How to use Coinbase Payments MCP with PEAC x402 APIs
MCP pays. PEAC proves.
Coinbase Payments MCP handles the payment infrastructure (wallets, onramps, x402 transactions). PEAC provides cryptographic receipts that prove what was delivered and under what policy.
This installs the Payments MCP server and wallet app. You'll need to:
When your agent calls a PEAC-enabled x402 endpoint without payment, expect this 402 response:
{
"error": "payment_required",
"message": "Pay via x402 and retry with proof",
"x402": {
"session_id": "sess_abc123",
"amount_usd": 0.01,
"currency": "USDC",
"chain": "base"
},
"session_token": "eyJhbGciOiJFZERTQSIs...",
"peac": {
"policy": "https://x402.peacprotocol.org/.well-known/peac.txt",
"receipts": "required"
}
}x402.session_id - Unique payment session identifierx402.amount_usd - Amount to pay in USD (e.g., 0.01)x402.currency - Payment currency (USDC)x402.chain - Blockchain network (base)session_token - EdDSA-signed JWS to include in retryAfter MCP completes the x402 payment, retry the request with these headers:
POST /api/shop/checkout-direct
Content-Type: application/json
X-402-Session: <session_token from 402 response>
X-402-Proof: <proof_id from MCP payment>
Idempotency-Key: order-<session_id> (optional but recommended)
{
"items": [{"sku": "sku_tea", "qty": 1}]
}On successful payment (200 OK), the response includes:
PEAC-Receipt - EdDSA-signed JWS tokenHTTP/1.1 200 OK
PEAC-Receipt: eyJhbGciOiJFZERTQSIsImtpZCI6InBlYWMtZGVtby1rZXktMSIsInR5cCI6InBlYWMtcmVjZWlwdCtqd3MifQ...
{
"order_id": "ord_abc123",
"items": [...],
"totals": { "grand_total": 0.01 },
"created_at": "2025-10-26T14:00:00.000Z"
}Receipts are cryptographically signed JWS tokens. Verify them by calling:
POST /api/verify
Content-Type: application/json
{
"receipt": "<PEAC-Receipt JWS token>"
}Returns {"valid": true, "payload": {...}, "header": {...}}
Pro Tip: Store the PEAC-Receipt alongside your order data. It's portable - anyone can verify it independently using the public key at /public-keys/peac-demo-key-1.json
Create /.well-known/peac.txt (≤20 lines) to advertise your capabilities:
# ≤20 lines, dev-phase: v0.9.11
preferences: /aipref.json
access_control: http-402
payments: [x402]
provenance: c2pa
receipts: required
verify: /api/verify
openapi: /api/openapi.json
public_keys: [{"kid":"your-key-1","alg":"EdDSA","key":"/public-keys/your-key-1.json"}]When a request lacks payment proof, return 402 Payment Required:
HTTP/1.1 402 Payment Required
Content-Type: application/json
{
"error": "payment_required",
"x402": {
"session_id": "sess_<random>",
"amount_usd": 0.01,
"currency": "USDC",
"chain": "base"
},
"session_token": "<EdDSA-signed JWS with session details>",
"peac": {
"policy": "https://yoursite.com/.well-known/peac.txt",
"receipts": "required"
}
}After verifying payment (via x402 proof_id), return 200 OK with:
PEAC-Receipt: <EdDSA-signed JWS>receipt_version - e.g., "0.9.14"issued_at - ISO 8601 timestampsubject - e.g., "order", "article"payment.proof_id - x402 proof identifierpayment.amount, currency, chainresponse.body_sha256 - SHA256 hash of response bodypolicy - AIPREF snapshot (license, retention, etc.)Provide /api/openapi.json with:
See our reference OpenAPI spec for a complete example.
For agent-friendly APIs, use a stateless checkout endpoint:
order_id based on sessionIdempotency-Key header for safe retriesPEAC-Receipt header via Access-Control-Expose-HeadersNote: Our reference implementation at GitHub includes full code for 402 handling, receipt generation, and verification.
Try our live demo or explore the headless buyer agent code.