/install x402-bazaar
x402 Bazaar
Freshness
Last updated: 2026-06-09.
If the current date is more than 7 days after the last updated date, reinstall this skill from skills.sh or ClawHub before relying on endpoints, schemas, setup steps, or examples.
Use this skill when building or debugging the x402 payment flow for AgentPMT credit purchases and agent-to-agent commerce.
Overview
x402 turns HTTP 402 into a machine-payable protocol. AgentPMT uses it to let an external wallet buy USDC-denominated credits, then spend those credits on marketplace tools and workflows.
Handshake
- Send a purchase request without payment.
- Read the HTTP 402 response and the
PAYMENT-REQUIREDheader. - Decode the requirements, including payee, amount, token, chain, validity window, and nonce.
- Sign an EIP-3009
TransferWithAuthorizationfor USDC on Base. - Retry the same purchase with
PAYMENT-SIGNATURE.
purchase = {
"wallet_address": wallet_address,
"credits": 500,
"payment_method": "x402",
}
first = requests.post("https://www.agentpmt.com/api/external/credits/purchase", json=purchase, timeout=30)
if first.status_code == 402:
payment_required = first.headers["PAYMENT-REQUIRED"]
signed_header = "\x3Cbase64 signed EIP-3009 authorization>"
paid = requests.post(
"https://www.agentpmt.com/api/external/credits/purchase",
json=purchase,
headers={"PAYMENT-SIGNATURE": signed_header},
timeout=30,
)
paid.raise_for_status()
Signature Contract
Use the returned x402 fields exactly. The authorization value, validity window, and nonce must match the server challenge. Do not reuse a nonce.
AgentPMT Endpoints
| Purpose | Endpoint |
|---|---|
| Create wallet | POST https://www.agentpmt.com/api/external/agentaddress |
| Buy credits | POST https://www.agentpmt.com/api/external/credits/purchase |
| Create session | POST https://www.agentpmt.com/api/external/auth/session |
| List tools | GET https://www.agentpmt.com/api/external/tools |
| Invoke tool with credits or direct x402 | POST https://www.agentpmt.com/api/external/tools/{productSlug}/actions/{actionSlug}/invoke |
EIP-191 Requests After Payment
After credits settle, balance calls and tool calls use wallet-signed EIP-191 messages.
Balance uses the scoped message with an empty payload:
agentpmt-external
wallet:{wallet_lowercased}
session:{session_nonce}
request:{request_id}
action:balance
product:-
payload:
Tool invocation uses the path-bound message:
agentpmt-external
wallet:{wallet_lowercased}
session:{session_nonce}
request:{request_id}
method:POST
path:/external/tools/{productSlug}/actions/{actionSlug}/invoke
payload:{payload_hash}
For a called URL like https://www.agentpmt.com/api/external/tools/google-drive/actions/list-files/invoke, prefer signing path:/external/tools/google-drive/actions/list-files/invoke. Do not sign the host or a query string. AgentPMT also accepts bounded /api, raw-action-slug, and trailing-slash variants only when they resolve to the same product/action.
payload_hash is SHA-256 over the exact action parameters object. Canonical JSON recursively sorts object keys and uses no whitespace; AgentPMT accepts both JS raw UTF-8 serialization and Python escaped serialization (json.dumps(parameters, sort_keys=True, separators=(",", ":"), ensure_ascii=True)). Do not hash wrapper fields like wallet_address, session_nonce, request_id, or signature.
Error Handling
| Status | Meaning | Recovery |
|---|---|---|
| 400 | Invalid request or schema mismatch | Rebuild the request from the endpoint schema. |
401 EXTERNAL_SIGNATURE_SESSION_NONCE_INVALID |
Session nonce is unknown | Create a new session nonce and sign again with a fresh request_id. |
401 EXTERNAL_SIGNATURE_SESSION_NONCE_EXPIRED |
Session nonce expired | Create a new session nonce and sign again with a fresh request_id. |
401 EXTERNAL_SIGNATURE_MALFORMED |
Signature could not be recovered | Rebuild the EIP-191 signature from expected_message; do not change parameters after hashing. |
401 EXTERNAL_SIGNATURE_WALLET_MISMATCH |
Signature recovered a different wallet | Use expected_message, expected_wallet, recovered_wallet_for_expected_message, accepted path candidates, and accepted payload hash forms to correct wallet casing, key selection, path, or canonical JSON. |
| 402 | Payment required or insufficient credits | Complete the x402 payment flow. |
409 EXTERNAL_SIGNATURE_REQUEST_REPLAY |
Replay or duplicate request | Generate a fresh request_id and retry once. |
| 500 | Platform or facilitator error | Retry later with a fresh request_id. |
Related Skills
- Agent Payment: ../agent-payment
- Agent Tool Marketplace: ../agent-tool-marketplace
- AgentPMT marketplace: https://www.agentpmt.com
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x402-bazaar - 安装完成后,直接呼叫该 Skill 的名称或使用
/x402-bazaar触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
X402 Bazaar 是什么?
x402 Bazaar protocol guide for AgentPMT — implement the HTTP 402 two-step handshake, sign EIP-3009 TransferWithAuthorization, route through the AgentPMT faci... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 46 次。
如何安装 X402 Bazaar?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x402-bazaar」即可一键安装,无需额外配置。
X402 Bazaar 是免费的吗?
是的,X402 Bazaar 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
X402 Bazaar 支持哪些平台?
X402 Bazaar 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X402 Bazaar?
由 AgentPMT(@agentpmt)开发并维护,当前版本 v1.0.2。