The First Autonomous Machine-to-Machine Deal: $0.005 USDC, 5 Ed25519 Receipts, Zero Humans

April 17, 2026 · Murat Keskin · ~14 min read · x402 MCP Autonomous Base

On April 17, 2026 at 07:16 UTC, one piece of AI infrastructure autonomously paid another piece of AI infrastructure 0.005 USDC on Base mainnet and received five cryptographically signed market-state attestations in return. No human operator. No salesperson. No invoice. No account creation. No purchase order. Just an HTTP 402 Payment Required, a USDC transfer, a returned API key, and five Ed25519-signed receipts — the complete agent-to-agent commerce loop, closed end-to-end. This post walks through the entire x402 protocol flow, including the day before when we tried the same thing with a different counterparty and lost $0.85 USDC.

TL;DR
$0.005
USDC on Base
5
Ed25519 receipts
90s
Total elapsed
0
Humans involved

What you'll read

  1. Why a $0.005 transaction matters
  2. The day before: why LimitGuard failed
  3. The deal: how Headless Oracle worked
  4. Anatomy of an x402 transaction
  5. Verifying Ed25519 signatures in the browser
  6. The four things that broke before it worked
  7. The price floor of signed data
  8. How to reproduce this deal
  9. What's next for agent-to-agent commerce
  10. FAQ

Why a $0.005 transaction matters

Half a cent does not sound like a revolution. Five cryptographically signed attestations of which stock exchanges are open do not sound like a revolution. And yet: this is the first time two independent AI infrastructures have closed a paid commercial transaction without a human in the loop.

Not "a human wrote code that did it." Of course a human wrote the code. But the code, once running, found an external service, encountered its paywall, signed a payment, settled it on a public blockchain, received back a credential, and used that credential to fetch the data it needed — all within a single agent loop, with no human approval step anywhere. The only humans involved are the two of us who documented it afterward.

The significance is not the dollar amount. The significance is the cost per unit of trust. Five Ed25519-signed attestations of global market state, valid for 60 seconds each, SEC/CFTC Technical Framework for Tokenized Collateral compliant — for one-tenth of a US cent per receipt. A single cent now buys ten pieces of cryptographically proof-carrying data. An agent making a trading decision or a compliance decision can pull in a dozen such attestations for a dollar.

What we are seeing is the cost floor of the autonomous agent economy — the price at which machines provide machines with trustworthy information. Everything above that floor, in B2B SaaS today, is margin, brand, sales overhead, and the friction of human onboarding. When agents become buyers, that margin collapses.

The day before: why LimitGuard failed

On 2026-04-16, we tried the same thing with LimitGuard Trust Intelligence, a trust-scoring service for entity verification. Their agent card advertised x402 payment support. Their paywall endpoint returned a well-formed 402 with the standard fields. We had everything we needed.

We used the Coinbase @x402/fetch SDK, which is the reference client implementation. It takes a viem wallet, produces a correctly-signed EIP-3009 TransferWithAuthorization payload, base64-encodes it into an X-PAYMENT header, and retries the original request. Canonical flow.

It did not work. LimitGuard's facilitator returned {"error":"Invalid signature","errorCode":"invalid_signature"}. The payment had already been sent on-chain (the SDK executes the transfer first, then retries), so $0.85 USDC was now sitting in their wallet with no receipt coming back.

The root cause

LimitGuard runs their own payment facilitator — not the Coinbase reference facilitator. Their validator expects a non-standard payload structure. Our cryptographic signature is valid (we verified it locally with viem); their code just does not recognize the shape. The x402 protocol is young and interoperability between implementations is not guaranteed.

We tried three different fixes:

All three returned the same Invalid signature error. The $0.85 stayed in their wallet. We drafted a LinkedIn message to their team, shelved the effort, and decided to pick a counterparty the next day that clearly advertised standard-spec compatibility.

