Industry analysis · 2026-05-07

x402 in production: pay.sh.

On 2026-05-05 the Solana Foundation and Google Cloud launched pay.sh — a payment gateway that lets autonomous agents discover and call paid APIs using x402 over Solana. Gemini, BigQuery, BigTable, Cloud Run, and Vertex AI ship as x402-payable endpoints behind it. This is the largest enterprise endorsement x402 has received. It is also Solana-only, and the regulated counterparty layer is left blank by design — which is where Stable402 fits.

Reading note. Quotations on this page are taken verbatim from the Solana Foundation announcement and the public pay.sh/docs overview. We are not affiliated with the Solana Foundation, Google Cloud, or pay.sh. This is independent analysis for the x402 practitioner audience.

Section 1

What pay.sh is.

A hosted payment gateway plus an open-source CLI plus a facilitator catalog. The agent holds a Solana wallet; the gateway proxies requests to API providers; the agent pays per call in "stablecoins on Solana"; providers receive fiat. The CLI wraps existing tools — the docs example is pay --sandbox curl https://payment-debugger.vercel.app/mpp/quote/AAPL — and "detects MPP or x402 payment challenges, asks the local wallet to authorize signing, and retries the request with a payment proof."

Launched

2026-05-05

Solana Foundation in collaboration with Google Cloud. Hosted on GCP.

Settlement

Solana · stablecoins

Specific stablecoins are not named in the launch materials. Providers receive fiat.

Launch facilitators

Eight

PayAI, Crossmint, Merit Systems, Corbits, MoonPay, Sponge Wallet, ATXP, Tektonic.

AI clients supported

Five named

Gemini, Claude Code, Codex, Openclaw, Hermes.

The catalog spans four buckets — eCommerce (Rye, BigCommerce, Purch), Data and intelligence (Exa, Dune Analytics, Nansen, ATXP), Communications (AgentMail, StablePhone, StableEmail), and Solana Infrastructure (Helius, Alchemy, Quicknode, Allium, The Graph) — plus the Google Cloud APIs themselves: Gemini Inference, BigQuery, BigTable, Cloud Run, Vertex AI Model Garden, all shipped as x402-payable endpoints.

Section 2

The protocol posture.

pay.sh is built on x402 and MPP — what its docs call "machine-native payment protocols designed for agent-to-API commerce." The CLI "detects MPP or x402 payment challenges" and either is acceptable as a payment-required signal. The pay.sh docs explicitly endorse the open-standards posture: "we believe in supporting open rails that any developer, protocol, or facilitator can extend and build on."

This is the load-bearing line for x402's industry standing. Two days ago x402 was "Coinbase's pet protocol." Today it is the payment standard for a Solana-Foundation-and-Google-Cloud gateway with Gemini, Vertex AI, BigQuery, BigTable, and Cloud Run shipping behind it. The vocabulary — facilitator, challenge, payment proof, HTTP 402 — matches Coinbase's original x402 specification verbatim. Stable402 mirrors that vocabulary precisely. We ride the standards alignment rather than fork it.

Agent Wallet · CLI Gateway / Facilitator Detects challenge type Authorizes · settles · proxies pay.sh · CDP · Cloudflare x402 challenge HTTP-native · cross-chain MPP challenge Solana-native sibling API provider Resource · paid endpoint request x402 MPP authorized

The gateway is the layer that decides; the challenge type is interchangeable. pay.sh runs both x402 and MPP. The Coinbase CDP facilitator and Cloudflare's edge facilitator run x402 across EVM chains. x402 is the cross-chain HTTP-native standard; MPP is the Solana-native sibling. Both are open rails. Neither is a fork.

Section 3

What the launch names. What it leaves blank.

The single line in pay.sh's announcement that addresses compliance is this: "appropriate rate limits, quotas, and access controls so enterprise security and compliance are never compromised." That is the entire compliance posture in the public materials. The rest of the regulated counterparty layer is deliberately unspecified — by design, because it is not the gateway's job to specify it. But somebody has to.

Named in the launch

  • Wallet as the account substitute (no API keys, no signups)
  • Gateway-managed rate limits, quotas, and access controls
  • Per-request pricing, no subscriptions, no minimum spend
  • Fiat settlement to providers ("providers receive funds in fiat")
  • Sandbox networks for development testing
  • Open-source CLI and registry

Left blank in the launch

  • Who the regulated counterparty is on the fiat-out leg
  • Which entity holds the MSB / VASP designation
  • Travel Rule message handling for cross-border transfers
  • OFAC sanctions screening for agent wallets
  • Sanctioned-counterparty handling mid-flow
  • KYC posture for high-velocity micropayment volumes
  • Specific stablecoin issuer (USDC? PYUSD? unspecified)

None of this is a criticism of pay.sh. It is a payment gateway, not a regulated financial institution, and protocol-level openness is precisely why it works. But the regulated counterparty layer is where the largest stablecoin and agentic-payments incumbents — Circle, Paxos, Bridge, Catena Labs — actually live, and it is where Stable402's analysis sits. See the compliance gap map →

Section 4

Stable402's role next to pay.sh.

pay.sh is a load-bearing implementation. Stable402 is a reference. They are complementary, not competitive. Three concrete contributions Stable402 makes that pay.sh — by design — does not.

01

Multi-chain footprint, not Solana-only.

pay.sh runs on Solana. x402 is HTTP-native and chain-agnostic. The Coinbase CDP x402 facilitator runs on EVM (Base Sepolia is what Stable402's home-page demo settles to). Circle's Arc, Stripe's Tempo, and Ethereum mainnet are all x402-addressable. Stable402 is the reference that maps the full footprint across EVM, Solana, Arc, and Tempo rather than committing to one chain.

02

Compliance-aware, not compliance-silent.

Where pay.sh's compliance posture is one sentence, Stable402 ships a four-leg gap map at /compliance-gap — the agent wallet, the facilitator, the API provider, and the fiat-out leg, each labelled with the regulatory question that has to be answered before the leg goes to production. Stable402 is not the regulated counterparty. We name where the regulated counterparty has to live, and which named industry players can be that counterparty.

03

A reference layer agents can actually read.

The StablecoinAtlas is the reference layer agents will read while transacting — 56+ paths across 8 rails, MCP-callable, x402-metered. pay.sh ships the gateway; the Atlas ships the cartography. Stable402 is the live demo at the seam between them.

Section 5

Sources and further reading.

pay.sh

The gateway. The CLI. The catalog. Solana Foundation + Google Cloud, May 2026.

Solana Foundation announcement

The launch post. Source for the named entities and partner list on this page.

x402 protocol specification

The HTTP 402 Payment Required specification pay.sh implements.

Stable402 — the compliance gap map

The four-leg flow and the regulatory question at each leg.

Stable402 — built on Cloudflare

Architecture, the 40-LOC Worker, and why compliance enforcement belongs at the edge.

StablecoinAtlas.com

The cartography of compliance. 56+ paths, 8 rails, MCP-callable.

Stable402 — live demo

x402 micropayment journey, end to end. Coinbase CDP facilitator on Base Sepolia.

[email protected]

Direct contact. Fastest route for sponsor and partnership conversations.