A CLI wallet for handling x402 payments for terminal agents
x402-wallet is an early-stage Rust project in the AI payments / x402 ecosystem. It currently has 5 GitHub stars and 1 forks.

A command-line wallet for the x402 payment protocol. Create cryptographic payment authorizations for pay-per-use APIs that use the x402 payment protocol.
.env file⚠️ ACTIVE DEVELOPMENT - USE AT YOUR OWN RISK
This software is under active development and may contain bugs or experience breaking changes. No warranty is provided. You are solely responsible for the security of your private keys and any loss of funds.
Security Warnings:
.env or encrypted keystore)Recommendations:
If you are unsure about the security implications, do not use this software.
git clone https://github.com/0xkoda/x402-wallet
cd x402-wallet
cargo build --release
The binary will be at ./target/release/x402-wallet or you can add it to your path.
To give the LLM context about x402-wallet, it is recommended you reference wallet.md or add your own.
You should also give your agent access to a list of resources, you can use resource-list.md or add your own.
IMPORTANT: Choose your storage method
You have two options for storing your private key:
.env file (Recommended for Automation/AI Agents)Pros:
Cons:
.env file, they have your keyHow to use:
# Initialize wallet (creates .env file)
./target/release/x402-wallet wallet-init
At the prompt Create new private key (y/N)?:
y to generate a new random private keyN to import your own existing private key (you'll be prompted to paste it)When to use:
Pros:
Cons:
How to use:
# Initialize with encrypted keystore
./target/release/x402-wallet wallet-init --keystore
At the prompt Create new private key (y/N)?:
y to generate a new random private keyN to import your own existing private key (you'll be prompted to paste it)Set a strong passphrase when prompted. Every command will then ask for your password:
# Every command will ask for password
./target/release/x402-wallet wallet-address
# (prompts: "Unlock keystore passphrase:")
When to use:
Option 1: Generate a new wallet and fund it
Initialize wallet (see Setup above)
Get your wallet address:
./target/release/x402-wallet wallet-address
Send USDC to that address on Base mainnet (use a small amount, $1-10 recommended)
Check your balance:
./target/release/x402-wallet balance --erc20 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Option 2: Import an existing wallet with funds
Run wallet init:
./target/release/x402-wallet wallet-init
When prompted Create new private key (y/N)?, press N
Paste your existing private key when prompted (format: 0x... or just the hex string)
The wallet will use your existing address and funds
Verify it worked:
./target/release/x402-wallet wallet-address
./target/release/x402-wallet balance --erc20 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
IMPORTANT: Only import a private key for a wallet with minimal funds. Never use your main wallet.
Note: the CLI works best with a good prompt. Ensure you have a file like wallet.md that clearly explains to the agent how to use the wallet
Pay for an x402-protected API:
# 1. Make initial request to get payment requirements
curl -X POST https://api.example.com/endpoint
# Response: 402 Payment Required with details
# 2. Create payment signature (save to file)
./target/release/x402-wallet create-payment \
--pay-to 0xRECIPIENT_ADDRESS \
--token 0xUSDC_ADDRESS \
--amount 10000 \
--token-name "USD Coin" \
--token-version "2" > payment.txt
# 3. Retry request with payment header
curl -X POST \
-H "X-PAYMENT: $(cat payment.txt)" \
https://api.example.com/endpoint
Check balances:
# ETH balance
./target/release/x402-wallet balance
# USDC balance (Base mainnet)
./target/release/x402-wallet balance --erc20 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Send ETH:
./target/release/x402-wallet send-eth \
--to 0xRECIPIENT \
--eth 0.1
Send USDC:
./target/release/x402-wallet send-erc20 \
--token 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 \
--to 0xRECIPIENT \
--amount 10.5
This wallet implements the "exact" payment scheme from x402 using EIP-3009 (gasless USDC transfers). It creates cryptographic signatures that authorize token transfers without requiring an on-chain transaction from the payer.
Key components:
create-payment command - Signs EIP-712 typed data for EIP-3009 authorizationX-PAYMENT headerConfig stored in ~/.x402wallet/config.json:
{
"network": "base",
"rpc": {
"ethereum": "https://cloudflare-eth.com",
"base": "https://mainnet.base.org",
"base-sepolia": "https://sepolia.base.org"
}
}
Change networks:
./target/release/x402-wallet config-set --network base
.env file method:
./.env0600 (owner read/write only) on UnixX402_WALLET_PRIVATE_KEYKeystore method:
~/.x402wallet/keystore.json| Network | Chain ID | Default RPC |
|---|---|---|
| Ethereum | 1 | https://cloudflare-eth.com |
| Base | 8453 | https://mainnet.base.org |
| Base Sepolia | 84532 | https://sepolia.base.org |
This wallet is designed for use by LLM coding agents (Claude Code, Gemini Code Assist, etc.).
IMPORTANT: AI agents cannot use the encrypted keystore because they cannot enter passwords interactively. Always use the .env method for agent workflows.
See wallet.md for detailed agent instructions.
Example workflow:
x402-wallet create-payment with parsed paramsX-PAYMENT headerwallet-init Initialize new wallet
--keystore Use encrypted keystore (breaks automation)
--dotenv PATH Use .env file at PATH (default: ./.env)
wallet-address Display wallet address
config-set Configure network
--network NAME Network: ethereum, base, base-sepolia
--rpc URL Custom RPC endpoint (optional)
balance Check balance
--erc20 ADDRESS Token address (omit for ETH)
send-eth Send ETH
--to ADDRESS Recipient
--eth AMOUNT Amount in ETH
send-erc20 Send ERC20 tokens
--token ADDRESS Token contract
--to ADDRESS Recipient
--amount AMOUNT Amount in token units
create-payment Create x402 payment signature
--pay-to ADDRESS Recipient (from 402 response)
--token ADDRESS Token contract (from 402 response)
--amount UNITS Amount in smallest units (from 402 response)
--token-name NAME Token name for EIP-712 (optional)
--token-version VER Token version for EIP-712 (optional)
"RPC chain ID mismatch"
Your configured network doesn't match the RPC endpoint. Set correct network:
./target/release/x402-wallet config-set --network base
"No private key found"
Initialize wallet first:
./target/release/x402-wallet wallet-init
"Unlock keystore passphrase:" prompt blocks my script/agent
You're using encrypted keystore mode. For automation, use .env method instead:
# Remove keystore
rm ~/.x402wallet/keystore.json
# Reinitialize with .env
./target/release/x402-wallet wallet-init
export $(cat .env | xargs)
"Transaction dropped"
Insufficient ETH for gas or network congestion. Check ETH balance:
./target/release/x402-wallet balance
Payment authorization fails
Ensure you're using correct --token-name and --token-version from the 402 response extra fields.
Contributions welcome! Please:
By contributing, you agree to license.
AGPL-3.0 - This software is licensed under the GNU Affero General Public License v3.0.
Why AGPL? This ensures that if companies build services using this wallet, they contribute back to the community by open-sourcing their code. If you want to use this commercially without open-sourcing, please contact us for licensing options.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
You are solely responsible for:
Built for the x402 ecosystem - Making APIs payable with crypto, one request at a time.