The deal: how Headless Oracle worked

On 2026-04-17 we built a scanner that pulled every MCP server with x402 signals in its .well-known/agent.json. The scanner found 1,960 candidates; ten had genuine x402 pricing. We probed the top three. One of them, Headless Oracle, immediately stood out:

The last two bullet points are the important ones. The /v5/sandbox endpoint is a cryptographic onboarding path — you do not need to fight the spec, you do not need to match any particular payload shape, you just send USDC on-chain and include the transaction hash in an X-Payment header. In return you get an API key with credits attached. From there, every subsequent request uses a simple X-Oracle-Key header, no more cryptographic gymnastics.

Here is the entire transaction log. Note what happened and what failed:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ OracleNet → Headless Oracle | x402 M2M Deal v1 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Wallet: 0x4a4B1F45a00892542ac62562D1F2C62F579E4945 [1] Probe 402 (raw)... status=402 scheme=exact net=base amount=5000 foundation=compatible [2] Try @x402/fetch + ExactEvmScheme v1 (Coinbase SDK) ERROR: Unsupported network format: base (expected eip155:CHAIN_ID) [3] Normalize network: base → eip155:8453, retry... ERROR: EIP-712 domain parameters (name, version) required [4] Delete PAYMENT-REQUIRED header (so SDK uses body), retry... Signature created, X-PAYMENT set (636 chars base64-JSON) Status 402 — server silently rejects signed x402 payload [5] Switch path: on-chain USDC transfer + raw-JSON txHash TX 0x2dd2fbbd...14c6aae1 confirmed at block 44810263 [6] POST /v5/sandbox with X-Payment raw JSON Status 200 — api_key: ho_crd_8990371b6fea1... credits: 10 [7] GET /v5/batch?mics=XNYS,XNAS,XLON,XJPX,XPAR + X-Oracle-Key Status 200 — 5 Ed25519-signed market-state receipts ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Deal complete · 0.005 USDC paid · 5 receipts received · ~90s elapsed ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

The Coinbase SDK did not produce an accepted payload on the /v5/batch endpoint (steps 2–4 all failed), but the /v5/sandbox direct path worked on the first try. The crucial insight: when you are a new agent trying to buy from an unknown counterparty, the payment format that matters is the simplest one that gets you a credential. Protocol elegance is secondary.

Anatomy of an x402 transaction

The x402 protocol is straightforward in principle. An HTTP client hits a paid endpoint. The server returns HTTP 402 Payment Required with a structured response body:

{ "x402Version": 1, "accepts": [{ "scheme": "exact", "network": "base", "maxAmountRequired": "5000", "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "payTo": "0x26D4Ffe98017D2f160E2dAaE9d119e3d8b860AD3", "maxTimeoutSeconds": 300, "extra": {"name": "USD Coin", "version": "2"} }], "error": "Payment Required" }

The client has two paths:

Path A — signed EIP-3009 authorization (Coinbase canonical)

The client constructs an EIP-3009 TransferWithAuthorization message (from, to, value, validAfter, validBefore, nonce), signs it with the wallet's private key using EIP-712 structured signing, and sends it as a base64-JSON X-PAYMENT header. The server verifies the signature, executes the transfer on-chain via its facilitator, and returns the data.

Path B — direct on-chain payment with txHash (Headless sandbox)

The client sends USDC to the payTo address using any method (viem, ethers, MetaMask). Once confirmed, it POSTs to the sandbox endpoint with an X-Payment header containing the transaction hash, network, amount, and payment address as raw JSON. The server observes the chain, credits the caller, and issues a persistent API key.

CriterionPath A (signed EIP-3009)Path B (direct txHash)
Client complexityHigh (EIP-712, EIP-3009, SDK required)Low (one USDC transfer + one header)
Server-side costServer pays gas to settle on-chainClient pays gas, server just observes
Replay protectionNonce + time window in signaturetxHash is single-use by design
Interoperability riskHigh (custom validators)Low (standard ERC-20 transfer)
Good for first-time buyerNo — must match spec exactlyYes — always works if USDC arrived
Builder's note

If you are implementing an x402 seller, offer both paths. Path A is efficient for returning customers with SDK integration. Path B is the zero-friction onboarding ramp for anyone showing up for the first time. Headless Oracle's /v5/sandbox — "send any amount, get 10 credits and a key" — is the cleanest onboarding pattern we have seen in this space.

