How can you easily stay on top of market trends, technological developments, ecosystem advancements, and governance dynamics in the Web3 space? Web3Caff Research’s “Market Pulse Analysis” dives into the front lines to identify, filter, and deliver insightful commentary and technical breakdowns of current key events—helping you see beyond the surface and instantly grasp the latest market directions in Web3.
Author: Hendrix, Researcher at Web3Caff Research
Source: Web3Caff Research
As AI agents become increasingly capable and take on more end-to-end tasks, building payment systems for agents has become a necessary evolution for traditional merchants and service providers. However, existing solutions each have their limitations: traditional payment systems—such as credit cards and third-party payment platforms—were originally designed for human users and require complex identity verification and risk assessment processes that are unsuitable for agents. Meanwhile, emerging agent payment protocols like x402 (developed and promoted by Coinbase) and MPP (Machine Payment Protocol by Tempo and Stripe) operate as separate systems, entirely built for on-chain payments, processing the entire transaction on-chain and relying on on-chain verification for security. This forces service providers to build an entirely separate payment infrastructure outside their traditional channels, raising the barrier to adoption. Traditional payment solutions and emerging agent payment protocols resemble two parallel lanes that have not been effectively integrated, limiting agents’ ability to autonomously purchase services mostly to Web3-friendly ecosystems and preventing large-scale workflow automation. To address this, Solana Foundation and Google Cloud have jointly launched Pay.sh, positioned as a “payment gateway between agents and enterprise-grade services,” bridging the final step for agents to access a broader range of services.
Compliance notice: The content below is provided solely for objective analysis of Pay.sh and its technical principles and design rules, and does not constitute any proposal or offer. Please do not make any decisions based on this information, and strictly comply with the laws and regulations of your country or region (readers in mainland China are strongly advised to review “Compilation and Key Highlights of Laws and Regulations in Mainland China Related to Blockchain and Virtual Currencies”). Do not engage in any financial activities prohibited by the laws of your country or region.
Pay.sh allows users to quickly fund their Solanastablecoinwalletvia credit card orusing the wallet as an agent identity and paymentaccountproxy. When an agent needs to access services, there’s no need to register new accounts or enter API keys—Pay.sh’s gateway, like a Google Identity system, attests to the agent’s legitimate identity, enabling it to use a unified account to purchase previously hard-to-access development resources such as Google Cloud and Alibaba Cloud.
Currently supported API services by Pay.sh Image source: Project official website
The payment flow of Pay.sh is similar to the recently popular x402 protocol, both built upon the HTTP 402 status code: when an agent detects the need to invoke an external service, it sends a request to the paid resource; the server responds with status code 402 (Payment Required), along with detailed payment information including the amount, payment plan, recipient address, payment validity period, and more. Pay.sh parses this information and initiates an authorization request to the wallet. Once the wallet completes the payment and generates a payment receipt, Pay.sh resubmits the service request with the receipt to receive a normal response. However, to accommodate various API usage scenarios, Pay.sh also supports both x402 and MPP payment logic: when the server returns status code 402, Pay.sh further determines the payment method of the target service. If it is a one-time data access (payment grants single-use access) or usage-based access (payment grants a fixed quantity of access), Pay.sh constructs and broadcasts a one-time fixed-amount transaction on-chain. If it is continuous billing or session-based billing (unified billing based on usage), Pay.sh supports the session authorization credential introduced by the MPP (Machine Payment Protocol), embedding a budget cap into the authorization and returning it to the server. This allows the agent to repeatedly invoke the service within a short time frame, avoiding frequent reauthorization. Pay.sh updates the remaining balance on each invocation and automatically reinitiates session authorization when the budget is exhausted or the service expires. Pay.sh automatically selects the most suitable payment pathway based on the target service’s requirements, reducing both usage and management costs. Pay.sh also ensures that wallets are always securely stored locally and only requests user confirmation when payment is needed. Upon receiving responses, Pay.sh distinguishes between data and instructions: all external content returned by the service provider—including titles, bodies, and API descriptions—is treated as untrusted input; the proxy does not directly execute any commands returned by the service provider to prevent malicious prompt injection or other attacks.
