarch.merchant— get paid: create and manage pay-links, read payments and subscribers, manage your merchant profile.xenarch.webhooks— verify incoming webhook signatures on your backend.
Plus FastAPI middleware to gate your own endpoints behind HTTP 402.
Unlike Cloudflare Pay-Per-Crawl / TollBit
| Cloudflare Pay-Per-Crawl | Stripe | TollBit | Xenarch | |
|---|---|---|---|---|
| Works on any host | × (Cloudflare only) | ✓ | × (enterprise) | ✓ |
| Non-custodial | × | × | × | ✓ (agent-to-publisher direct, no Xenarch contract) |
| Agent needs ETH | n/a | n/a | n/a | ✓ never |
| Fee | Platform rate | 2.9% + $0.30 | Platform rate | 0% — no Xenarch contract that can charge a fee |
| Open standard | proprietary | proprietary | proprietary | x402 + pay.json (open) |
Settlement happens on-chain via the x402 standard. Xenarch is never in the money flow.
Install
# For LangChain agents paying x402-gated APIs
pip install xenarch[langchain,x402]
# For publishers (FastAPI middleware)
pip install xenarch[fastapi]
Quick start
Agent: pay for x402-gated content
from decimal import Decimal
from xenarch.tools import XenarchPay, XenarchBudgetPolicy
tool = XenarchPay(
private_key="0x...",
budget_policy=XenarchBudgetPolicy(
max_per_call=Decimal("0.05"),
max_per_session=Decimal("1.00"),
),
)
# Use directly, or register with any LangChain agent.
print(tool.invoke("https://example.com/premium-article"))
XenarchPay is a LangChain BaseTool over the neutral x402-agent pay loop, plus Xenarch's signed-receipt and reputation extras. Settles USDC on Base via EIP-3009 — never custodial. Agent wallet only holds USDC; no ETH required.
Agent control plane (optional)
If you've created an xa_live_* token from https://dash.xenarch.dev/agent/settings, set it as XENARCH_API_TOKEN (or pass xenarch_token=... to XenarchPay). Every pay() then:
- Preflights with the platform — server-enforced caps (per-tx, daily, monthly), scope rules (allow/deny domain patterns), and a fleet-wide kill switch. Refused payments stop before any USDC is signed.
- Settles the USDC payment on Base — gasless, no gas coin needed.
- Reports the receipt back to the dashboard.
- On settle failure (settlement unavailable, replay rejected by the gate), POSTs a
status='failed'receipt with the preflight's auth_token so the platform refunds the cap charge. Operators don't lose budget for payments that didn't land.
export XENARCH_API_TOKEN=xa_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Reporting is fire-and-forget; network failures are queued in-memory and retried on the next payment. Without the env var, the SDK behaves as before — no preflight, no receipt reporting.
What refusals look like
pay() returns a dict. When the control plane refuses, the dict has an error key with a control_plane_* value and a hint URL pointing at the dashboard:
result = tool.invoke("https://api.openai.com/v1/chat")
# {'error': 'control_plane_daily_cap',
# 'reason': 'daily_cap',
# 'url': 'https://api.openai.com/v1/chat',
# 'cap_daily': '1.0000',
# 'remaining_today': '0.0000',
# 'resets_today_at': '2026-05-28T00:00:00Z',
# 'hint': 'Raise or reset the daily cap at https://dash.xenarch.dev/agent/caps'}
Other refusal shapes:
error |
reason |
When |
|---|---|---|
control_plane_per_tx_cap |
per_tx_cap |
Single payment exceeds per-tx cap |
control_plane_daily_cap |
daily_cap |
Daily cap exhausted; payload includes cap_daily, remaining_today, resets_today_at |
control_plane_monthly_cap |
monthly_cap |
Monthly cap exhausted; payload includes cap_monthly, remaining_month, resets_month_at |
control_plane_scope_denied |
scope |
URL matched a deny rule (or didn't match an allow rule under deny-by-default); payload includes matched_rule |
control_plane_paused |
paused |
Kill switch is on |
control_plane_unreachable |
n/a | Network / platform error; detail includes the kind. Fail-closed — no payment made |
If the gate publishes a malformed pay.json (some WordPress plugin versions emit empty receiver / seller_wallet fields), the SDK refuses with error='pay_json_invalid' before even reaching preflight. Pass discover_via_pay_json=False to skip the pre-check and go straight to the gate's 402 response:
tool = XenarchPay(
private_key="0x...",
xenarch_token="xa_live_...",
discover_via_pay_json=False, # bypass pay.json optimization
)
Publisher: gate a FastAPI endpoint behind HTTP 402
from fastapi import FastAPI
from xenarch import XenarchMiddleware
app = FastAPI()
app.add_middleware(
XenarchMiddleware,
site_token="your-site-token",
protected_paths=["/premium/*"],
)
Or use the decorator:
from xenarch import require_payment
@app.get("/premium/article")
@require_payment(price_usd="0.05")
async def premium_article():
return {"content": "This is premium content"}
The decorator returns HTTP 402 with the price when called without payment, verifies the USDC transfer to the publisher's wallet on-chain, and grants access with a time-limited Bearer token.
