agentgrade

← Knowledge Base

What is SPT?

SPT (Shared Payment Token) lets AI agents pay for API calls with Stripe — using real card payments instead of crypto. A user pre-authorizes a token with spending limits, and the agent uses it to pay services autonomously.

How it works

User creates an SPT via Stripe with spending limits (max amount, currency, expiration)

Agent sends a request to a paid endpoint

Server returns HTTP 402 with WWW-Authenticate: Payment method="stripe", intent="charge", request=""

Agent decodes the request field to learn the price (amount, currency)

Agent retries with Authorization: Payment containing the SPT

Server creates a Stripe PaymentIntent using the token, verifies it succeeded, and responds

Key concepts

• Shared Payment Token: A scoped, limited-use Stripe token (prefixed spt_) that grants an agent permission to spend
• Usage limits: Each token has max amount, currency, and expiration — the user controls how much the agent can spend
• mppx middleware: The same middleware that handles MPP (Tempo) payments also handles SPT — a server can accept both
• Multiple challenges: A 402 response can include multiple WWW-Authenticate: Payment headers for different methods (tempo, stripe), letting agents choose how to pay

How agents discover SPT

SPT uses two discovery channels:

Runtime (authoritative): The HTTP 402 response with method="stripe" in the WWW-Authenticate: Payment challenge

Pre-request (advisory): OpenAPI x-payment-info extension on operations that require payment

The 402 response is always authoritative — OpenAPI metadata is advisory only.

How to add SPT to your service

Install mppx: npm install mppx

Configure your Stripe secret key

The mppx middleware will return 402 challenges for both Tempo and Stripe methods

Agents with an SPT can pay via Stripe; agents with pathUSD can pay via Tempo

Learn more

• Stripe SPT docs — Token creation and usage
• mppx on npm — Middleware that handles both MPP and SPT
• paymentauth.org — Payment discovery spec