The biggest advantage of Pay.sh is that it provides service providers with an easily deployable gateway, allowing them to integrate the payment gateway into their service network without requiring major modifications to their existing payment channels or APIs. Service providers only need to provide a declarative file specifying payment-related parameters to adapt to various complex use cases—for example, by defining routing rules, agents can use services for free up to a certain quota, and then be charged once the quota is exceeded, even enabling tiered pricing (different prices for different usage levels). In addition, Pay.sh offers payment splitting functionality: fees received by service providers can be automatically distributed to multiple addresses—for instance, 2% for payment data royalties, 5% for cloud costs, and the remainder retained for operational expenses. Service providers only need to define different percentages or amounts when setting up收款 addresses to achieve multi-account settlement in a single step. After registration, service providers can publish their API service data to the Pay Skill Registry, enabling agents to discover and select suitable API services by querying the registry.
Pay.sh is not a competitor to x402 and MPP. While x402 and MPP protocols aim to make on-chain agent payments more reliable, Pay.sh seeks to bridge the Web2 and Web3 payment ecosystems, granting agents identity alongside payment capability. An agent’s wallet serves as both identity and payment method, eliminating the need to register separately on service providers’ websites—a practice that some providers may even treat as a violation when agents mimic human registration. Additionally, through its partnership with Google, Pay.sh enables agents to execute API proxying and traffic orchestration within Google Cloud, ensuring access control and logging compliance, thereby keeping agent behavior within acceptable boundaries. Pay.sh provides a curated service directory with transparent pricing discovery, allowing agents to avoid randomly discovering services in unsecured environments, while also supporting diverse payment methods from x402 and MPP. Service execution can be completed on Google Cloud while meeting enterprise compliance requirements—capabilities that complement x402 and MPP’s limitations as standalone payment channels and open a gateway for agent commerce to flow into Web3. Furthermore, Pay.sh completes the final payment layer for multiple agent commerce protocols launched by Google: A2A (Agent-to-Agent Protocol) enables communication and task delegation between agents; AP2 (Agent Payments Protocol) handles compliance verification; UCP (Universal Commerce Protocol) manages service discovery and execution; and Pay.sh ensures seamless, frictionless settlement of service value. Pay.sh also completes the Web2 agent commerce ecosystem, becoming a convergence point for value flow between the two worlds. This step also represents an upgrade opportunity for the Solana blockchain ecosystem. Within the x402 protocol environment, numerous wrapper APIs exist, where service providers violate original terms of service by reselling services—for example, scraping database websites for resale or repackaging large model APIs for redistribution. Agents operating in this environment cannot distinguish between authorized services and malicious spam services. Through Pay.sh’s payment gateway integrated with Google, agents using services via Pay.sh can significantly reduce potential risks. The launch of Pay.sh signals Solana’s direct involvement in backing and providing infrastructure for agent payments—not only attracting more Web2 payment traffic to Solana but also enhancing and accelerating the adoption of Solana wallets themselves.
However, Pay.sh is still far from being a perfect payment gateway solution. The Pay.sh service registry currently lacks an access control mechanism and a decentralized verification system, making it difficult to effectively distinguish between unauthorized third-party proxy services and malicious services. Agents face significant risks of connecting to counterfeit services, potentially causing losses to users. Furthermore, since Pay.sh does not design the underlying payment protocols itself, payment security largely depends on the design of the underlying protocols, introducing uncontrollable external risks to Pay.sh and potentially leading to payment failures due to inadequate adaptation to different protocols. From the perspective of service providers, despite Google’s endorsement, API vendors in different countries and regions may still hesitate to offer services through Pay.sh due to compliance requirements related to data privacy management and payment regulations. This not only limits the number of service providers willing to use Pay.sh but may also require Pay.sh to undertake additional compliance efforts in the future. Nevertheless, the launch of Pay.sh marks a significant step toward the practical integration of Web2 and Web3 in agent payment infrastructure, enabling on-chain wallets to serve as trusted endorsements for agents participating in diverse tasks. Therefore, we can continue to monitor Pay.sh’s subsequent developments.
Key structure diagram:
