27 paid HTTP utilities any AI agent can call. Pay $0.001-$0.25 USDC per call. Multi-chain accepts on Base, Solana, XRPL, XRPL EVM, Stellar — agent picks which chain it holds liquidity on. No accounts, no API keys, no signup.
Veteran-owned, SDVOSB-pending, CAGE + SAM.gov registered. The only x402 gateway with a federal-procurement-ready paper trail.
{
"mcpServers": {
"bitbooth": {
"command": "npx",
"args": ["-y", "@bitbooth/mcp-fetch"],
"env": { "BITBOOTH_AGENT_KEY": "0x..." }
}
}
}claude_desktop_config.json (Claude Desktop), .cursorrules.mcp.json (Cursor), or any MCP-compatible client. The agent then has direct access to every BitBooth paid endpoint and settles in USDC on the chain it holds. Full docs at /docs/agents.curl -X POST https://app.heinrichstech.com/v1/free/echo -H 'content-type: application/json' -d '{"message":"hello from a curious dev"}'Each one handles a common job an AI agent needs done. Hit any URL with curl and you get back a live x402 v2 challenge listing every (network, asset, payTo) tuple it accepts. The agent then picks which chain to settle on. Scroll the catalog below — full list lives at /bazaar.json.
Smallest possible paid endpoint. Pay 0.001 USDC, get a JSON echo back. Reference implementation of the x402 + CDP Facilitator + Bazaar discovery loop.
curl -X POST https://app.heinrichstech.com/v1/cdp/echo
Take any almost-JSON string (LLM tool output, broken API response, etc.), fix common errors (trailing commas, single quotes, unquoted keys, missing brackets), and optionally validate against a JSON Schema. Built for AI agents that wrap every tool call in defensive parsing.
curl -X POST https://app.heinrichstech.com/v1/cdp/json-repair
Structured synthetic data on demand. Pass a template like { name: "person.fullName", email: "internet.email" } and a count, receive an array of records ready to seed forms, populate test databases, or feed mock data into prompt examples.
curl -X POST https://app.heinrichstech.com/v1/cdp/faker
JSON Schema validation + optional auto-coercion + a confidence score for any LLM tool-call payload. Pair with /v1/cdp/json-repair to fix malformed JSON first, then validate against your tool schema. Built for agents that need a programmatic gate between the model and downstream system calls.
curl -X POST https://app.heinrichstech.com/v1/cdp/llm-tool-validate
Pay 0.001 USDC, get DNS records for any hostname. Supports A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, CAA. Built on Node's built-in resolver with a 5s timeout cap; rejects IPv4/IPv6 inputs. Built for agents inspecting infra, debugging delivery, or pre-flighting a target hostname.
curl -X POST https://app.heinrichstech.com/v1/cdp/dns
Pay 0.001 USDC, verify a webhook signature against the provider canonical HMAC scheme. Supports stripe, github, vercel, cdp, slack, and generic HMAC-SHA256. Constant-time compare, clock-skew tolerance on timestamp-bearing providers. Stateless — caller supplies their secret in the request body, BitBooth never stores it. The boring API plumbing primitive every agent reinvents poorly.
curl -X POST https://app.heinrichstech.com/v1/cdp/webhook-sig-verify
Pay 0.001 USDC, verify a JWT signature plus the canonical claims (iss / aud / exp / nbf) against an inline publicKey (PEM) or sharedSecret. Supports HS256/384/512 + RS256/384/512. Constant-time HMAC compare, configurable clock-skew tolerance, alg=none rejected. Stateless — caller supplies their key in the request body, BitBooth never stores it. Same plumbing-primitive thesis as webhook-sig-verify, different protocol family.
curl -X POST https://app.heinrichstech.com/v1/cdp/jwt-verify
Pay 0.002 USDC, strip emails, phones, SSNs, credit cards, IPv4 addresses, and hex-looking secrets from a text blob before passing it to an LLM, log sink, or third-party API. Pure regex — no LLM inference, deterministic output, sub-cent per call. Compliance primitive for agents in regulated industries (health, finance, legal). Pairs with prompt-injection-scan as the sanitize-before-model pipeline. Byte counts on the response are auditable evidence of redaction for SOC2 / HIPAA logs.
