SPT — Stripe Shared Payment Tokens

What is SPT?

SPT (Shared Payment Token) lets AI agents pay for API calls with Stripe — using real card payments instead of crypto. A user pre-authorizes a token with spending limits, and the agent uses it to pay services autonomously.

How it works

User creates an SPT via Stripe with spending limits (max amount, currency, expiration)
Agent sends a request to a paid endpoint
Server returns HTTP 402 with WWW-Authenticate: Payment method="stripe", intent="charge", request="<base64url>"
Agent decodes the request field to learn the price (amount, currency)
Agent retries with Authorization: Payment <credential> containing the SPT
Server creates a Stripe PaymentIntent using the token, verifies it succeeded, and responds

Key concepts

Shared Payment Token: A scoped, limited-use Stripe token (prefixed spt_) that grants an agent permission to spend
Usage limits: Each token has max amount, currency, and expiration — the user controls how much the agent can spend
mppx middleware: The same middleware that handles MPP (Tempo) payments also handles SPT — a server can accept both
Multiple challenges: A 402 response can include multiple WWW-Authenticate: Payment headers for different methods (tempo, stripe), letting agents choose how to pay

How agents discover SPT

SPT uses two discovery channels:

Runtime (authoritative): The HTTP 402 response with method="stripe" in the WWW-Authenticate: Payment challenge
Pre-request (advisory): OpenAPI x-payment-info extension on operations that require payment

The 402 response is always authoritative — OpenAPI metadata is advisory only.

How to add SPT to your service

Install mppx: npm install mppx
Configure your Stripe secret key
The mppx middleware will return 402 challenges for both Tempo and Stripe methods
Agents with an SPT can pay via Stripe; agents with pathUSD can pay via Tempo

Learn more

Stripe SPT docs — Token creation and usage
mppx on npm — Middleware that handles both MPP and SPT
paymentauth.org — Payment discovery spec