Verifying Ed25519 signatures in the browser

Every receipt Headless Oracle returned is signed with Ed25519. The public key is 03dc27993a2c90856cdeb45e228ac065f18f69f0933c917b2336c1e75712f178, published at /v5/keys along with the canonical payload specification:

This means anyone — including readers of this post — can verify the deal without trusting us or Headless Oracle's server. We built tooloracle.io/first-m2m-deal so the verification runs in your browser: the page loads the public key from Headless Oracle's own key endpoint, reconstructs the canonical payload, and calls Ed25519.verify() using @noble/ed25519. The result is either true (signature valid) or false. Nothing is fetched from our backend to determine that answer.

import * as ed from "@noble/ed25519"; // 1. Fetch the seller's public key const keys = await (await fetch("https://headlessoracle.com/v5/keys")).json(); const publicKey = hexToBytes(keys.keys[0].public_key); const spec = keys.canonical_payload_spec.receipt_fields.sort(); // 2. Rebuild the canonical payload from the receipt const canonical = {}; for (const k of spec) if (k in receipt) canonical[k] = receipt[k]; const message = new TextEncoder().encode(JSON.stringify(canonical)); // 3. Verify const signature = hexToBytes(receipt.signature); const valid = await ed.verifyAsync(signature, message, publicKey); // → true
Why this architecture is important

Signed data that the client can verify locally removes the seller from the trust chain after delivery. If Headless Oracle's servers were compromised tomorrow, the receipts we received today still verify — as long as their Ed25519 private key is not also compromised. This is a materially different trust model than typical REST APIs, where the seller is the only authority on what they told you.

The four things that broke before it worked

The deal log above shows four distinct failures before success. Each one is worth documenting because each one represents a real incompatibility in the current x402 ecosystem:

Failure 1 — CAIP-2 vs legacy network names

The Coinbase @x402/evm scheme implementation throws if the network field is not eip155:CHAIN_ID format. Headless Oracle returns the legacy short name base. We had to wrap fetch with a normalizer that rewrites the 402 response body before the SDK sees it.

Failure 2 — Stripped PAYMENT-REQUIRED header vs full body

Headless sends a Payment-Required HTTP header with a minimal JSON payload (just scheme, network, amount, asset, payTo) — but the full payment details including extra: {name, version} are only in the response body. The Coinbase SDK reads the header first, does not find the EIP-712 domain parameters, and throws. Fix: delete the header in our fetch wrapper so the SDK falls back to the body.

Failure 3 — amount vs maxAmountRequired field names

The header payload uses amount; the body uses maxAmountRequired. The SDK's BigInt conversion chokes on undefined when only one is present. Fix: normalize both.

Failure 4 — Server-side silent rejection of signed payload

With all normalizers in place, we produced a correctly-signed EIP-3009 payload — verified locally against the USDC contract's EIP-712 domain — and POSTed to /v5/batch. The server returned 402 again with no error detail. Not a spec issue; likely a server-side policy (perhaps batch endpoint rejects sandbox-tier signatures). We switched to the direct path and it worked immediately.

Lesson learned

If you are building an x402 client, implement both paths: signed EIP-3009 as the efficient default, and direct-txHash as the fallback. When the signed path fails opaquely, fall through to the direct path. That is the only way to maintain buyer-side reliability in a fragmented protocol ecosystem.

The price floor of signed data

Headless Oracle charges 1,000 USDC units per single-MIC status call (/v5/status) and 5,000 units per 5-MIC batch call (/v5/batch). In human terms: $0.001 per receipt when bought one at a time, $0.0005 per receipt when bought in a batch of five, and effectively $0.0005 per receipt when you use the sandbox path we used (0.005 USDC for 10 credits, each credit buys one batch of up to 5 receipts, so 50 receipts for $0.005 = $0.0001 per receipt).

