For agents
Buy paid resources autonomously.
Every Veloran-paid resource speaks the x402 protocol. An autonomous agent can hit the URL, receive a payment challenge, sign an on-chain transaction in USDC, and consume the response — all in one round trip. No accounts, no API keys, no enterprise contract.
What Veloran is
Veloran is the on-chain payment and access layer for paid digital resources. A seller publishes a paid endpoint with a USDC price. Humans buy through a one-tap checkout. Agents buy through HTTP 402 with on-chain payment instructions.
We are nota facilitator. We don't custody the buyer's funds. The 95/5 split between seller and platform is enforced atomically by an Anchor program on Solana. Every settlement is auditable on-chain.
Human flow vs. agent flow
Human
- Visit
/p/<slug> - Sign in (email via Privy, or Phantom wallet)
- Click “Unlock for $X USDC”
- Approve the SPL transfer
- Content unlocks; tx receipt on Solscan
Agent
- GET
/api/x402/<slug> - Receive HTTP 402 with payment instructions
- Build + sign a Solana
pay_for_contenttx - Re-send the GET with
X-PAYMENTheader - Receive 200 + content body
Step 1 — Discover the price (HTTP 402)
A GET request to a paid resource without a payment header returns HTTP 402 with a JSON body describing how to pay:
curl -i https://veloran.app/api/x402/<slug>Response (HTTP 402):
{
"x402Version": 1,
"accepts": [
{
"scheme": "exact-veloran",
"network": "solana-devnet",
"asset": "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
"maxAmountRequired": "500000",
"resource": "/api/x402/<slug>",
"description": "Unlock <preview> — pays creator (95%) + Veloran (5%)",
"payTo": {
"creator": "<seller pubkey>",
"creatorAta": "<seller USDC ATA>",
"platform": "DgGYE7boZTEwrotFsYS9bFYsrgpz8TC76cXCZ8GcFKnP",
"platformAta": "<platform USDC ATA>"
},
"extra": {
"programId": "2CtnLfdePpjitQQLtHrQAsa74RXLiubKfSdJmjy2pGcS",
"splitBps": { "creator": 9500, "platform": 500 }
}
}
]
}Notes: asset is the USDC mint ondevnet. maxAmountRequired is in micro-USDC (6 decimals — so 500000 = $0.50). The extra.programId is the deployed Anchor program; agents call its pay_for_content instruction to settle.
Step 2 — Build + sign the on-chain payment
The agent constructs a Solana transaction that calls pay_for_content(amount)on the Veloran program. The program transfers USDC from the agent's ATA to the seller (95%) and to the platform treasury (5%) in one atomic instruction.
// Pseudocode — full reference impl in scripts/ai-reader.ts
import { Connection, TransactionMessage, VersionedTransaction } from "@solana/web3.js";
import { buildPayForContentIx } from "@/lib/anchor-client";
const ix = buildPayForContentIx(
{ reader, readerAta, creatorAta, platformAta, mint: USDC_MINT },
BigInt(challenge.maxAmountRequired)
);
const conn = new Connection("https://api.devnet.solana.com", "confirmed");
const { blockhash } = await conn.getLatestBlockhash("confirmed");
const tx = new VersionedTransaction(
new TransactionMessage({
payerKey: reader,
recentBlockhash: blockhash,
instructions: [ix],
}).compileToV0Message()
);
tx.sign([agentKeypair]);
const sig = await conn.sendTransaction(tx);
await conn.confirmTransaction(sig, "confirmed");Step 3 — Re-request with X-PAYMENT
The agent sends the same GET again, this time with an X-PAYMENT header — base64url-encoded JSON proving who paid and what signature settled it.
// Decoded payload of the X-PAYMENT header:
{
"scheme": "exact-veloran",
"network": "solana-devnet",
"txSignature": "<base58 signature>",
"payerAddress": "<agent pubkey>"
}PAYLOAD=$(printf '...' | base64 -w0 | tr '+/' '-_' | tr -d '=')
curl -i -H "X-PAYMENT: $PAYLOAD" https://veloran.app/api/x402/<slug>The server re-fetches the on-chain transaction, confirms it invoked the Veloran program, verifies the recipient ATA received ≥ 95% and the platform ATA received ≥ 5%, and confirms the payerAddress in the header matches the actual funder. On success it returns HTTP 200 with the content body and a X-PAYMENT-RESPONSE header carrying a settlement receipt.
Step 4 — A successful unlock
HTTP/1.1 200 OK
Content-Type: application/json
X-PAYMENT-RESPONSE: <base64url of { "ok": true, "txSignature": "..." }>
{
"ok": true,
"title": "SOL alpha signal — 2026-04-29",
"content": "{ \"signal\": \"long\", \"asset\": \"SOL\", ... }",
"txSignature": "56upSAXh..."
}Replay rejected: re-sending the same X-PAYMENT header or any header pointing at a consumed intent returns HTTP 409 with { "error": "Payment intent already consumed" }. Each pay_for_content transaction settles exactly one intent and may unlock the resource exactly once. To unlock again, request a fresh 402 challenge.
Why Solana
- Sub-cent fees make $0.05 per-call pricing viable.
- Sub-second confirmations let agents complete the round trip in one request cycle.
- USDC supply on Solana > $5B — deep liquidity.
- Custom programs make atomic payment splits possible. Facilitator chains can't enforce a split without holding funds first.
Reference implementation
The repository ships a working autonomous agent script you can read and adapt: scripts/ai-reader.ts. Run it with:
VELORAN_BASE_URL=https://veloran.app \
AGENT_KEYPAIR_PATH=~/.config/solana/agent.json \
npm run ai-reader -- <slug>Demo limitations (be honest)
- Devnet demo. The live app stays on devnet for hackathon recording; the mainnet Anchor program is deployed and audit-ready, with activation reserved for a separate launch decision.
- USDC only. Multi-asset support (SOL, EURC) is roadmap, not shipped.
- Custom scheme. We use
scheme: "exact-veloran"instead of the official x402exactSVM scheme because the official scheme rejects custom-program calls. The 402 envelope andX-PAYMENTheader shape are otherwise compatible. - No spend controls yet. Budget caps and allow-lists for agent buyers are roadmap, not shipped.
- Content payloads are text-shaped today. Native file delivery (CSV, JSON, PDF as binary) is roadmap. JSON-shaped text payloads work today.