curl -X POST https://app.heinrichstech.com/v1/cdp/pii-redact
Pay 0.001 USDC, safely compile + run a regex against a corpus with a hard 50ms CPU deadline. Returns structured matches (index, length, full match, capture groups). Supports JS engine flags g/i/m/s/u/y/d. Catastrophic backtracking surfaces as a regex_timeout instead of stalling the caller. The plumbing primitive every agent that consumes user-supplied regex reinvents poorly.
curl -X POST https://app.heinrichstech.com/v1/cdp/regex-test
Full Playwright JS rendering + Readability extraction. Pay 0.05 USDC, get clean markdown back from any URL including SPAs and JS-heavy sites that naive fetch cannot crawl.
curl -X POST https://app.heinrichstech.com/v1/cdp/render-pro
Render any URL with full Playwright JS rendering, then return both the current markdown snapshot AND a structured diff against the previous markdown you supply. Built for monitoring agents tracking competitor sites, docs pages, pricing changes, or any change-detection workflow.
curl -X POST https://app.heinrichstech.com/v1/cdp/web-diff
Pay 0.005 USDC, hand in 1..5 EVM addresses, get back per-address native ETH + USDC holdings on Base mainnet plus a top-level totals rollup. Built for agents tracking treasury splits across multiple wallets or pre-flighting a counterparty across known addresses.
curl -X POST https://app.heinrichstech.com/v1/cdp/portfolio-scan
Pay 0.001 USDC, get a normalised JSON view of any RSS 2.0 or Atom 1.0 feed. One shape regardless of protocol: feed metadata plus an items array with HTML-stripped content snippets. Capped at 2MB body and 10s timeout, SSRF-blocked. Built for agents monitoring news, releases, blog updates, GitHub release feeds, status pages, podcasts.
curl -X POST https://app.heinrichstech.com/v1/cdp/rss
Pay 0.005 USDC, hand in a domain, get back the canonical site URL list discovered via robots.txt + sitemap.xml + sitemapindex chain. Returns a flat deduped list of {loc, lastmod, changefreq, priority} entries capped at 5000 URLs per call, with sitemapindex follow-through capped at 5 child sitemaps. SSRF-blocked, body-capped at 5MB, 10s timeout. Built for crawlers, SEO auditors, and agents that enumerate URLs before paying for the heavier render-pro extraction.
curl -X POST https://app.heinrichstech.com/v1/cdp/sitemap
Pay 0.005 USDC, get the parsed whois record for any domain — registrar, creation/updated/expiry dates, name servers, status flags, plus the raw whois text. Two-hop resolution via whois.iana.org then the authoritative registry over TCP port 43. 5s timeout cap per connection. Built for agents auditing domain ownership, monitoring expiry, or pre-flighting a target.
curl -X POST https://app.heinrichstech.com/v1/cdp/whois
Pay 0.001 USDC, get a VADER-style sentiment score for any English text blob — compound polarity in [-1, 1], a positive|neutral|negative label, a proportional breakdown across the three classes, and the token count. No LLM inference, deterministic output, sub-cent per call. Curated ~180-word lexicon with negation handling (×-0.74 within 3 tokens) and booster amplification (very/really/extremely ×1.293). Input capped at 10000 chars; tokenisation capped at 2000 tokens. Built for agents triaging support tickets, social mentions, review feeds, or chat transcripts before routing.
curl -X POST https://app.heinrichstech.com/v1/cdp/sentiment
Pay 0.005 USDC, send a URL, get the structured OpenGraph + meta-tag preview every link-preview / social-card / classify-before-scrape pipeline needs. Returns og:title, og:description, og:image, og:type, og:site_name, og:url, the full twitter:* card block, plus standard HTML head fields (title, description, canonical, favicon, lang). Pure JS regex extraction, no LLM, no headless browser. 8s timeout, 512 KB body cap, non-HTML rejected. The lightweight pre-flight before paying for the heavier render-pro extraction.
curl -X POST https://app.heinrichstech.com/v1/cdp/og-card
Pay 0.01 USDC, send a YouTube URL (youtube.com or youtu.be), get the full transcript as an array of {start, dur, text} segments in seconds plus total duration and detected language. Optional `lang` (ISO-639-1, e.g. "en", "pt-BR") selects a non-default caption track. InnerTube Android-client path first, classic HTML scrape fallback. No LLM, no headless browser. Errors surface as 502 with reason (captions_disabled, no_captions, language_not_available, video_unavailable, rate_limited). Built for agents that summarise, classify, or search video content before paying for the heavier LLM token cost.
