Prism · the agent-payable gateway

Your API.
Agent-payable.
No rewrites.

Wrap your existing API in five minutes. Prism handles agent discovery (MCP, x402), authentication (OAuth + DCR), payment settlement across ten rails, signed audit, idempotency, and rev-share. Two webhooks on your side. Zero changes to your business logic.

Prism is the first product from Agent Gate, the infrastructure layer for the agent-payable web.

see how it workslive examples
operator · onboarding
00/12
fig.01 — wrap your API in 5 minutes
~ 4.2 s end-to-end
04
agent surfaces
10
payment rails
02
mandate sources
round-trips/sec
x402.solana-mock.usdc.sol·200 OK
x402.evm.usdc.base·200 OK
solana-pay.usdc.sol·200 OK
evm-transfer.usdc.base·200 OK
evm-transfer.usdc.polygon·200 OK
stripe.intent.usd·200 OK
stripe.mpp.usd·200 OK
acp.checkout.usd·200 OK
commerce.coinbase.usdc·200 OK
lightning.bolt11.btc·200 OK
ap2.google.jwt·200 OK
x402.solana-mock.usdc.sol·200 OK
x402.evm.usdc.base·200 OK
solana-pay.usdc.sol·200 OK
evm-transfer.usdc.base·200 OK
evm-transfer.usdc.polygon·200 OK
stripe.intent.usd·200 OK
stripe.mpp.usd·200 OK
acp.checkout.usd·200 OK
commerce.coinbase.usdc·200 OK
lightning.bolt11.btc·200 OK
ap2.google.jwt·200 OK
§ 01 — how operators wrap

Three steps. Five minutes. No business-logic changes.

Prism sits in front of your existing API as a configurable reverse proxy. Your code stays where it is. Customers (agents) discover, pay, and call through Prism.

01
Register your API

One POST. Tell prism your API's URL, two webhook endpoints, your fee, and the resource id agents will call. Persisted in the multi-tenant store; hot-registered without a restart.

step 01shell
$ curl -sX POST https://api.agentgate.md/admin/tenants \
  -H "Authorization: Bearer $PRISM_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "slug": "acme-search",
    "display_name": "Acme Search",
    "credentials": {
      "gateway": {
        "target_url":  "https://api.acme.com",
        "quote_url":   "https://api.acme.com/_prism/quote",
        "settle_url":  "https://api.acme.com/_prism/settle",
        "webhook_secret": "whsec_...",
        "resource_id": "acme.search",
        "fee_bps": 250
      }
    }
  }'
02
Implement two webhooks

Quote returns a price for the agent's request. Settle confirms after payment. Each is a small handler. Prism signs settle deliveries (HMAC-SHA256), retries with exponential backoff, dead-letters on permanent failure. Stripe-shaped DX.

step 02typescript
// /your/_prism/quote
export async function POST(req) {
  const { method, path, body_b64 } = await req.json();
  // Static, per-shape, cost-plus, or per-agent — your call.
  return Response.json({
    price_minor: "5000",
    price_asset: "USDC.SOL",
    price_decimals: 6,
  });
}

// /your/_prism/settle
import { verifyPrismSignature } from "./verify";
export async function POST(req) {
  const body = await req.text();
  if (!verifyPrismSignature({
    secret: process.env.PRISM_WEBHOOK_SECRET!,
    timestampHeader: req.headers.get("x-prism-timestamp"),
    signatureHeader: req.headers.get("x-prism-signature"),
    body,
  })) return new Response("unauthorized", { status: 401 });
  const event = JSON.parse(body);
  await db.creditAgent(event.agent_id, event.amount_minor);
  return new Response(null, { status: 200 });
}
03
Get paid by agents

Agents discover your resource through MCP, REST, ACP, or A2A — whichever they speak. They pay through any of ten rails (x402, Solana Pay, EVM transfer, Stripe, Lightning, AP2, …). Prism takes its bps + flat. You see net in /admin/.../revenue.

step 03shell
# Agent side — any MCP client:
$ claude mcp add prism --transport http https://api.agentgate.md/mcp
 mcp/prism registered  (12 tools)

# Operator side — rev-share rolling totals, per asset:
$ curl https://api.agentgate.md/admin/tenants/$ID/gateway/revenue \
  -H "Authorization: Bearer $PRISM_ADMIN_KEY"
{
  "delivered_events": 1247,
  "by_asset": [
    { "asset": "USDC.SOL", "calls": 1247,
      "gross_minor": "6235000", "fee_minor": "162075",
      "net_to_customer_minor": "6072925" }
  ]
}
A full working reference is ~150 lines of TypeScript: three handlers, copy-paste-able. Public release coming with the Agent Gate org launch.
§ 02 — surfaces

Four front doors. One gateway.

Same Bearer, same idempotency, same audit log. Agents pick the protocol they already speak — your /quote and /settle handlers don't change.

REST
Hypertext Transfer
RFC 6750 · RFC 7807
Canonical surface. Bearer + JSON. Drives browsers, cURL, half the integrations you already have.
/manifest
/sessions
/play
/mandates
/openapi.json
MCP
Model Context Protocol
MCP 2024-11-05 · RFC 9728
What Claude Code, Claude Desktop, and Cursor speak. Streamable HTTP + JSON-RPC + WWW-Authenticate auto-discovery.
/mcp · initialize
/mcp · tools/list
/mcp · tools/call
ACP
Agent Commerce Protocol
ACP 0.1 (draft)
Cart-shaped commerce. Quote, fund, checkout, settle. The protocol most aligned with how Prism already shapes payments.
/acp/cart
/acp/cart/{id}/checkout
/acp/cart/{id}/settle
A2A
Agent to Agent
JSON-RPC 2.0
Pure JSON-RPC 2.0 over HTTP. The lingua franca for agents that don't want to know what an HTTP verb is.
/a2a · prism.list_resources
/a2a · prism.quote
/a2a · prism.invoke
§ 03 — settle webhook · DX

If you've shipped Stripe webhooks, you've shipped this.

