Facilitators in x402: When to Self-Host vs Use a Hosted Settlement Service

x402 makes it easy to handle machine-native payments over HTTP. In this guide, we’ll explore when it’s better for startups and enterprises to either self-host a facilitator or use a hosted settlement service. We’ll provide you with clear decision-making criteria, reference architectures, and implementation details that you can actually roll out this quarter. Check it out here: (x402.gitbook.io)

Quick refresher: what a facilitator actually does

x402 kicks off the HTTP 402 Payment Required status, which lets a server share info about pricing and accepted payment methods with a client. The client then gives it another shot, sending an X-PAYMENT header that includes a signed, base64-encoded payment payload. After that, the server reaches out to a facilitator to check and possibly settle the payment, and then it brings back the resource along with an X-PAYMENT-RESPONSE receipt. (build.avax.network)

Core headers and endpoints
- Client request header: X-PAYMENT (This is a base64 JSON payload) (build.avax.network)
- Server response header: X-PAYMENT-RESPONSE (A base64 JSON receipt), usually sent back with an HTTP 200 status when everything goes smoothly (libraries.io)
- Facilitator API:
  - POST /verify: This checks signatures and terms.
  - POST /settle: This one’s for submitting on-chain transactions.
  - GET /supported: Use this for discovering available features.
  - Some folks also add GET /transaction/:hash for checking the status of transactions. (docs.palpaxai.network)
Schemes and signing standards you’ll likely come across
- The ERC‑2612 permit (a classic in the ERC‑20 family) and the EIP‑3009 transferWithAuthorization (think USDC and its pals) are seriously the go-to options these days. (docs-v2.thirdweb-preview.com)
- The “exact” scheme is widely used, while the “upto” scheme, which offers variable price caps, is starting to gain traction in the EVM/SVM space. (x402.gitbook.io)
Common security fields
- Nonce, validAfter, and validBefore/deadline help block replay attacks and set the time limits for authorization. You can usually expect these to be in the range of a few seconds--like the default being around 300 seconds. Check out more here: (docs.icpay.org)

So, here’s the deal: your app can easily charge anywhere from $0.001 to $0.10 per request and wrap things up in just a couple of seconds on today’s advanced L2s. Plus, you don’t have to worry about any logins, API keys, or card processing! Check it out here: (x402.org)

Your two operating models

Hosted Facilitator (settlement-as-a-service)
- You interact with a vendor’s /verify and /settle endpoints.
- Pros: Quickest time to market, no need for blockchain infrastructure, predictable behavior, and you have SLAs. (docs.cdp.coinbase.com)
- Cons: The features and networks offered by the vendor limit what you can charge or accept.
Self-hosted facilitator
- You're in charge of an open-source facilitator (like Rust or Go) that sits behind your API. It connects to your own RPC, along with your signing, risk, and observability setup. Check out the details here.
- Pros: You get to customize chains and tokens, set up compliance hooks like KYC and geo-fencing, and have full control over cost and latency.
- Cons: It’s all on you for uptime, dealing with mempool quirks, replay protection, rate limiting, and handling incidents.

What the major hosted options look like right now

Coinbase Developer Platform (CDP) x402 Facilitator
- Focus: Offering fee-free USDC on Base, speedy on-chain settlements, and super easy setup. The roadmap is looking exciting, featuring discovery, alternative payment flows, and optional compliance attestations. Check it out here: (docs.cdp.coinbase.com)
- This is a great choice if you’re looking to roll out USDC on Base with standard “exact” charges while keeping the seller experience smooth and simple. Dive into the details here: (docs.cdp.coinbase.com)
thirdweb Facilitator
- Focus: Covers a wide range of EVM chains (over 170!), lets you submit transactions without gas fees thanks to EIP-7702, and works well with x402 middlewares like x402-hono and x402-next. They've also recently integrated Solana flow, which includes unified /verify and /settle endpoints. Check it out here: (docs-v2.thirdweb-preview.com)
Neutral/open facilitators and regional providers
- x402.rs (Rust), OpenX402.ai, and specific services for different chains like Avalanche, Solana, and BNB all offer public /verify and /settle endpoints without needing API keys. Plus, they publish the networks they support, which is great for experimenting, regional access, or even having backup facilitators. Check it out here: (facilitator.x402.rs)
Compliance-first enterprise services
- A few operators toss in OFAC screening and policy enforcement right at the facilitator layer. If your risk team is on top of this, double-check that this feature is in place. (facilitator.heurist.xyz)

Decision framework: hosted vs self-hosted

Check out the rubric below to help you choose the right model for your next 90 to 180 days. Once you’ve made your choice, don’t forget to come back and reassess!