curl -X POST https://app.heinrichstech.com/v1/cdp/youtube
Structured risk assessment of an ERC-20 approve(spender, amount) before signing. Catches unlimited approvals to fresh contracts, EOA spenders, copycat tokens, and known-malicious contracts. Built for AI agents that handle wallets and need a programmatic gate before any token approval.
curl -X POST https://app.heinrichstech.com/v1/cdp/approval-safety
Agent pre-flight: pay 0.005 USDC, get a normalized report of every paid x402 endpoint a target URL exposes — direct 402 challenges, HTML discovery hints (<meta name="x402">, <link rel="x402">, anchor tags pointing at /bazaar.json or /.well-known/x402), and bazaar.json catalogs all collapsed into a single shape.
curl -X POST https://app.heinrichstech.com/v1/cdp/x402-discover
Buyer-side pre-flight: pay 0.005 USDC, hand in a counterparty EVM wallet, get back a 0-100 trustworthiness score plus the raw signals (settlement count, unique recipients, total USDC paid, first/last seen, wallet age) it was derived from. The score every agent should consult before accepting a payment from an unknown wallet.
curl -X POST https://app.heinrichstech.com/v1/cdp/agent-credit-score
Pay 0.005 USDC, hand in a Base-family EVM transaction hash, get back a human-readable narrative of what the tx did plus the structured signals — 4-byte selector decode of tx.input (transfer / approve / transferFrom) and ERC-20 Transfer event log decode from the receipt. Reverted txs are surfaced explicitly so a counterparty can't pass off a reverted payment as a success.
curl -X POST https://app.heinrichstech.com/v1/cdp/tx-explain
Pre-flight wallet hygiene: pay 0.005 USDC, hand in an EVM wallet, get back a go/no-go diagnosis on Base mainnet — native ETH balance for gas, USDC balance for payments, plus derived flags (lowGas, usdcDust, usdcEmpty, ready) and a recommendations list. The hygiene check every agent should run BEFORE kicking off a flow with a wallet.
curl -X POST https://app.heinrichstech.com/v1/cdp/wallet-doctor
Packaged report: pay 0.25 USDC, hand in an EVM wallet, get back a multi-section risk assessment composing wallet-doctor (gas + USDC hygiene), agent-credit-score (x402 settlement history), and a deferred approval-safety summary. Includes an overall risk grade (low|medium|high) and aggregated recommendations — the orchestration the agent would otherwise sequence by hand.
curl -X POST https://app.heinrichstech.com/v1/cdp/wallet-risk-report
Pay 0.002 USDC, inspect the SSL/TLS certificate of any hostname:port. Returns subject, issuer, validity window, SANs, SHA256 fingerprint, serial, negotiated protocol + cipher, and derived flags (valid, expired, selfSigned, daysUntilExpiry). Built on Node's built-in tls module with a 5s handshake cap. Rejects IPv4/IPv6 inputs and private/loopback hosts. Built for agents auditing TLS posture or monitoring expiry.
curl -X POST https://app.heinrichstech.com/v1/cdp/ssl-info
Pay 0.005 USDC, detect prompt-injection patterns (system-instruction override, jailbreak personas, tool/exec injection, credential exfiltration, hidden-unicode payloads) in a text blob before it reaches an LLM. Returns severity-tagged findings. Pairs with pii-redact as the sanitize-before-model pipeline. Half the price of Orac for the same coverage shape. High/critical findings carry an audit-funnel hint.
curl -X POST https://app.heinrichstech.com/v1/cdp/prompt-injection-scan
Pay 0.001 USDC, get a yes/no honeypot signal for any Base mainnet ERC-20 contract address. Single eth_getCode fetch + a static 4-byte-selector heuristic sweep (blacklist, pausable, dynamic fee, mint, owner-transfer, tiny proxy, EOA). Returns isHoneypot, 0-100 riskScore, and per-signal severity. Cacheable per (chain, address); safe to call on every token an agent considers buying or selling.
curl -X POST https://app.heinrichstech.com/v1/cdp/contract-honeypot-check
Every paid endpoint advertises an accepts[] array. The buyer chooses which (network, asset) tuple to settle on based on the wallet liquidity it actually holds. BitBooth dispatches verify and settle to the right facilitator for each chain.