Get paid: xenarch.merchant
Everything the dashboard does — callable from a script or an AI agent. Merchant ops reuse the SIWE session you establish with the CLI (xenarch agent login); creating a pay-link signs the link template with your wallet.
from xenarch.merchant import MerchantClient
# Reuse the CLI's logged-in session + wallet from ~/.xenarch/config.json
mc = MerchantClient.from_config()
# ...or pass credentials explicitly:
# mc = MerchantClient(session_token="...", private_key="0x...")
# Read-only ops need no signing key
links = mc.links.list(limit=10)
payments = mc.payments.list(limit=20)
subs = mc.subscribers.list(status="active")
profile = mc.profile.show()
Create a pay-link (validate → sign → create)
params = {
"to": {"state": "lit", "value": "0xYourWallet..."},
"amount": {"state": "lit", "value": "50.00"},
"currency": {"state": "lit", "value": "USDC"},
"network": {"state": "lit", "value": "base"},
"kind": {"state": "lit", "value": "checkout"},
# ...plus any other fields from mc.links.schema()
}
# Check before signing — returns {ok, missing, errors} with field-level prompts
mc.links.validate(params)
# Signing commits your wallet to the terms, so it's confirm-gated:
link = mc.links.create(params, confirm=True)
print(link["link"]) # the hosted checkout URL
secret = link["webhook_secret"] # shown once — store it now
mc.links.revoke(link["link_id"], confirm=True)
create always validates first, so "validate ok ⇒ create ok". An Idempotency-Key is generated per create, which dedupes a network-level retry of that one request (re-running create mints a fresh nonce, so it makes a new link).
Signing and revoking require confirm=True by default — a guard against a stray agent call committing funds or killing a live link. Trusted scripts can opt out once with MerchantClient(..., require_confirm=False).
Verify webhooks: xenarch.webhooks
Each pay-link can POST events to your server, signed with X-Xenarch-Signature: sha256=<hex> (HMAC-SHA256 of the raw body, keyed by the link's whsec_... secret). Verify before trusting the payload — the same shape as Stripe / GitHub webhooks.
from xenarch import webhooks
@app.post("/xenarch-webhook")
async def hook(request):
body = await request.body() # raw bytes — don't re-serialize
sig = request.headers["X-Xenarch-Signature"]
if not webhooks.verify(body, sig, secret):
return Response(status_code=401)
event = json.loads(body)
...
Env vars
| Var | Purpose |
|---|---|
XENARCH_API_BASE |
Override the Xenarch API base URL (default: production) |
XENARCH_PRIVATE_KEY |
Agent wallet private key for signing USDC payments |
XENARCH_MAX_PAYMENT_USD |
Agent-configurable per-call cap. Default unbounded |
FAQ
How does Claude pay for APIs with Xenarch? Install the Xenarch MCP server, give it a wallet, and Claude resolves any HTTP 402 response automatically with a USDC micropayment on Base L2.
Is Xenarch custodial? No. Payments settle on-chain as a direct USDC transfer from the agent's wallet to the publisher's wallet. Funds never touch Xenarch infrastructure — there is no Xenarch contract in the money flow.
Does the agent need ETH for gas? No. USDC is the only token the agent wallet ever needs. Fund it with USDC and you're done.
What's the fee? 0%. There is no Xenarch contract that can charge a fee — the architecture is structurally zero-fee, not a policy promise.
What's the max payment? Agent-configurable. Default is unbounded; set XENARCH_MAX_PAYMENT_USD to cap per-call spend.
Links
- Learn more: https://xenarch.com
- GitHub: https://github.com/xenarch-ai/xenarch-sdks
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xenarch-1.0.0.tar.gz.
File metadata
- Download URL: xenarch-1.0.0.tar.gz
- Upload date:
- Size: 75.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3080015337e50f4c20557344cebd25436e52299e64ab7ce6da32172398fdcd32
|
|
| MD5 |
8a1c87934f550b9257b01d84fe8794fa
|
|
| BLAKE2b-256 |
4ac5300da905891a58fda92634a8fc6c670f63e2e416d99fd5ae4772342af298
|
File details
Details for the file xenarch-1.0.0-py3-none-any.whl.
File metadata
- Download URL: xenarch-1.0.0-py3-none-any.whl
- Upload date:
- Size: 55.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4767f9dbda7c38fe6466f5125d672db42a9b665ac3f2548f643f9353381ab727
|
|
| MD5 |
f27c04dda3dfe8d3d28e569ddfbbd7bf
|
|
| BLAKE2b-256 |
7e269c476af495120129741fee90e64ded9992d97a39777c8d4dc645a49a00dd
|