Private Agent Payments on Base: VeilNet x402, Settled by PayAI

Autonomous agents are starting to pay for things. Not with a saved credit card and a human in the loop — but directly, machine-to-machine, the moment a service is needed. The missing piece has always been a payment rail that's native to how agents already talk to the web: HTTP.

That rail is x402 — the HTTP 402 Payment Required standard for stablecoin payments over HTTP — and as of this week, VeilNet's encrypted AI inference endpoint settles on it through PayAI. An agent can call https://api.veilnet.to/ai/chat with USDC on Base. No account. No JWT. No signup. Just pay-per-request.

And we took it one step further: every payment lands at a fresh, one-time address, so the on-chain record never builds a profile of who paid whom. Private inference, now with private settlement.

The payment rail: x402 × PayAI

x402 turns the dormant HTTP 402 Payment Required status code into a working payment flow. An agent hits an endpoint, gets a 402 back with the price and terms, signs a stablecoin authorization, and replays the request with proof of payment attached. No redirects, no checkout pages, no API keys to provision — the payment is the request.

The hard part isn't the status code; it's settlement. Someone has to verify the signature, confirm the amount, and land the funds on-chain — reliably, in one transaction, without holding the money. That's what the PayAI Facilitator does. It's the x402 payment protocol settlement layer VeilNet's middleware posts to by default: PayAI verifies the agent's signed authorization, settles it on Base in a single transaction, and returns a receipt. No middleman custody. Atomic. Instant.

We chose PayAI for three reasons that matter when you're shipping real agent-native payments infrastructure:

• Permissionless and account-free.An agent doesn't sign up for anything to pay. That's the whole point of x402, and PayAI honors it end-to-end.
• A free tier that fits real traffic (≤10k settlements/month) with no auth wall to start.
• A mature, open-source TypeScript SDK and a live, inspectable demo. You can run the whole HTTP 402 Payment Required flow yourself in minutes, and watch a real settlement on their x402 demo.

For VeilNet, the integration is permissionless at the protocol level — but PayAI being the largest non-Coinbase x402 facilitator by volume meant we could ship onto a settlement layer that's already battle-tested, not a prototype.

What we built: VeilNet private settlement

Here's the problem with paying on a public chain: the ledger remembers everything. Every USDC transfer to a fixed merchant address quietly assembles a graph — who your customers are, how often they come back, what they spend. For an inference endpoint serving autonomous agents, that's a metadata leak nobody asked for.

So VeilNet's x402 integration doesn't settle to one static address. It uses stealth payTo: for each payment, the endpoint mints a brand-new one-time address derived from a published meta-address. The agent pays it like any normal address; the PayAI Facilitator settles it like any normal USDC transfer — nothing changes on the buyer side or the facilitator side. But on-chain, there's no recurring recipient to cluster around. The payment graph never forms.

This is packaged as a drop-in: @veilnet/stealth-x402. It builds on EIP-5564 and ERC-6538 (stealth addresses) and EIP-3009 (gasless USDC transferWithAuthorization) — all live, audited standards. The amount stays public, as it always is on an open ledger. What disappears is the link between payments: who and whom, not how much.

The buyer's x402 client doesn't change. The facilitator doesn't change. You keep the exact same settlement path — you just stop leaking your customer list to anyone with a block explorer.

The result: a real agent-to-agent settlement on Base

This isn't a testnet diagram. We ran a live agent-to-agent payment on Base mainnet:

1. 1An agent called POST /ai/chat and received an HTTP 402 with a price (0.01 USDC), the asset, and facilitator.payai.network as the settlement endpoint.
2. 2The agent signed an EIP-3009 transferWithAuthorization and posted it to the PayAI Facilitator.
3. 3PayAI verified the signature and amount and settled it on Base in a single transaction — landing the USDC at a fresh one-time stealth address.
4. 4The agent replayed the request with its X-PAYMENT proof and got an encrypted-inference response back.

The settlement is on-chain and verifiable, and the recipient address is a one-time address that reveals nothing about VeilNet's other payments. That's the whole thesis in one transaction: pay-per-call, account-free, and private — settled by PayAI.

Why this matters

x402 is the cleanest answer yet to “how does an agent pay for a thing.” PayAI makes the settlement side real — verified, atomic, custody-free, on Base. VeilNet adds the privacy the public ledger otherwise strips away, on both ends: the inference is encrypted client-side and runs inside an attested TEE, and now the payment that pays for it doesn't build a graph either.

Veilnet is a privacy-focused protocol on Base: encrypted AI inference, encrypted agent strategies, and now private, account-free payments via x402. Learn more at app.veilnet.to.