HMAC-SHA256 signing. Idempotency key per event. Exponential backoff. Durable event log. Manual redeliver from /admin. The boring details that make webhooks survivable in production.

POST /your/_prism/settle
Delivery envelope

Every settle delivery carries the headers you'd expect from a modern webhook system. Same shape across all event types.

x-prism-event-id:evt_01HRT8X7K2ZQA9V5
x-prism-event-type:settle.delivered
x-prism-tenant:tnt_8af3d1c0
x-prism-timestamp:1730551204
x-prism-signature:t=1730551204,v1=4f3c...8e21
x-prism-attempt:1
x-prism-idempotency-key:evt_01HRT8X7K2ZQA9V5
retry · evt_01HRT8X7K2ZQA9V5
Backoff timeline

Up to 8 attempts over ~24h. Same idempotency key on every retry — your handler stays correct under at-least-once delivery.

#01+0s502your handler 5xx'd
#02+5s502exponential backoff
#03+25s502still 5xx
#04+2m200delivered ✓
DURABLE
Event log
Every delivery + attempt persisted. Replay months back.
REDELIVER
One click
POST /admin/.../events/:id/redeliver. Same envelope, fresh attempt.
IDEMPOTENT
By event_id
Hash and dedupe at your handler. No double-credits.
DEAD-LETTER
Auto-park
After 8 fails, event lands in DLQ. Alerts ready to wire.
§ 04 — rev-share

Your asset. Your rail. Your fee.

Prism takes a basis-point fee plus a flat per-event amount, in the same asset the agent paid. Rolling totals exposed on /admin. Cash out the way you already do.

GET /admin/tenants/$ID/gateway/revenuelive · rolling 30d
USDC.SOL
solana-pay · x402.solana-mock
1,247
6,235.000
162.075
6,072.925
USDC.BASE
evm-transfer · x402.evm
402
2,010.000
52.260
1,957.740
USD
stripe.intent · stripe.mpp
188
940.00
24.44
915.56
BTC.LN
sats
lightning.bolt11
73
365,000
9,490
355,510
denominated per-asset · no forced FX · settlement on your rail
fee = 250bps × gross + 5 minor units · per delivered event
PRICING
Static, per-shape, cost-plus, per-agent
Your /quote handler sets the price. You can charge more for hard requests, less for known agents, free for trials.
DISCOUNTS
Promos & per-agent overrides
Cut a deal with one agent, run a promo for everyone, keep the public price stable. Quote-time decision, no schema changes.
PAYOUT
On your existing rail
Stripe to your Stripe. USDC to your wallet. Sats to your Lightning node. Prism never custodies — funds settle to you, then a fee invoice issues.
§ 05 — examples · live

Two real deployments. Both fork-able.

One shows the operator path: wrapping an existing API. One shows the agent path: an MCP client that pays. Both are deployed against api.agentgate.md right now.

01 · operator reference
soon
weather-gateway
wrap a free weather API in 150 lines

Two route handlers (/quote and /settle), one tenant POST, deployed to Vercel. Charges agents $0.005 per /forecast call. The minimum-viable wrap. Public release with the Agent Gate org.

~150 LoC TypeScript · coming soon↗ open
$ vercel deploy weather-gateway
$ curl -sX POST $PRISM/admin/tenants -d @prism.tenant.json
✓ tnt_…  fee_bps=250  resource_id=weather.forecast
 first agent pays $0.005 USDC.SOL
see how it works ↓
02 · agent demo
live
casino · live MCP
an agent gambles its own money

Spin a slot reel from inside Claude Code. The agent issues an AP2 mandate, pays via Stripe, and pulls a BLAKE3 commit-reveal — fully audit-logged. The customer doesn't have a face.

demo · MCP · Stripe · BLAKE3↗ open
$ claude mcp add casino \
    --transport http https://casino.agentgate.md/mcp
✓ mcp/casino  registered  (4 tools)
▸ pay_to_play_mandate { amount_usd: 25 }  → mandate_active
open live deployment
§ 06 — built on

Boring standards. Wild composition.

Nothing here is invented. Prism is what you get when you wire the existing agent / payment / crypto stack together with care.

RFC 6750Bearer token usage
RFC 7591Dynamic Client Registration
RFC 8414OAuth 2.0 Authorization Server Metadata
RFC 9728OAuth 2.0 Protected Resource Metadata
RFC 7807Problem Details for HTTP
OAuth 2.1modern profile
MCP 2024-11-05Model Context Protocol
AP2Google Agent Payments — JWT mandates
x402HTTP 402 payment-required revival
JSON-RPC 2.0A2A wire format
BLAKE3commit-reveal & audit hashing
Ed25519operator + audit signatures
§ 07 — get started

Two paths.
One command each.

Pick the side you're on. Both lead to the same gateway, both land you in production within an afternoon.

for operators
Wrap your API

Register your tenant, point Prism at your /quote and /settle handlers, ship. Existing API code stays where it is.

POST /admin/tenants
docs · operator quickstartsee the three-step wrap
for agents
Plug into MCP

DCR + token + auto-discovery. Your agent registers itself, gets a bearer, and can call any tenant's resources behind Prism.

MCP · streamable HTTP
docs · agent quickstarttry the casino demo
· Claude Code· Claude Desktop· Cursor· any MCP client· any HTTP API behind a webhook