Home
News
Details

Coinbase's Agentic Market Faces Legal and Authorization Challenges

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Market news emerged as Coinbase launched agentic.market, a platform listing x402 endpoints, including third-party services such as Wolfram Alpha, Google Flights, and Amadeus. None of these services have confirmed x402 integrations, raising legal concerns. Terms of service from Wolfram Alpha and Amadeus prohibit unauthorized resale of their APIs, while Google is currently suing SerpApi. The platform’s lack of transparency regarding the sources of its endpoints presents significant risks. Bitcoin market news continues to underscore regulatory and compliance challenges within the cryptocurrency sector.

Author: David Christopher

Article compiled by:Block Unicorn

The success of x402 relies on native integrators. Unauthorized wrappers may turn potential partners into rivals.

Last week, Coinbase launched agentic.market, a platform showcasing the x402 endpoint designed to make the x402 ecosystem easier to discover.

Browse agentic.market to find real-time, on-demand access to a variety of services, from on-chain tools to mainstream APIs. Some endpoints are provided directly by the original providers. Many endpoints come from third parties: companies wrap existing APIs into x402 (and/or MPP) and package them into toolkits accessible to agents, allowing users to access them through a single connection for a small fee.

The second approach complicates matters. The third-party endpoints featured on Agentic Market include services from Wolfram Alpha, Google Flights, and Amadeus (a widely used travel data platform). I focus on these three platforms because none of them have publicly announced x402 integration, and their terms of service suggest they are unlikely to authorize third parties to build integrations on their behalf.

Each endpoint indexed on Agentic Market may be first-party (the original provider directly offering its API), third-party authorized (an authorized reseller with explicit permission, typically through formal certification or a partner program), or unauthorized third-party (a company reselling its paid API access without permission).

Across the entire market and the entire x402 ecosystem, we cannot immediately distinguish which are first-party and which are third-party, as many endpoints appear to belong to the latter category.

Terms of Service

As previously mentioned, the terms of these three providers make it highly likely, and in some cases completely exclude, unauthorized third-party arrangements.

Wolfram Alpha explicitly prohibits "distributors and aggregators," forbids any form of data scraping or mining, and prohibits the sale or sublicensing of the service without permission. These terms appear to leave no room whatsoever for authorized third-party pathways. Furthermore, reviewing the quickstart guide for this endpoint makes it clear that this is not a first-party integration.

(API prohibited content in Wolfram Alpha Terms of Service)

Amadeus’s primary subscription service agreement permits customers to access the service solely for internal business purposes and prohibits any “renting, leasing, distributing, selling, reselling, transferring, or otherwise conveying” access rights. Any third-party connection requires Amadeus’s certification and must be documented via a formal service order. This means that obtaining third-party authorization is possible only through this route, and it is not externally visible whether any existing endpoints comply with this requirement.

(Restrictions in the Agreement Restrictions in the Amadeus Master Subscription Agreement)

Google is the most typical case. Google Flights does not have a public API, and Google implements strict protections for its data.

However, third-party wrapper programs are packaging access to Google Flights data sourced from SerpApi—a company Google is actively suing for scraping search results and reselling access. Google’s complaint alleges that SerpApi developed tools to bypass access controls, sending “hundreds of millions” of fake requests daily to scrape data, and reselling copyrighted content embedded within the search results.

Therefore, Google sued SerpApi for reselling copyrighted content and circumventing its access controls. Meanwhile, SerpApi’s service has been packaged by a proxy toolkit provider, which offers it to agents for a fee. This is worth considering.

(Access SerpApi details via the StableTravel endpoint)

How is compliance demonstrated?

Even without a legal expert, it’s clear that these dynamics are complex. The good news is that a clearer pattern already exists.

MPP is the proxy payment protocol launched by Tempo at its mainnet launch, offering over 100 compatible services on its first day. Suppliers that have integrated MPP directly—such as Parallel, Stripe Climate, and Browser Base—are marked with a green circle on their cards, indicating they are first-party providers.

(Service directory viewed via mpp.dev)

About two weeks ago, the popular AI research tool Exa announced native support for the x402 protocol in its search and content endpoints, becoming a first-party provider and partnering with Coinbase. Exa stated that it chose x402 over proprietary protocols because it is governed by the Linux Foundation.

Inevitable outcome

Currently, it is not possible for external parties to determine whether an endpoint is first-party, third-party authorized, or unauthorized. This is a solvable issue, and MPP’s service directory—which clearly shows the source of each integration—is a step in the right direction.

Unauthorized scraping has imposed measurable burdens on service providers: server load, bandwidth costs, and traffic they never agreed to provide. The situation is made worse when third parties package the scraped data in the x402 protocol and charge fees. Service providers bear all the costs but receive nothing in return.

Therefore, it is necessary to identify the root cause of the issue. x402 is an open protocol—just as any developer can build upon HTTP, any developer can build upon x402. The payment mechanism cannot track whether upstream data was obtained with proper authorization. The responsibility lies with the developers who package these endpoints for users.

Without an accountability mechanism, the overall development of x402 could be negatively impacted—potential native integrators may become opponents rather than participants. These revenues should belong to the service providers. Native integration is how they claim ownership of these revenues and how x402 gains the legitimacy it needs for growth.

Note: As of April 25, Google Flights is no longer included in Agentic Market.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.