Time-to-market and engineering bandwidth

Go for hosted if you want to be up and running in days instead of dragging it through sprints. Setting up x402 middlewares along with a facilitator URL is literally just a one-liner! Check it out here: (github.com).
Opt for self-hosting only if you've got the team to back it up--think on-call staff, SREs, and engineers who really understand the protocols. You'll need them to manage replay protection, idempotency, retries, and those tricky mempool anomalies. Dive into the details here: (docs.rs).

2) Networks, Tokens, and Future Roadmap

So, if USDC on Base is covering about 80% of what you're selling, going with a hosted CDP facilitator is probably your best bet. You can check out more details here: docs.cdp.coinbase.com.
On the other hand, if you’re looking to support 170+ EVM chains today or want to tap into Solana/SVM rails in the near future, it might be worth exploring thirdweb’s stack. You could also think about self-hosting an engine that’s already got those chains covered. More info can be found at docs-v2.thirdweb-preview.com.

3) Compliance Posture

Hosted: A few services provide OFAC blocklists and give you the option for attestations like KYC and geo-checks. Make sure to verify the vendor's guarantees and their ability to be audited. You can check it out here.
Self-host: You can integrate compliance right into your own processes at /verify (for pre-authorization) and /settle (for execution) using your custom policy engine.

4) Throughput and Latency Targets

When it comes to hosted providers, they’re all about high parallelism and quick confirmations on L2s. Some operators have shared that they can handle the whole “verify + settle + respond” process in under a second to just a few seconds, depending on the congestion of the chain. You can check out more about it here.
On the flip side, if you go for self-hosting, you can bring the facilitator and RPC closer together, prewarm those mempool connections, and really fine-tune your confirmation thresholds. Just keep in mind, you'll be responsible for managing the blast radius.

Cost model and gas handling

There’s no fee for using the protocol itself, but you’ll still need to cover the underlying network gas. Some stacks make things a bit more convenient by allowing a “gasless” experience, submitting on behalf of the buyer (thanks to EIP‑7702). Just be sure to check who actually ends up paying for the gas and how that info shows up on invoices. (x402.org)

6) Reliability Strategy

Hosted: Keep an eye out for health endpoints, SLAs, and public status pages. Another option is to use a high-availability passthrough proxy that automatically switches between multiple providers if one goes down. Check out the details here.
Self-host: Make sure to set up health checks, implement exponential backoff, and use idempotent settling along with circuit breakers at your edge. Also, it’s smart to use multiple RPC providers for each network.

Reference architectures

A) Hosted facilitator “pay-per-request” API on Base (production in a day)

Who it’s for: If you’re running an API startup, have SaaS features, or are working with AI endpoints and want to see cash flow with zero-fee USDC on Base while keeping operations light, this is for you! (docs.cdp.coinbase.com)
How it works:
1. First off, add the x402 middleware to your API.
2. Next, set up your price map and recipient address.
3. Then, just point the VERIFY/SETTLE to the hosted facilitator.
4. Finally, track your success: make sure to log the X-PAYMENT-RESPONSE and the transaction hash.

import express from "express";
import { paymentMiddleware } from "x402-express";

const app = express();

// Charge $0.02 for /v1/complete; settle to your wallet
app.use(paymentMiddleware("0xYourRecipient", { "/v1/complete": "$0.02" }, {
  facilitatorUrl: "https://<vendor-facilitator>/", // CDP or compatible
}));

app.post("/v1/complete", async (req, res) => {
  // Return your paid result; include the encoded payment receipt header
  res.setHeader("X-PAYMENT-RESPONSE", res.locals.paymentReceiptB64);
  res.json({ result: "Your completion" });
});

app.listen(3000);

Confirmations and Receipts
- When everything goes smoothly, the server sends back a 200 status code along with an X-PAYMENT-RESPONSE that includes the settlement envelope (which usually has the transaction hash). (learnx402.dev)
Gotchas
- Make sure you're charging with the “exact” scheme. If you're dealing with metered workloads, keep an eye out for when your facilitator is ready to switch to “upto.” You can find more info here: (x402.gitbook.io)

B) Enterprise-grade hosted with compliance guardrails

Who it’s for: If you're in the Finserv, health, or market-data game and need solid OFAC controls along with auditable denial logs when settling, this is for you.
Pattern: Grab yourself an enterprise facilitator that does OFAC screenings at the /verify stage. If anything gets flagged, send it over to your policy engine. Only go ahead if the score checks out. (facilitator.heurist.xyz)

C) Self-hosted facilitator with multi-chain and risk extensions

Who it’s for: This is perfect for platforms looking to implement custom tokens, reduce edge latency, or create tailored risk models.
Components:
- x402-facilitator (Rust): This supports endpoints like /verify, /settle, /supported, and even an optional /transaction/:hash. You can check out more details in the docs here.
- RPC cluster: This includes a primary and failover setup for each network. You can adjust the confirmation depth based on endpoint pricing.
- Risk and replay controls: We’ve got SIWE for server operations and anti-bot scoring. Plus, there’s an optional “x402-secure” setup for labeling risk in receipts. You can find the code and more info over on GitHub.

