x402 vs API keys migrating to pay-per-call.
API keys were built for humans who sign up once and subscribe. Agents don't sign up. Here's how to add x402 pay-per-call alongside your existing key system — without breaking a single current customer.
An API key bundles three things: identity (who is calling), authorization (are they allowed), and billing (someone signed up and gave you a card). That bundle works when the caller is a company with an engineer who did the signup. It fails when the caller is an agent that discovered your API four seconds ago and wants exactly one call.
x402 unbundles it. Payment itself authorizes the call: the agent receives your 402 challenge, pays the quoted USDC amount, and the request proceeds — settled on Base in about two seconds, no account, no key, no chargeback risk. The good news for providers is that this isn't a rip-and-replace migration. It's an additive one.
What you keep, what you add
Keep keys for the customers who want them. Subscriptions suit high-volume integrators: predictable invoices, negotiated rates, support relationships. None of that should change on day one — a migration that breaks existing billing is a churn event, not an upgrade.
Add x402 as a second front door for callers without keys. Unkeyed traffic that today gets a 401 and bounces becomes traffic that gets a 402 and can convert itself into revenue on the spot. The agent that would never complete your signup flow pays $0.02 and becomes a customer.
The dual-stack pattern
Route on the credential: if a request carries a valid API key, bill it against the subscription as you do today; if it carries no key, challenge it with x402. One handler, two payment paths, zero disruption to existing integrations.
import { requirePayment } from "@loomal/sdk";
const handler = async (req: Request) =>
Response.json(await runLookup(await req.json()));
export const POST = (req: Request) =>
req.headers.get("x-api-key")
? withKeyAuth(handler)(req) // existing subscribers
: requirePayment({ price: "$0.02" }, handler)(req); // agents pay per callTranslating subscription prices to per-call
Don't divide your monthly price by the quota and call it done — that number assumes full quota usage, which almost nobody hits. Instead, anchor on the median: what does a typical subscriber actually pay per call they actually make? Price the x402 path at or slightly above that, so casual per-call usage never undercuts your committed tiers.
The floor on Loomal is $0.01 per call, which conveniently filters out traffic not worth serving. Expect per-call to be your discovery tier, not your discount tier: agents trial at per-call prices, and the heavy ones graduate to keys and subscriptions — the same upgrade path free trials used to provide, except every trial call is paid.
What you stop maintaining
For the x402 path, entire categories of infrastructure go away. No key issuance, rotation, or revocation. No leaked-key incident response — there's nothing long-lived to leak, since each payment authorizes one call. No dunning emails, no failed-card retries, no chargebacks: USDC settlement is final. Metering still matters for analytics, but it stops being load-bearing for billing because every call settles before your handler runs.
Each settled call also produces an Ed25519-signed receipt, which means billing disputes — the 'we didn't make those calls' conversation — turn into verifiable records rather than log archaeology.
A migration sequence that doesn't break anything
Start with one endpoint — your most discovery-friendly, stateless one. Add the x402 branch behind the key check, list it on Loomal so agents can find it (listing is how the demand side learns you exist), and watch the split between keyed and paid-unkeyed traffic for a few weeks.
Then expand endpoint by endpoint, repricing as you learn — on Loomal a price change is one field and takes effect on the next call. Keys never have to die for the migration to succeed; the end state for most providers is a working dual stack, with subscriptions serving committed integrators and x402 serving the long tail of agents. Loomal's fee is 5% on settled transactions, currently waived.
FAQ
Do I have to drop API keys to adopt x402?
No — and you shouldn't. The standard pattern is dual-stack: existing keyed customers keep their subscriptions untouched, while unkeyed requests get a 402 challenge instead of a 401 rejection. The two billing paths share one handler.
Will per-call pricing cannibalize my subscriptions?
Not if you price it correctly. Set the per-call rate at or above the effective per-call cost of your typical subscriber, so high-volume users always save by committing. Per-call then works as a paid discovery tier that feeds subscription upgrades.
How do agents find the x402 version of my API?
Listing is the discovery mechanism. On the Loomal Index, your endpoint appears with its price and payment details in machine-readable form, so an agent can find it, read the cost, and make a paid call without any signup.
What about fraud and chargebacks on the x402 path?
They largely disappear. Payment settles in USDC on Base before your handler runs, settlement is final, and there's no card network to reverse the charge. The unpaid-usage problem keys were defending against doesn't exist when payment is the access mechanism.
Open the second front door.
Add per-call x402 pricing next to your keys and list it where agents shop.