The internet is a collection of standards that all work together to give us the experience we know today. HTML, HTTP, DNS, TLS - these are all different standards built by different standard bodies. The reason the internet works is because these standards work together.
Earlier this year, OMA3 introduced a new draft standard for the internet: OMATrust. In the spirit of the early internet, our goal is to have OMATrust interoperate seamlessly with other standards. This blog post is the first of many that illustrate how OMATrust integrates with such standards, in this case x402.
The internet has gone through phases. The first phase tore down the walled gardens of AOL and CompuServe. It was a chaotic place where everybody put up their own HTML sites, and you relied on services like Yahoo! to "surf" the internet. Monetization was an issue, and back then micropayments was viewed as the future enabler of the commercial internet. Soon after Google and others embraced advertising as the predominant commercial model of the consumer internet, ushering us into the second phase we are in now, which is driven by social, SaaS, and mobile.
The internet is now beginning a new phase. Internet use is no longer dominated by human clicks. Since 2024 the majority of activity has been driven by machines (Imperva). AI agents, automated services, and machine-to-machine systems are beginning to discover services, request data, and complete tasks on their own. These machines do not trigger ad views or clicks, and thus do not generate ad revenue for websites. Because of this, the new phase of the internet needs a new economic model.
Because advertising (consumer) and subscriptions (SaaS) became the commercial foundation of the internet, micropayment standards efforts were abandoned. Now that advertising revenues are declining and AI is threatening SaaS, can micropayments once again be the answer?
Let’s evaluate the current way to pay on the internet. We have:
Today, if an internet service wants to charge for a request, the process typically looks like this:
If all you want to do is pay a few cents for an API call, this is an unacceptable amount of inefficiency and friction.
As AI agents and machine-to-machine services grow, software increasingly needs the ability to efficiently pay for resources in a frictionless manner.
HTTP tried to standardize micropayments decades ago. It even defined a status code before the effort was abandoned:
402 — Payment Required
The new x402 protocol converts this dormant status code into a working payment mechanism for the internet.
Instead of building payment systems outside the web, x402 enables payments directly within the HTTP request–response cycle.
For those new to the protocol, excellent introductions are available from its creators, including:
At its core, x402 enables something the internet has never supported before:
Frictionless programmatic payments for any API.
This unlocks a new kind of internet economy:
Once payments become automatic, a new question emerges:
How do you prove a transaction happened?
This matters more than it might seem:
Today, proof of purchase is controlled by centralized platforms. If you buy something on Amazon, Amazon becomes the authority that proves the purchase. Your receipt lives inside their system. But in an open protocol environment, that model doesn’t work. What’s needed is portable proof—proof that can be verified anywhere. Without it, programmatic payments remain fleeting events.
They happen, but they leave no universally verifiable trace.
To address this gap, we introduced a receipt extension for x402. The idea is straightforward: When a payment succeeds, the service returns a signed receipt confirming the transaction.
In practice, the flow looks like this:
This receipt acts as a verifiable proof of purchase. It records:
Because the receipt is digitally signed by the service, it can be verified independently.
That makes it:
A payment is no longer just an event—it becomes a cryptographic proof.
Once receipts become portable proofs, they enable something much larger:
verifiable trust.
Today, reputation systems are controlled by platforms:
Receipts change that model. Only someone who actually used a service can produce a receipt proving the interaction.
A review could include that receipt as evidence.
Anyone reading it could verify:
Trust signals become:
This lays the groundwork for decentralized reputation systems.
As we mentioned in our previous post, OMATrust is this decentralized reputation system. OMATrust already leveraged proofs into its architecture, and now with x402 receipts OMATrust has a massively scalable source for these proofs that come directly from the x402 transaction itself.
For example, when a clientreceives a signed x402 receipt they can immediately use it in a user review to prove the interaction.
In this model, real transactions become the foundation of trust.
The receipt extension has now been merged into the x402 protocol.
Developers can begin experimenting with it today.
The release includes:
As adoption grows, we may see the emergence of an open ecosystem built on:
And with that, the internet gains something it has never truly had before:
a native proof of purchase.