Let us put that in context. Typical "market data" pricing in traditional finance:

ProviderProductApproximate cost per data point
Bloomberg TerminalSingle-user subscription~$2,500/month flat
Refinitiv / LSEGWorkspace~$2,000/month flat
Polygon.ioStocks Developer API$0.003 per stock quote (on a $99/mo plan)
Headless Oracle via x402Signed market-state receipt$0.0001 per receipt (via sandbox)

This comparison is not entirely apples-to-apples — Bloomberg and Refinitiv sell far more data than just market status. But the directional point stands: when a machine sells to a machine, the unit cost of cryptographically attested information drops to fractions of a cent. Everything above that is sales, marketing, account management, and human onboarding. When those disappear, the market repriced.

How to reproduce this deal

You need:

Step 1 — send USDC on Base. Any method works. The recipient address is 0x26D4Ffe98017D2f160E2dAaE9d119e3d8b860AD3. The minimum interesting amount is 5,000 units (0.005 USDC) which gets you 10 credits. Using viem:

import { createWalletClient, http, encodeFunctionData } from "viem"; import { privateKeyToAccount } from "viem/accounts"; import { base } from "viem/chains"; const account = privateKeyToAccount(process.env.PRIVATE_KEY); const client = createWalletClient({ account, chain: base, transport: http() }); const txHash = await client.sendTransaction({ to: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // USDC on Base data: encodeFunctionData({ abi: [{ name: "transfer", type: "function", /* ... */ }], functionName: "transfer", args: ["0x26D4Ffe98017D2f160E2dAaE9d119e3d8b860AD3", 5000n], }), });

Step 2 — exchange the txHash for a persistent API key:

curl -X POST https://headlessoracle.com/v5/sandbox \ -H "Content-Type: application/json" \ -H 'X-Payment: {"txHash":"0x...","network":"base","amount":"5000","paymentAddress":"0x26D4Ffe98017D2f160E2dAaE9d119e3d8b860AD3"}' \ -d '{}' # → {"api_key":"ho_crd_...","tier":"credits","credits":10}

Step 3 — use the key to get signed receipts:

curl 'https://headlessoracle.com/v5/batch?mics=XNYS,XNAS,XLON,XJPX,XPAR' \ -H 'X-Oracle-Key: ho_crd_...'

That is the entire loop. A wallet, three calls, one on-chain transaction, 10 credits' worth of signed data. If you want to verify the signatures, fetch the public key from /v5/keys, rebuild the canonical payload per the spec, and run Ed25519.verify().

See the live proof

Every signature from this deal is browser-verifiable on the receipt wall — no trust required.

Open the Receipt Wall → Raw JSON record Basescan ↗

What's next for agent-to-agent commerce

Three things become real once the first M2M deal is closed.

One: discovery becomes the bottleneck. The limiting factor is no longer "can agents transact" — we just proved they can. The limiting factor is "how do agents find each other". Today, discovery is a patchwork of A2A agent cards at /.well-known/agent.json, MCP directory listings at Glama and Smithery, GitHub awesome-lists, and ad-hoc signals. None of these scale to millions of agents finding thousands of services. This is the next bottleneck to break.

Two: protocol consolidation will happen. The LimitGuard vs Headless Oracle delta — same spec name, incompatible implementations — cannot continue for long. Either a reference implementation (likely Coinbase's) becomes the de-facto standard and non-compliant servers get delisted from discovery, or the Foundation releases a stricter conformance suite. Our bet is the former: the X-X402-Foundation: compatible header Headless Oracle emits is already a de-facto stamp, and discovery services will start filtering on it.

