# x402 Facilitator

> Drop-in x402 payment facilitator. No CDP keys needed.

## Quick Start

1. Deposit USDC via x402 payment:
   POST https://x402facilitator.dev/api/deposit?amount=10
   Body: { "notificationEmail": "you@example.com", "walletAddress": "0xYOUR_WALLET" }
   (x402-protected — use fetch or a funded wallet)

2. Use your facilitator URL in any x402 app:
   import { HTTPFacilitatorClient } from '@x402/core/server';
   const facilitator = new HTTPFacilitatorClient({
     url: 'https://x402facilitator.dev/api/facilitator/v2/YOUR_API_KEY'
   });

## Endpoints

### POST /api/deposit?amount=N
- x402-protected (pay to deposit)
- Default: $10, Minimum: $2.50
- Body: { "notificationEmail": "you@example.com", "walletAddress": "0xYOUR_WALLET" }
- Returns: { facilitatorId, facilitatorUrl, depositAmount, balance }

### GET /api/balance
- SIWX-authenticated (sign-in-with-x header)
- Returns: { facilitatorId, facilitatorUrl, balanceUsdc, totalDepositedUsdc, totalSpentUsdc, settleCount, signers }

### POST /api/signers
- SIWX-authenticated
- Body: { "walletAddress": "0x..." }
- Add an authorized signer (max 50 per account)

### DELETE /api/signers
- SIWX-authenticated
- Body: { "walletAddress": "0x..." }
- Remove an authorized signer

### POST /api/rotate-key
- SIWX-authenticated
- Generates a new API key, invalidating the old facilitator URL
- Returns: { facilitatorId, facilitatorUrl }

### Facilitator Proxy (no auth — API key in URL)
- POST /api/facilitator/v2/{apiKey}/verify — Verify payment (free)
- POST /api/facilitator/v2/{apiKey}/settle — Settle payment ($0.01/call)
- GET /api/facilitator/v2/{apiKey}/supported — Get supported networks (free)

## Pricing

| Operation | Cost |
|-----------|------|
| Settle    | $0.01 per call |
| Verify    | Free |
| Supported | Free |
| Deposit   | Any amount >= $2.50 |

## Notes

- Your facilitator URL is drop-in compatible with HTTPFacilitatorClient from @x402/core
- Balance is deducted per settle call ($0.01)
- Email notifications at 50%, 25%, 10%, and 0% balance thresholds
- Authorized signers can check balance and manage signers on your behalf
- If your API key is compromised, rotate it via POST /api/rotate-key (SIWX-authenticated)