BEAM·v0.1.1·MACOS · LINUX·SHA-256 VERIFIED
DOCS/Agent Payments/x402 + MPP

x402 + MPP

Beam fetch settles HTTP-native payment challenges automatically — x402 for plain proofs, MPP for Authorization-style flows.

beam fetch makes an HTTP request directly from Rust, prints the response body, and — if the server answers with a 402 Payment Required challenge — pays from the active Beam wallet and retries the request transparently.

Supported challenge formats

x402

A 402 Payment Required response with an x402 challenge body. Beam parses the offers, picks a matching chain (using --chain and --allowed-chains as constraints), submits the payment transaction, and retries the original request with a Beam-generated payment-proof header after the on-chain payment confirms.

MPP

A 402 Payment Required problem response with a valid WWW-Authenticate: Payment ... challenge. Beam validates the challenge structure, submits the payment, and retries the request with an Authorization: Payment ... credential. If the original same-origin request already set Authorization, Beam fails instead of overwriting the caller-supplied credential.

MPP challenges that omit a chain are rejected unless you explicitly provide --chain or --rpc. Malformed MPP responses are rejected on both the paid and --no-pay paths.

Examples

$ beam fetch --max-fee 0.001 https://paywall.example/article/123
$ beam fetch --allowed-chains base,8453 https://paywall.example/article/123
$ beam fetch --no-pay https://paywall.example/article/123
$ beam --from alice --chain base fetch \
  --max-fee 0.001 https://paywall.example/article/123

Constraints that keep agents safe

  • --max-fee <AMOUNT> — auto-confirm only when the estimated total stays within this cap. Beam also rejects payments whose estimated gas alone exceeds the cap. Native-asset payments include the transfer amount plus estimated gas.
  • --allowed-chains <NAME|ID>[,...] — only auto-approve those destination chains. A request that targets a different chain fails instead of prompting.
  • --no-pay — print the challenge and exit without signing.
  • --dev — allow plain HTTP payment challenges only for localhost or loopback addresses. Beam otherwise refuses to pay a 402 over plain HTTP.

See Fee caps and Chain allowlists for the per-policy details.

Private payments

Privacy-capable x402 / MPP challenges can include a private recipient address. Pass --private-payment to require a privacy-capable challenge and satisfy it with a private send on the selected privacy-capable chain. Beam rejects ordinary public challenges in --private-payment mode and only returns payment credentials after the private transfer confirms.

$ beam --from alice --chain payy-testnet fetch \
  --private-payment https://paywall.example/article/123

Redirects and request rewrites

If a same-origin redirect rewrites the request before the 402 response (for example POST becoming GET on 302/303), Beam retries that effective challenged request after payment — not the pre-redirect method and body. Cross-origin redirects are never followed by default; pass -L --follow-redirects with --max-redirects <N> to opt in, and Beam still stops before any cross-origin hop.

Interrupting safely

In the REPL, once beam fetch starts the on-chain payment transaction, Ctrl-C stops waiting for confirmation without losing the submitted hash. After the transaction phase, Ctrl-C again cancels the paid retry request or response download and returns to the prompt.

◂ Previousprivacy state