Agent payments
prxy.monster exposes a dedicated Machine Payments Protocol route for agents that can handle HTTP 402 Payment Required.
MPP discovery and 402 challenges are live. Production money movement is still pending Stripe Link SPT settlement, so a paid retry can return 402 verification-failed until production payments are enabled.
Why MPP exists
Autonomous agents sometimes need to purchase one machine-readable resource without creating an account, choosing a subscription, or going through a human checkout. MPP gives that flow a predictable shape:
- Agent requests the resource.
- prxy.monster returns a
402payment challenge. - The agent wallet pays or asks its operator to approve.
- The agent retries with
Authorization: Payment .... - When settlement is enabled, prxy.monster returns the result and a
Payment-Receiptheader.
For prxy.monster, the paid MPP resource is one optimized PRXY pipeline execution: MCP tool pruning, cache lookup, context compression/preservation, pattern injection, cost guarding, optional upstream model call, and an itemized receipt.
Billing model
MPP and API-key traffic are different products.
| Flow | Who has a prxy account? | Who has the provider key? | What pays prxy? | Does the price include upstream inference? |
|---|---|---|---|---|
| API-key BYOK | Human/team | Human/team | Subscription + metered overage | No. Provider bills you directly. |
| Managed MPP | Agent may have no account | prxy.monster managed route | HTTP 402 payment | Yes. $0.05 includes gateway execution and the upstream call. |
| Merchant MPP | Merchant/customer | Merchant/customer | Planned merchant endpoint | Planned. Not GA. |
Regular API-key routes such as /v1/messages and /v1/chat/completions are not MPP-payable. They require Authorization: Bearer <prxy_key>.
Discovery
Wallet-aware agents discover paid routes from either surface:
GET https://api.prxy.monster/.well-known/mpp
GET https://api.prxy.monster/openapi.jsonCurrent discovery advertises the dedicated agent route only:
{
"spec_version": "0.1",
"realm": "api.prxy.monster",
"payment_methods": [
{
"method": "stripe",
"wallet_provider": "stripe-link",
"currency": "usd",
"status": "protocol_live_settlement_gated_on_stripe_link_spt_ga"
}
],
"routes": [
{
"path": "/v1/agent/messages",
"method": "POST",
"price_usd_per_call": 0.05,
"category": "llm-generation"
}
],
"capabilities": {
"idempotency": true,
"refunds": false,
"receipts": "header",
"content_digest": "rfc-9530 sha-256",
"ledger_public": true
}
}There is no separate quote endpoint mounted today. The quote is the route advertisement plus the concrete per-request challenge.
Agent route
POST https://api.prxy.monster/v1/agent/messagesThe request body uses the Anthropic-compatible Messages shape.
| Request | Current response |
|---|---|
No Authorization: Payment ... header | 402 payment-required with WWW-Authenticate: Payment ... |
Malformed or unverified Authorization: Payment ... header | 402 verification-failed with a fresh challenge |
| Valid settled payment | Planned/settlement-gated 200 with Payment-Receipt |
402 challenge
request
curl -i https://api.prxy.monster/v1/agent/messages \
-H "Content-Type: application/json" \
-d '{
"model": "bedrock/us.amazon.nova-micro-v1:0",
"max_tokens": 256,
"messages": [{ "role": "user", "content": "Say hi" }]
}'request in the header is base64url JSON for the inner Stripe request object. The digest binds the challenge to the original request body.
Paid retry
When the wallet has a Shared Payment Token, retry with Authorization: Payment:
curl -i https://api.prxy.monster/v1/agent/messages \
-H "Authorization: Payment id=\"mpp_...\", credential=\"<SPT>\"" \
-H "Content-Type: application/json" \
-d '{ "...": "same request body as the challenge" }'Current settlement-pending response:
{
"type": "https://paymentauth.org/problems/verification-failed",
"title": "Payment Verification Failed",
"status": 402,
"detail": "SPT verification is not yet enabled on this instance. The protocol layer issues discovery and 402 challenges, but paid retries are gated until Stripe Link agent-payment settlement is enabled."
}Receipts
Successful settled calls will include:
Payment-Receipt: <base64url-json>Decoded shape:
{
"method": "stripe",
"reference": "ch_...",
"externalId": "optional",
"status": "success",
"timestamp": "2026-05-03T21:55:00.000Z"
}Receipts are header-format-ready and the public ledger URL is advertised, but production receipts require successful settlement. Refunds are not currently supported; the refund policy is planned for production MPP payments.
Error cases
| Status | Problem type | Meaning |
|---|---|---|
| 402 | payment-required | Missing Authorization: Payment header. |
| 402 | malformed-credential | Payment header does not parse. |
| 402 | invalid-challenge | Challenge is unknown, expired, or already consumed. |
| 402 | verification-failed | SPT verification/settlement is unavailable or failed. |
| 404 | not_found | MPP discovery disabled on that instance or route not mounted. |
Idempotency
Challenges are persisted with a five-minute TTL and intended to be single-use. Once production Stripe SPT settlement is enabled, clients should retry the same request body against the same challenge id and let the gateway consume it exactly once.
Test mode
No public test credential is honored by the current /v1/agent/messages route. Use discovery and the 402 challenge response for integration work until a test settlement path is explicitly advertised.
Why a separate route?
MPP wallets and API-key clients use different auth shapes. Keeping /v1/agent/messages separate from /v1/messages prevents wallet retries from colliding with bearer-token auth and keeps production API-key traffic boring.