Implementation details that save you hours

Stick to the standard shapes
- The X-PAYMENT format includes { x402Version, scheme, network, payload: { signature, authorization } } and is encoded in base64. Instead of creating your own implementation, make sure to use the official client SDKs. (build.avax.network)
- When your server responds successfully, it should send the X-PAYMENT-RESPONSE. Plus, don’t forget to log the decoded envelope and transaction hash for any disputes that might come up later. (learnx402.dev)
Use /verify before diving into heavy computations
- Calling /verify is a low-cost option, so it’s smart to use it first. This way, you can avoid the expenses that come with rendering or GPU usage if the payload turns out to be invalid or expired. Some facilitators make a clear distinction between verify (which doesn’t involve chain calls) and settle (on-chain). (docs.palpaxai.network)
Windowing and Idempotency
- Make sure to honor validAfter/validBefore dates and kick out any outdated payloads. Plus, enforce idempotent settlement using a combo of nonce and hash, so if you have to retry, you won't accidentally charge twice. (docs.icpay.org)
Multi-credit workflows (no new on-chain transactions for every use)
- Certain proxies give out multi-credit entitlements. This means that the client can keep using a returned X-PAYMENT token until all the credits are used up--perfect for bundles. (docs.proxy402.com)
Discovery and capabilities
- When you start up, run the query GET /supported to show off the networks and schemes you accept. Make sure to add this info to your API docs, so agent clients know what’s available without having to play guessing games. (docs.rs)
High availability made simple
- If juggling multiple facilitators isn't your thing, just set up a passthrough proxy that checks the health of upstreams and automatically fails over when needed (think x402.rs and other open endpoints). Connect your app to the proxy URL. (docs.mcpay.tech)

Performance and cost notes

Settlement latency
- You should aim for verify times under a second and settle times in just a few seconds when using modern L2s. Providers are seeing around ~200ms end-to-end in perfect scenarios with warmed paths and straightforward responses. Just make sure to test it out with your own workload and during times of chain congestion. (blockeden.xyz)
Gas and “gasless”
- The “protocol fee” is a big fat zero, but don’t forget that network gas still comes into play. Some facilitators actually submit on behalf of the client, giving you that gasless user experience. They pull off some neat tricks like EIP‑7702, so just make sure you know who’s covering the gas costs and how you’ll get it back in the pricing. Check it out at (x402.org).
Chains You Can Target Today
- If you're looking for a no-fuss option, Base (with its USDC focus) is your go-to, thanks to its CDP facilitator. On top of that, thirdweb now supports over 170 EVM chains and has just rolled out Solana support, making it easy to verify and settle all in one place. Plus, there are specific facilitators available for Avalanche, BNB, and Solana. Check out the details here: (docs.cdp.coinbase.com)

Security and compliance checklist

Replay protection: Make sure to reject any reused nonces and keep the authorization state in check. (docs.icpay.org)
Short validity windows: Set a default time frame of just a few minutes, but allow for overrides on a per-endpoint basis. (docs.icpay.org)
OFAC and sanctions: If you have to, go with a facilitator that includes built-in sanction screening, or add policy checks in your /verify process. (facilitator.heurist.xyz)
Observability: Log the decoded X-PAYMENT and X-PAYMENT-RESPONSE; also, make sure to track metrics for verify pass/fail rates, settle latency, and on-chain confirmation times. (docs.rs)
Idempotency keys: Implement a combination of nonce and hash for retries; facilitators should ensure that settlements are idempotent. (rail.capital)
Rate limiting and DoS: Throttle those 402 challenges and verify calls; make sure to protect the settle process with backpressure and circuit breakers. (docs.rs)

AI Inference API Charging $0.02/Request

Goal: Make money from GPU calls without needing user accounts.
Pick: We chose a Hosted CDP facilitator on Base for fee-free USDC. (Check out the docs here)
Why: It's just one line of middleware, super reliable, and you get instant receipts. Later on, we can shift to variable pricing (“up to”) once we’ve got more support in place. (Learn more about it here)

2) Data Vendor with Sanctions Controls and Audit Trails

Goal: Prevent transactions with sanctioned addresses and keep records for regulatory purposes.
Pick: Go with an enterprise facilitator that offers OFAC screening at /verify and can export denial logs to your SIEM. Check them out here: facilitator.heurist.xyz.

Games Marketplace Looking for Solana + EVM and Sub-Cent Pricing

Goal: We’re aiming for the most affordable microtransactions at scale across multiple chains.
Pick: Consider using the thirdweb stack for its wide EVM support and Solana compatibility, plus gasless submission. Alternatively, you could set up a self-hosted Rust facilitator that's customized for your RPC cluster with Solana/EVM bridges. Check out the details here.

