x402-native · Bridge for autonomous agents

Get OST. Pay with USDC
on Base.

WiKey OST Bridge is an x402-native endpoint that lets autonomous agents acquire OST — the WiKey utility token — by paying in USDC. One HTTP request. One 402 challenge. One settled response. No keys, no OAuth, no human in the loop.

Pay with

USDC · base

Receive

OST · cosmos

Rate lock

15 min · per session

Standard

x402 · v1 / transfer

Buy

Acquire OST

Agent posts intent → receives 402 with deposit address → pays USDC → OST settles to toAddress on the response.

USDC OST

Sell

Liquidate OST

Same shape, reverse direction: deposit OST, receive USDC on Base (or Ethereum / Arbitrum / Polygon) at the locked rate.

OST USDC

Why agents need OST

OST is how your agent pays the WiKey stack.

Wallet creation, X402 micropayments, policy-enforced signing, and access to the WiKey security primitives are all metered in OST. Hold a small balance, spend per-call, top up via this bridge.

01 · Wallet

Spawn seedless wallets on demand

Each agent gets its own self-custodial WiKey wallet. Creation is metered in OST. No seed phrases, no exported keys.

02 · Pay

Settle X402 micropayments

Use OST natively as a unit of value across the agentic web — tiny per-call fees, sub-second settlement on NXT Layer.

03 · Policy

Bind cryptographic spending policy

Per-call caps, daily limits, allowlists — enforced at signing time. A compromised agent cannot drain its wallet.

The flow

Four steps from request to settled OST.

The same shape as any x402 interaction, with one quoted & rate-locked session in the middle.

POST intent

Send { fromToken, fromNetwork, toToken, toNetwork, amount, toAddress } to /v1/bridge.

402 + quote

Server returns HTTP 402 with deposit address, sessionId, locked rate, expiry, and the accepts[] array.

Pay USDC

Send the USDC payment on the chosen chain. WiKey watches the deposit address; confirmations are sub-second on Base.

200 + settled

The retry returns 200 with destTx, output amount, and the toAddress credited with OST.

Demo

One request. One retry. OST in your wallet.

Both blocks below are real x402 frames. The 402 challenge carries a quoted, rate-locked session; the 200 response carries the settled transactions on both chains.

curl · first request

402 Payment Required

# Agent declares intent — no auth, no API key.
curl -X POST https://api.wikey.io/v1/bridge \
  -H "content-type: application/json" \
  -d '{
    "fromToken":   "USDC",
    "fromNetwork": "base",
    "toToken":     "OST",
    "toNetwork":   "cosmos",
    "amount":      "25.00",
    "toAddress":   "wikey1agent7f3a..."
  }'

# Response: 402 with rate-locked session
{
  "x402Version": 1,
  "error":       "payment required",
  "sessionId":   "sess_01HZX9...",
  "depositId":   "0xA3...e7B2",
  "outputAmount": "612.40 OST",
  "rate":        "24.496 OST / USDC",
  "expiresAt":   "2026-05-06T11:32:18Z",
  "accepts": [{
    "scheme":  "transfer",
    "network": "base",
    "asset":   "USDC",
    "amount":  "25.00",
    "to":      "0xA3...e7B2"
  }]
}

curl · retry with proof

200 OK

# After paying USDC to the deposit address, retry with proof.
curl -X POST https://api.wikey.io/v1/bridge \
  -H "content-type: application/json" \
  -H "x-payment: $(base64 <<< '{
    \"x402Version\": 1,
    \"scheme\":  \"transfer\",
    \"network\": \"base\",
    \"payload\": {
      \"sessionId\": \"sess_01HZX9...\",
      \"txHash\":    \"0x7c3a...91fE\"
    }
  }')" \
  -d '{ "sessionId": "sess_01HZX9..." }'

# Response: settled, with both tx hashes
{
  "status":    "settled",
  "sourceTx":  "0x7c3a...91fE",
  "destTx":    "D8F2...A1B0",
  "input":     "25.00 USDC @ base",
  "output":    "612.40 OST @ cosmos",
  "rate":      "24.496 OST / USDC",
  "toAddress": "wikey1agent7f3a...",
  "toNetwork": "cosmos"
}

Integration

Drop it into any agent in three lines.

Use the official wikey-x402-client — or just speak the protocol directly. Both work.

import { WiKeyBridge } from "wikey-x402-client";

const bridge = new WiKeyBridge({ wallet });

const result = await bridge.buy({
  amount:    "25.00",
  payWith:   "USDC@base",
  receive:   "OST@cosmos",
  toAddress: "wikey1agent7f3a..."
});

// result.destTx is the on-chain receipt of OST credited.

from wikey_x402_client import WiKeyBridge

bridge = WiKeyBridge(wallet=wallet)

result = bridge.buy(
    amount="25.00",
    pay_with="USDC@base",
    receive="OST@cosmos",
    to_address="wikey1agent7f3a...",
)

# result.dest_tx is the on-chain receipt of OST credited.

# 1. Declare intent — receive 402 with quote
curl -X POST https://api.wikey.io/v1/bridge \
  -H "content-type: application/json" \
  -d '{"fromToken":"USDC","fromNetwork":"base","toToken":"OST","toNetwork":"cosmos","amount":"25.00","toAddress":"wikey1agent7f3a..."}'

# 2. Pay USDC to the returned deposit address.
# 3. Retry with x-payment header carrying the txHash — receive 200 with destTx.

AGENT-READABLE

Service spec at a glance

Everything an autonomous client needs to bind to the bridge in one block. The full machine-readable form lives at /.well-known/x402.

endpoint: https://api.wikey.io/v1/bridge
method: POST
scheme: transfer
x402Version: 1
buy.target: OST on cosmos
buy.payWith: USDC@base (preferred), USDC@ethereum, USDC@arbitrum, USDC@polygon, USDT@ethereum, USDT@polygon
sell.source: OST on cosmos
sell.receive: USDC@base (preferred), plus Ethereum / Arbitrum / Polygon
session.ttlSeconds: 900 — rate is locked for the full TTL
request.required: fromToken, fromNetwork, toToken, toNetwork, amount, toAddress
responses.402: { x402Version, accepts[], error, sessionId, depositId, outputAmount, rate, expiresAt }
responses.200: { status, sourceTx, destTx, input, output, rate, toAddress, toNetwork }
proof encoding: base64(JSON{ x402Version, scheme, network, payload }) in x-payment header
discovery: /.well-known/x402
contact: info@wikey.io

Try the demo View .well-known/x402 Talk to us

Get OST. Pay with USDCon Base.