Bridges Coinbase + Ripple + Stellar + Chainlink ecosystems in one HTTP request. The same paid endpoint accepts native XRP on TWO different chains (XRPL native + XRPL EVM Sidechain), USDC on FOUR (Base, Solana, XRPL native, Stellar), plus RLUSD, XLM, and LINK. Agent picks the chain it actually holds liquidity on.
LINK and XRPL EVM use a different scheme (onchain) because their tokens / chains don't ship EIP-3009. Agent submits the on-chain transfer themselves, then references the tx hash in X-PAYMENT. Self-hosted verifiers read the receipt + Transfer event log (ERC-20) or tx.value (native gas) to confirm. Pairs with Chainlink Price Feeds for USD-equivalent pricing across all chains.
Three integration paths. All free to start. You only pay when your agent calls an endpoint.
Drop the bitbooth MCP fetch package into Claude Desktop, Claude Code, Cursor, Continue, or any MCP-compatible agent. The agent's wallet handles payments automatically.
npm install @bitbooth/mcp-fetch
Hit any endpoint with curl, Node, Python, Go. Get a 402 challenge with all accepted chains, sign on the one you hold (USDC/XRP/RLUSD/XLM), retry with the X-PAYMENT header. Works with any x402 client SDK.
curl -X POST .../v1/cdp/echo
Programmatic discovery. Fetch the bazaar manifest, iterate every paid route, see every (network, asset, payTo) tuple each one accepts. Multi-chain-aware indexers walk resource.accepts[]. Legacy indexers fall back to the primary fields.
curl /bazaar.json
Standard x402 v2 protocol with multi-chain dispatch. The agent calls a paid endpoint, gets a 402 with an accepts[] array of every (chain, asset) combo, picks one it has liquidity on, signs, retries with the X-PAYMENT header. BitBooth routes verify+settle to the right facilitator for that chain.
Verified end to end on Base mainnet via the Coinbase CDP Facilitator. Multi-chain dispatch lands XRPL via T54 and Stellar via our self hosted Horizon facilitator. Funds go from the agent wallet to ours on chain. Non custodial, no intermediary holding period, sub second warm response.
Pay per call. No minimums. No commitment. Stop calling and you stop paying. The same atomic amount is advertised across the stablecoin chains so the agent picks based on liquidity, not price.
$0.001 / call
One tenth of a cent per request.
echo, json-repair, faker, llm-tool-validate, rss, dns. Pure compute, sub-second response, no external dependencies.
$0.005 / call
Half a cent per request.
x402-discover, agent-credit-score, wallet-doctor, ssl-info. Pre flight signals and discovery. The gate every agent should run before kicking off a flow.
$0.05 / call
Five cents per request.
render-pro, web-diff, approval-safety. Heavier compute (Playwright, on-chain reads, ABI decode) and security-grade workloads.
Buyer scenarios: A hobby agent at 50 calls per day spends less than a coffee per month. An indie production agent spends about $30 per month. A funded fleet at 50,000 mixed calls per day spends roughly $2,000 per month.
The cleanest agent-payment spec we've seen. Coinbase + Linux Foundation, 2025.
Agents don't fill out signup forms. They have wallets. The wallet pays. That's the protocol.
Max loss = wallet balance. Unlike API keys (unlimited subscription), an agent can't overspend.
402 challenge → USDC on Base → CDP /verify → 200 response. Round-trip is 300-400ms warm. Feels like a normal API call.
Not vaporware. Every metric below is checkable in the public repo or on-chain.
Public source at github.com/Drock91/bitbooth-docs · self-hosted catalog at /bazaar.json · listed in awesome-x402
A visual demo of the multi-chain adapter library that fires one real testnet settlement per chain in parallel. Production mainnet payments use 4 of these chains (Base, Solana, XRPL, Stellar). See the Networks section above for the full production list. BSC is wired up but waiting on a facilitator. Click Race All to run it. Testnet only. No real money moves in this demo.
Click Race All as many times as you like. Testnet wallets refuel from public faucets if they ever run dry.
Three ways to start. All free until your agent calls an endpoint.
Pick an endpoint. Hit it with curl. See the multi-chain 402 challenge come back. Sign on whichever chain your agent holds. Get the response in under a second.
View 27 endpoints →A machine readable discovery surface. Agents fetch /bazaar.json to enumerate every paid route in one pass with URL, network, asset, payTo, atomic price, and summary.
Building an agent that needs one of these wedges? I will send a five-line snippet that integrates whichever endpoint solves your problem.
Reach out →