UPD — Universal Private Dollar

Agent Payments

Payment-gated APIs using x402 and EIP-3009 — gasless, keyless, instant agent-to-service payments in UPD.

Agent Payments with UPD

AI agents are projected to make orders of magnitude more payments than humans. They can hold private keys but can't open bank accounts. UPD is built for this: non-freezable, gasless transfer authorization, and optional privacy via UPP.

EIP-3009 Support

UPD implements EIP-3009 (transferWithAuthorization) — enabling gasless, one-shot, relayable transfers. This is the same standard used by USDC for x402 agent payments.

How It Works: x402 + EIP-3009

The x402 protocol turns HTTP 402 ("Payment Required") into a native payment layer for the web. Combined with EIP-3009 on UPD, agents can pay for API access without gas, accounts, or API keys.

Agent → GET /api/data
Server → 402 + Payment-Required header
Agent → signs EIP-3009 authorization (off-chain, gasless)
Agent → retries with Payment-Signature header
Server → verifies signature, settles on-chain
Agent → receives API response

No approval step. Unlike EIP-2612 (permit), EIP-3009 authorizes the entire transfer in one signature — no persistent allowance, no sequential nonce, no second transaction. The agent signs once, the server settles.

EIP-3009: Transfer With Authorization

UPD's EIP-3009 extension provides three functions:

FunctionPurpose
transferWithAuthorizationExecute a transfer — anyone can submit (for relayers/facilitators)
receiveWithAuthorizationExecute a transfer — only the payee can submit (anti-front-running)
cancelAuthorizationCancel an unused authorization before it's settled

Key properties

  • Random nonces — 32-byte random values, not sequential. Agents can sign multiple authorizations in parallel without coordination.
  • Time-bounded — each authorization has validAfter and validBefore timestamps. Expired authorizations cannot be settled.
  • Single-use — once settled or canceled, the nonce is permanently consumed.
  • Gasless for the signer — the agent signs off-chain; the server (or any relayer) pays gas to settle.

SDK Helpers

The UPD SDK provides signing helpers for all three authorization types:

import {
  signTransferAuthorization,
  signReceiveAuthorization,
  signCancelAuthorization,
} from '@permissionless-technologies/upd-sdk'

// Agent signs a gasless transfer authorization
const auth = await signTransferAuthorization({
  walletClient,
  tokenAddress: UPD_ADDRESS,
  from: agentAddress,
  to: serviceAddress,
  value: parseUnits('0.01', 18),
  // Optional: defaults to now → +1 hour
  // validAfter: 0n,
  // validBefore: BigInt(Math.floor(Date.now() / 1000) + 3600),
  // nonce: randomNonce(), // auto-generated if omitted
})

// auth contains: { from, to, value, validAfter, validBefore, nonce, v, r, s }
// Submit to any EIP-3009 compatible settlement endpoint

Starter Template

The x402-upd-starter repository provides a turn-key Next.js template with:

  • Server: requirePayment() wrapper for any API route — returns 402, verifies signatures, settles on-chain
  • Client: createX402Fetch() — wraps fetch to handle 402 responses automatically
  • Agent script: Standalone CLI client for testing payment flows
  • Configuration: Works with UPD, USDC, or any EIP-3009 token

Adding a paid endpoint

import { requirePayment } from '@/lib/x402-server'

export async function GET(request: Request) {
  const result = await requirePayment(request, {
    description: 'Premium data feed',
    amount: '1000000000000000', // 0.001 UPD
  })
  if (!result.paid) return result.response

  return Response.json({ data: '...' })
}

Agent-side payment

import { createX402Fetch } from '@/lib/x402-client'

const paidFetch = createX402Fetch({ walletClient, signerAddress })

// 402 → sign → retry happens automatically
const response = await paidFetch('https://api.example.com/data')

Why UPD for Agent Payments

PropertyUPDUSDC/USDT
Freezable by issuerNoYes
EIP-3009 supportYesUSDC only
Privacy (UPP shielding)YesNo
Compliance (ASP proofs)YesNo
Viewing keys (audit trail)YesNo

Agents using USDC risk having their balances frozen by Circle at any time. UPD has no admin key and no blacklist — once an agent holds UPD, no counterparty can freeze it.

Private Agent Payments: u402

Plain x402 payments are public — every transfer is visible on-chain. For agents where operational privacy matters, u402 extends x402 with zero-knowledge proofs.

With u402, the agent generates ZK proofs client-side against the Universal Private Pool. The proof replaces the EIP-3009 signature as payment authorization. The server settles the proofs on-chain without ever learning who paid.

Agent shields UPD → generates ZK proofs locally → sends proofs (not keys) → server settles on pool

What's hidden: payer identity, payment history, shielded balance, agent-service relationship.

What's visible: withdrawal amount, service address, that a payment happened.

Compliance: every u402 payment includes an ASP membership proof — the same compliance layer used by UPP. Servers choose their compliance requirements via aspId.

Post-quantum ready: agents can choose between PLONK (BLS12-381, ~250K gas) and Circle STARK (M31, ~20M gas, quantum-resistant).

u402 Protocol Specificationu402 Quickstartu402 Security Model

React Hooks

UPDProvider, useUPD, useCollateral, and useStabilizer — React integration for the UPD SDK.

Smart Contracts

All 9 UPD smart contracts — their purpose, interfaces, deploy order, and roles.

On this page

Agent Payments with UPDHow It Works: x402 + EIP-3009EIP-3009: Transfer With AuthorizationKey propertiesSDK HelpersStarter TemplateAdding a paid endpointAgent-side paymentWhy UPD for Agent PaymentsPrivate Agent Payments: u402