Payment is authentication
There is no API key system. Every request carries cryptographic proof of payment, and that proof IS the auth credential:- x402 — a signed USDC transfer authorization, verified server-side before the response body is returned.
- MPP/Tempo — a signed session token from Tempo, verified server-side against the Tempo network.
Rate limits
Rate limits are per-payer (wallet address or MPP session), not per-IP:- Default: 60 requests/minute
- Higher limits: available on request — reach out
X-RateLimit-* response headers on every successful call.
What this means in practice
- No keys to provision, rotate, or revoke
- Burst capacity is bound to your wallet, not your IP — multiple agents sharing one wallet share one rate-limit pool
- Lost wallet = lost auth, no recovery path. Treat the wallet like any other production secret

