Confidential x402
Confidential x402 is a privacy extension to the x402 payment protocol that hides payment amounts from public view while keeping the full payment flow onchain and verifiable.
x402 is an open HTTP payment protocol for machine-to-machine payments. A resource server responds
with HTTP 402 Payment Required when a request lacks a valid payment. The client attaches a
signed payment to its next request, the server verifies it, and access is granted.
See the x402 documentation for the full protocol specification.
The problem with public payments
Standard x402 settles payments as plain ERC-20 token transfers, every amount is visible onchain. This works for flat-rate APIs, but breaks down the moment pricing becomes dynamic:
- Competitors can read your pricing strategy off the blockchain. Every
transferWithAuthorizationcall exposes exactly what each customer paid. - Per-customer deals are impossible to keep confidential. Volume discounts, enterprise rates, and promotional pricing are all public record.
- AI agents reveal their economic strategy. Spending patterns across API providers expose which data sources an agent values by how much budget it allocates.
How Confidential x402 addresses this
Confidential x402 introduces a confidential payment scheme built on top of
Merces, TACEO's confidential token
transfer system. Instead of transferring a plaintext amount, the client:
- Commits to the payment amount using a Poseidon2 cryptographic commitment.
- Secret-shares the amount across a network of MPC operators, encrypted to their public keys.
- Generates a Groth16 ZK proof that the commitment and ciphertexts are consistent.
- Signs the payload with EIP-712 for replay protection.
The onchain contract verifies the proof and updates balance commitments, without any plaintext amount ever appearing onchain. The MPC network holds balances as secret shares, so no single party learns what anyone has or spends.
Components
To run a full x402 confidential payment cycle TACEO operates all required components:
| Component | Description |
|---|---|
| Resource server | Endpoint that responds with a x402 payment request when called |
| MPC network | 3-party network that holds secret-shared balances and processes transfers |
| Facilitator | Offchain service that verifies payment proofs and settles transactions |
| Merces contract | Holds balance commitments and verifies ZK proofs onchain |
See Network & Contracts for addresses and endpoints.
Privacy assumptions
Confidential x402 hides payment amounts and account balances. It does not hide sender or receiver addresses, payment frequency, or the sender-receiver relationship. For a full privacy analysis, see Privacy & Trust Model.
Confidential x402 uses Merces' confidential mode (amounts hidden, addresses visible). Merces also supports a fully private mode that hides sender and receiver addresses as well, live on Plasma testnet today. Exposing fully private mode through the x402 scheme is planned for an upcoming version.
Where to go next
| Goal | Start here |
|---|---|
| Understand how the system works before writing code | How it works |
| Run a payment end-to-end right now | Quickstart |
| Add the confidential scheme to your own client & server | Integration guide |
| Look up message schemas and ZK circuit details | Protocol reference |