rawgroundbeef/openfacilitator
skills/openfacilitator/SKILL.md
x402 payment integration via OpenFacilitator SDK. Use when implementing crypto payments, paywalls, API monetization, or tipping/transfer flows. Triggers: "x402", "OpenFacilitator", "crypto payments", "USDC payments", "paywall", "payment middleware", "verify and settle", "402 Payment Required". Supports EVM (Base, Ethereum, Polygon, Arbitrum, Avalanche, Sei, IoTeX, Peaq, X Layer) and Solana and Stacks chains.
$ install --global
skillsauthnpx skillsauth add rawgroundbeef/openfacilitator openfacilitatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 28, 2026, 5:39 AM343.9s7 files scanned
SKILL.md
- name:
- openfacilitator
- description:
- >
- Triggers:
- x402", "OpenFacilitator", "crypto payments", "USDC payments",
OpenFacilitator x402 SDK
Add x402 crypto payments to any TypeScript/JavaScript server. The SDK handles payment verification and on-chain settlement.
Install
npm install @openfacilitator/sdk
Both ESM and CJS are supported. Package version: 1.0.0.
Core Concept
x402 is an HTTP-native payment protocol. A server returns 402 Payment Required with payment requirements. The client signs a payment and retries with an X-PAYMENT header. The server verifies and settles the payment on-chain.
The OpenFacilitator SDK provides two integration patterns:
- Middleware (recommended) — Drop-in Express or Hono middleware that handles the full 402 flow automatically.
- Manual verify + settle — Call
verify()andsettle()yourself for full control over business logic between verification and settlement.
Quick Start — Middleware
Express
import { createPaymentMiddleware } from '@openfacilitator/sdk';
import type { PaymentContext } from '@openfacilitator/sdk';
const paymentMiddleware = createPaymentMiddleware({
facilitator: 'https://pay.openfacilitator.io',
getRequirements: () => ({
scheme: 'exact',
network: 'base',
maxAmountRequired: '1000000', // $1 USDC (6 decimals)
asset: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',
payTo: '0xYOUR_WALLET_ADDRESS',
}),
});
app.post('/api/resource', paymentMiddleware, (req, res) => {
// Payment verified & settled. Access context:
const { transactionHash, userWallet, amount } =
(req as unknown as { paymentContext: PaymentContext }).paymentContext;
res.json({ success: true, txHash: transactionHash });
});
Hono
import { honoPaymentMiddleware } from '@openfacilitator/sdk';
import type { PaymentContext } from '@openfacilitator/sdk';
// Declare paymentContext variable for type-safe c.get()
type Env = { Variables: { paymentContext: PaymentContext } };
const app = new Hono<Env>();
app.post('/api/resource', honoPaymentMiddleware({
facilitator: 'https://pay.openfacilitator.io',
getRequirements: (c) => ({
scheme: 'exact',
network: 'base',
maxAmountRequired: '1000000',
asset: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',
payTo: '0xYOUR_WALLET_ADDRESS',
}),
}), async (c) => {
const ctx = c.get('paymentContext');
return c.json({ success: true, txHash: ctx.transactionHash });
});
Quick Start — Manual Verify + Settle
import { OpenFacilitator } from '@openfacilitator/sdk';
const facilitator = new OpenFacilitator(); // defaults to pay.openfacilitator.io
const requirements = {
scheme: 'exact',
network: 'base',
maxAmountRequired: '1000000',
asset: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913',
payTo: '0xYOUR_WALLET_ADDRESS',
};
// 1. Verify the payment
const verifyResult = await facilitator.verify(paymentPayload, requirements);
if (!verifyResult.isValid) {
throw new Error(verifyResult.invalidReason);
}
// 2. Your business logic here (create order, check inventory, etc.)
// 3. Settle on-chain (async — waits for confirmation)
const settleResult = await facilitator.settle(paymentPayload, requirements);
if (!settleResult.success) {
throw new Error(settleResult.errorReason);
}
// settleResult.transaction = on-chain tx hash
Pattern Selection Guide
| Use Case | Pattern | See |
|----------|---------|-----|
| Simple API paywall | Middleware | references/patterns.md §1-2 |
| Business logic between verify and settle | Manual verify + settle | references/patterns.md §3 |
| Per-request dynamic pricing | Middleware with dynamic getRequirements | references/patterns.md §4 |
| Accept multiple chains | Either pattern + array requirements | references/patterns.md §5 |
| Build EVM payment payload (ERC-3009) | Client construction | references/client-construction.md §1 |
| Build Solana payment payload | Client construction | references/client-construction.md §2 |
| Server-side signing (Openfort/Privy/Turnkey) | Custodial pattern | references/client-construction.md §3 |
| Solana gas-free with fee payer | Fee payer integration | references/client-construction.md §2 |
Key Facts
- Amounts are always in smallest units:
1000000= $1 USDC (6 decimals). - Network IDs: Use v1 short names (
base,solana,stacks) in requirements. The SDK handles CAIP-2 conversion internally. settle()is synchronous-feeling but async — it waits for on-chain confirmation before returning the tx hash. No webhooks needed for settlement confirmation.- Payment header: Clients send
X-PAYMENTheader containing base64-encoded JSON. - Default facilitator:
https://pay.openfacilitator.io(free, no account needed).
Common USDC Addresses
| Chain | Asset Address | Decimals |
|-------|--------------|----------|
| Base | 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 | 6 |
| Ethereum | 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 | 6 |
| Solana | EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v | 6 |
See references/schemas.md for the full chain and token table.
References
references/sdk-api.md— Full TypeScript signatures, all exports, error classesreferences/schemas.md— Payment objects, requirements, chain/token detailsreferences/patterns.md— Complete working examples for every server-side integration patternreferences/client-construction.md— How to BUILD payment payloads (ERC-3009, Solana SPL, fee payer, server-side signing)references/troubleshooting.md— Error handling, retries, edge cases
Related Skills
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-parallels-smoke
development
VerifiedTrustedCommunity
End-to-end Parallels smoke, upgrade, and rerun workflow for OpenClaw across macOS, Windows, and Linux guests. Use when Codex needs to run, rerun, debug, or interpret VM-based install, onboarding, gateway smoke tests, latest-release-to-main upgrade checks, fresh snapshot retests, or optional Discord roundtrip verification under Parallels.
357,764SKILL.mdUpdated Apr 10, 2026