If the accountability mechanism is lacking, it may negatively impact the overall development of x402.

Written by: David Christopher

Translated by: Block unicorn

The success of x402 relies on native integrators. Unauthorized wrappers may turn potential partners into competitors.

Last week, Coinbase launched agentic.market, a platform showcasing x402 endpoints designed to make the x402 ecosystem more discoverable.

Browsing agentic.market, you will find real-time, on-demand access to a variety of services, from on-chain tools to mainstream APIs. Some endpoints are provided directly by original providers. Many endpoints come from third parties: some companies wrap existing APIs into x402 (and/or MPP) and package them as toolkits for agents to use, requiring users to pay a small fee for access through a single connection.

The second method complicates matters. Among the third-party endpoints showcased on Agentic Market are services from Wolfram Alpha, Google Flights, and Amadeus (a widely used travel data platform). The reason I am focusing on these three platforms is that they have not announced x402 integrations themselves, and their terms of service suggest that they are unlikely to authorize third parties to build integrations on their behalf.

Each endpoint indexed on Agentic Market could be first-party (original provider directly offering its API), third-party authorized (explicitly permitted resellers, often through formal certification or partnership programs), or unauthorized third-party (companies reselling accessed APIs without permission).

Throughout the market and across the entire x402 ecosystem, we cannot immediately distinguish which are first-party and which are third-party; many endpoints seem to fall into the latter category.

Contract Terms

As mentioned earlier, the terms of these three providers make unauthorized third-party arrangements likely and in some cases and excluded other options entirely.

Wolfram Alpha explicitly prohibits "resellers and aggregators," bans any form of data scraping or mining, and forbids selling or transferring services without permission. These terms seem to leave no room whatsoever for authorized third-party pathways. Furthermore, upon reviewing the quick start guide for this endpoint, it becomes clear that this is not a first-party integration.

API prohibitions in Wolfram Alpha's terms of service

Amadeus's main subscription service agreement only allows customers access for internal business purposes and prohibits any "leasing, renting, distributing, selling, reselling, transferring, or otherwise transferring" their access rights. Any third-party connections require Amadeus's authorization and need to be documented in the form of a formal service order. This means that this is the only pathway for obtaining third-party authorization, and whether any existing endpoints meet this requirement cannot be assessed externally.

Restrictions in the Agreement Amadeus's main subscription service agreement

Google's situation is the most typical. Google Flights does not have a public API, and Google takes stringent measures to protect its data.

However, third-party wrappers are packaging access to Google Flights data sourced from SerpApi—a company that Google is actively suing, accusing it of scraping search results and reselling access. Google’s lawsuit claims that SerpApi developed tools to bypass access controls, sending "hundreds of millions" of false requests daily to scrape and resell copyrighted content embedded in search results.

Thus, Google is suing SerpApi for reselling copyrighted content and bypassing its access controls. Meanwhile, SerpApi's services are being wrapped by a toolkit provider that offers them to agents for a fee. This is thought-provoking.

Details of accessing SerpApi through StableTravel endpoint

How Compliance Manifests

It is clear even without legal experts that these dynamics are "complex." The good news is that a clearer pattern already exists.

MPP is the agent payment protocol that Tempo launched at its mainnet and provided over 100 compatible services on the first day of launch. Vendors that directly integrate MPP—such as Parallel, Stripe Climate, Browser Base, etc.—are marked with a green circle on their cards, indicating that they are first-party suppliers.

Service directory viewed through mpp.dev

About two weeks ago, the popular AI research tool Exa announced native support for the x402 protocol in its search and content endpoints—becoming a first-party supplier and partnering with Coinbase. Exa stated that it chose x402 over proprietary protocols because it is governed by the Linux Foundation.

Inevitable Consequences

At present, it is impossible to ascertain whether an endpoint is first-party, third-party authorized, or unauthorized third-party. This is a solvable issue, and MPP's service directory—which clearly displays the source of each integration—is a step in that direction.

Unauthorized scraping activities have already placed significant measurable pressure on service providers: server loads, bandwidth costs, and traffic they never agreed to provide. Third parties repackaging scraped data within the x402 protocol and charging for access exacerbate the situation. Service providers bear all the costs while receiving nothing in return.

Therefore, it is necessary to clarify the root of the issue. x402 is an open protocol—just as any developer can build on HTTP, any developer can build on x402. The payment mechanism cannot trace whether upstream data was obtained with authorization. The responsibility lies with those developers who package these endpoints for users to use.

If the accountability mechanism is lacking, it may negatively impact the overall development of x402—potential native integrators may turn into opponents rather than participants. This revenue should belong to service providers. Native integration is the way they claim to possess this revenue, and it is also the way x402 gains the legitimacy it needs for development.

Note: As of April 25, Google Flights is no longer listed on Agentic Market.