SDK & Receipts
Every successful payment through x402 Studio returns a signed receipt token (JWT). The x402layer SDK lets you verify these receipts server-side to gate premium content, confirm purchases, or audit payments. 🔗 GitHub: Singularity-SDK 🔑 JWKS Endpoint: api.x402layer.cc/.well-known/jwks.json 📦 All packages: see the platform-wide SDKs & Packages catalog.How It Works
When a payment is processed through x402, the worker signs a receipt JWT with a private key. The SDK verifies that signature using the corresponding public key from the JWKS endpoint — proving the receipt is genuine and untampered.- Client hits your API — Without a valid receipt token
- SDK middleware returns 402 — With x402 payment instructions
- Client pays via x402 — Receives a signed receipt JWT
- Client retries with receipt — Token in header
- SDK verifies receipt — Cryptographic signature check against JWKS public keys → access granted
Installation
Node.js
Python
PyJWT, cryptography) are installed automatically. For FastAPI support: pip install x402layer-sdk[fastapi].
Receipt Token Contract
Receipt tokens are standard JWTs signed withRS256. Public keys are served from the JWKS endpoint for verification.
| Property | Value |
|---|---|
| Algorithm | RS256 |
| JWKS URL | https://api.x402layer.cc/.well-known/jwks.json |
| Issuer | https://api.x402layer.cc |
| Audience | x402layer:receipt |
Receipt Claims
| Claim | Type | Description |
|---|---|---|
event | string | "payment.succeeded" |
source | string | "endpoint" | "product" |
source_id | string | UUID of the resource |
source_slug | string | Slug of the resource |
amount | string | Payment amount (e.g. "1.00") |
currency | string | Asset symbol ("USDC" or "USDm") |
tx_hash | string | On-chain transaction hash |
payer_wallet | string | Buyer wallet address |
network | string | "base" | "solana" | "megaeth" |
status | string | Settlement status |
iat | number | Issued-at timestamp (Unix) |
exp | number | Expiration timestamp (Unix) |
jti | string | Unique receipt ID |
Node.js Quick Start
Python / FastAPI Quick Start
Where the Token Comes From
After a successful payment, the x402 worker includes the receipt token in the response header:Authorization: Bearer header or the X-X402-Receipt-Token header.
Security Notes
- 🛡️ Always set
requiredSourceSlugin production — prevents a receipt for endpoint A being replayed against endpoint B. - 🔄 Key rotation — Publish a new JWKS key with a new
kid, then update the worker private key. Old tokens remain verifiable until they expire. - ⏳ Expiration — Receipt tokens have a limited lifetime. Always check the
expclaim (the SDK does this automatically).
Related
- Webhooks — Receive server-side payment notifications
- Creating Endpoints — Set up paid API endpoints
