report for

the402.ai

4/20/2026, 10:43:19 PM · 309ms · 12 checks

64

grade D

Discovery (draft-payment-discovery-00)

Runtime 402 probe

HTTP Payment auth + charge intent

Per-method charge conformance

JSON-RPC / MCP transport

Cross-registry visibility

Discovery (draft-payment-discovery-00)

50/100

[fail]
GET /openapi.json
No OpenAPI document found. AgentCash / x402scan discovery fails without it.
fix · Serve a valid OpenAPI 3.1 document at /openapi.json.
[warn]
GET /.well-known/x402
Legacy discovery endpoint missing. Some crawlers fall back to this.
fix · Serve /.well-known/x402 with { version: 1, resources: ['POST /path', ...] }.
[ok ]
GET /llms.txt

Runtime 402 probe

100/100

[info]
Paid route detected in openapi
No x-payment-info on any operation — cannot probe 402 behavior.

HTTP Payment auth + charge intent

50/100

[warn]
WWW-Authenticate starts with "Payment" (draft-httpauth-payment-00 §5.1)
header missing
fix · Emit "WWW-Authenticate: Payment id=\"...\", realm=\"...\", method=\"...\", intent=\"...\", request=\"<base64url-nopad>\"".

Per-method charge conformance

100/100

[info]
Payment method detected
No method in Payment auth-params and no recognisable CAIP-2 network on x402 accept.

JSON-RPC / MCP transport

75/100

[ok ]
Found JSON-RPC endpoint at https://the402.ai/mcp
[warn]
Response declares jsonrpc: 2.0
fix · draft-payment-transport-mcp-00 §2: responses MUST set jsonrpc: '2.0'.
[info]
Paid tool calls return error -32042
Got code none for unknown-tool probe — inconclusive.

Cross-registry visibility

33/100

[fail]
mppscan — indexed
Not found in mppscan.
fix · Submit at https://www.mppscan.com
[ok ]
x402scan — indexed
origins=1, resources=52
[fail]
Coinbase Bazaar — indexed
Not in Bazaar.
fix · Bazaar auto-indexes on first paid x402/Base settle via the CDP facilitator. Self-pay one $0.02 call to bootstrap.

help keep it free

x402audit is free forever. If it saved you an afternoon, buy us a coffee →