Three: evidence layers become valuable standalone products. Headless Oracle's Ed25519-signed receipts are interesting to us not just because we can buy them, but because we can re-use them as external attestations in our own compliance infrastructure. A FeedOracle DORA pre-trade check can include a Headless receipt as proof the market was in the expected state at the moment of the trade decision. Signed data composes. This creates a new category: evidence oracles that sell cryptographic proof-carrying attestations to other agents for pennies.

The deal we closed today is a thousand transactions from now one of thousands per hour. The shape of the flow — HTTP 402, USDC transfer, returned credential, signed data — is durable. What is not yet durable is the protocol stack around it. That is the work.

FAQ

What is an autonomous machine-to-machine (M2M) deal?

A paid transaction between two software systems that executes without human intervention at the moment of the trade. One system encounters a paywall, executes a cryptocurrency payment, receives a credential or data in exchange, and uses it — all in a single agent loop. The humans who wrote the code are not "in the loop" at the time of the transaction.

What is the x402 protocol?

x402 is an open payment protocol that revives HTTP status code 402 Payment Required. When a client hits a paid endpoint, the server returns 402 with structured payment requirements: network, asset, amount, recipient, EIP-712 domain parameters. The client signs and sends a payment (typically USDC on Base or another EVM chain), then retries with an X-Payment header. Coinbase publishes a reference implementation at x402.org.

How much did this cost and where did the money go?

$0.005 USDC (5,000 units) on Base mainnet. The transaction is 0x2dd2fbbd…14c6aae1 at block 44810263. The funds went to Headless Oracle's wallet 0x26D4Ffe98017D2f160E2dAaE9d119e3d8b860AD3. In exchange, OracleNet received an API key with 10 persistent credits.

How do I verify the Ed25519 signatures independently?

Visit tooloracle.io/first-m2m-deal and click "Verify" on any receipt card. Your browser fetches Headless Oracle's public key from their /v5/keys endpoint, reconstructs the canonical payload (alphabetically sorted fields, compact JSON, UTF-8), and runs Ed25519.verify() locally using @noble/ed25519. Nothing is fetched from our server for the verification result.

Why did the LimitGuard attempt fail?

LimitGuard runs a custom facilitator with a non-standard payload shape. Our Coinbase-SDK-produced EIP-3009 signature was cryptographically valid but their validator rejected it with Invalid signature. The $0.85 USDC we had already sent on-chain sits in their wallet. The broader lesson: x402 is young and implementations are not yet uniformly interoperable.

Can agents transact without blockchain?

Technically yes — you could run x402 against any payment facilitator including Stripe or traditional ACH. But blockchain payments have a unique property that matters for M2M: they are permissionless, programmable, and final. An agent does not need a credit card on file, does not need an account, and does not need a human signatory. USDC on Base settles in ~2 seconds for ~$0.0002 in gas. That combination is what makes the flow work autonomously.

Can I reproduce this deal with $0.005?

Yes. You need a Base wallet with at least 5,000 USDC units and negligible ETH for gas (less than a cent). Follow the three-step curl flow in the section above. Your result will be a fresh API key with 10 credits and five signed market-state receipts of your choosing. You can then verify them in your browser against Headless Oracle's published public key.

What is the difference between MCP and x402?

MCP (Model Context Protocol) is how AI agents discover and invoke tools. x402 is how AI agents pay for those tools. MCP handles the semantic layer (what tools exist, what they do, what inputs they take). x402 handles the economic layer (how to price them, how to authorize calls, how to settle). The two compose: an MCP tool call that returns 402 with x402 payment details is the natural monetization path for MCP servers.

Related reading

Builder's Guide
How to Monetize MCP Servers with x402 USDC Micropayments
Technical Deep-Dive
OracleNet: Building an Autonomous MCP Mesh
Trust Architecture
Agent Trust Runtime: Lifecycle for Autonomous AI Agents
Discovery
How Agent-Ready Is Your Domain? The Signal Scanner

Want to sell to autonomous agents?

ToolOracle hosts 100+ MCP servers with x402 payments built in. If you have a tool, bring it on.

Explore OracleNet Browse the Catalog