4) Research Tool Selling 5-View Bundles

Goal: Minimize on-chain transactions with every click.
Pick: Offer multi-credit entitlements; clients can use the X-PAYMENT token repeatedly until their credits run out. (docs.proxy402.com)

When to self-host (and how to do it without regrets)

Opt for self-hosting if at least two of these sound like you:

You need a chain or token that your current hosted vendor doesn’t offer (as of now).
You’ve got to implement enterprise compliance rules on the spot (like KYC, geofencing, or allowlists).
You want to customize confirmations, pre-pay channels, or batched settlements to keep costs in check.
You’re able to be on-call around the clock for verification and settlement tasks.

A Minimal Self-Host Plan

Start from a solid base: Kick things off with a production-ready facilitator, like the x402-facilitator in Rust.
- Set up the following routes: GET /supported, POST /verify, POST /settle, and if you're feeling adventurous, throw in GET /transaction/:hash too. You can find more details in the docs.rs.
Infrastructure:
- You'll want two RPC providers for each network--one as primary and the other as secondary--and be sure to include health scoring.
- For observability, make sure to log every decision made during verification, track metrics on settle latency, and set up alerts for any spikes in failure.
Policy and Risk:
- Keep things safe by enforcing spend caps based on IP or keypair. Plus, don’t forget to attach risk labels to your payment receipts for any downstream scoring you might need. Check out more on this GitHub page.
High Availability:
- If you’re not keen on managing multiple homes, consider fronting with a passthrough proxy that can switch over to different public facilitators if needed. More info can be found at docs.mcpay.tech.

Emerging best practices we’re recommending to clients now

Get your multi-facilitator setup ready from the start: Make sure your middleware can handle both a primary and a secondary facilitator URL. You can use the /supported endpoint to check out what capabilities you have at runtime. (docs.rs)
Start with “exact” but keep “upto” in the back of your mind: When it comes to metered workloads, it's way easier to deal with capped charges. Keep an eye on your vendor’s roadmap for updates on SVM/EVM parity. (x402.gitbook.io)
Tighten those authorization windows: A range of 60-300 seconds works just fine for both human and agent flows; be sure to reject anything beyond validBefore. (docs.icpay.org)
Don’t skimp on recording decoded receipts: Make sure to store the decoded X-PAYMENT-RESPONSE along with the transaction hash. This will be super helpful for handling disputes and support tickets later on. (learnx402.dev)
Be clear about chain and token support: It’s important to publish the networks and price units you accept; don’t leave your agents guessing. (docs.rs)

A 7Block Labs decision checklist

Need USDC on Base just for today? Go with a hosted facilitator and get everything shipped this week. You can always reassess in 90 days. Check out the details here.
Looking for broad EVM or Solana support? You can choose thirdweb’s hosted flow or budget for self-hosting on those chains. More info is available here.
Do you have OFAC screens, KYC, or geo-requirements? Use a compliant facilitator or self-host and integrate your policy engine at /verify. Here’s the link to get started: facilitator.heurist.xyz.
Are you aiming for sub-second P99 performance and custom confirmation policies? If so, self-hosting with colocated RPC and optimized settle logic is the way to go; don’t forget to think about a failover proxy. You can find more details here.
Is your team prepared for on-call blockchain operations? If not, start off with hosted solutions and revisit when you’re ready.

Final word

x402 takes your payment challenges and transforms them into a machine-native HTTP handshake. If speed and reliability are your top priorities, go for the hosted option. When you’re ready to take control of chains, compliance, and costs--plus manage latency better--switch to self-hosting for that ownership advantage.

Need a second opinion on your integration plan? Or maybe you need some help setting up a production-grade facilitator complete with high availability (HA), monitoring, and policy hooks? 7Block Labs is here to guide you through the process so you can ship your projects with confidence. Check out the details in the documentation.

References and Further Reading

Check out the x402 protocol details like headers and sequencing, plus what facilitators are responsible for and the APIs they use. (github.com)
Want to dive into the Coinbase CDP hosted facilitator? Don’t miss the roadmap! (docs.cdp.coinbase.com)
For updates on broad-chain support and gasless submissions, especially around Solana, take a look here. (docs-v2.thirdweb-preview.com)
Explore the world of open/neutral facilitators and learn about pass-through HA proxy patterns. (facilitator.x402.rs)
If you're curious about security fields and validity windows in authorization payloads, this link has what you need. (docs.icpay.org)
Check out the features of compliance-oriented facilitators, including those related to OFAC. (facilitator.heurist.xyz)
Finally, for info on chain-specific hosted facilitators for Avalanche and Solana, head over to this page. (rail.capital)