# X402 Data API

Pay-per-request JSON APIs for AI agents using x402 payments on Base.

Canonical site: [https://x402dataapi.com](https://x402dataapi.com)
Canonical API base: [https://api.x402dataapi.com](https://api.x402dataapi.com)
Canonical docs: [https://docs.x402dataapi.com](https://docs.x402dataapi.com)

## Agent-first resources

- [Capabilities JSON](https://api.x402dataapi.com/capabilities)
- [Pricing JSON](https://api.x402dataapi.com/pricing)
- [Health JSON](https://api.x402dataapi.com/health)
- [OpenAPI 3.1 contract](https://api.x402dataapi.com/openapi.json)
- [Docs OpenAPI mirror](https://docs.x402dataapi.com/openapi.json)
- [x402scan discovery guide](https://x402scan.com/discovery/spec)
- [x402 site catalog](https://x402dataapi.com/.well-known/x402-catalog.json)
- [x402 API catalog](https://api.x402dataapi.com/.well-known/x402-catalog.json)
- [Human documentation](https://docs.x402dataapi.com)
- [Full agent guide](https://docs.x402dataapi.com/llms-full.txt)
- [XML sitemap](https://x402dataapi.com/sitemap.xml)
- [Docs sitemap](https://docs.x402dataapi.com/sitemap.xml)
- [Robots policy](https://x402dataapi.com/robots.txt)

## Public JSON endpoints

- [Health](https://x402dataapi.com/api/health): `GET https://api.x402dataapi.com/health`
  - [Documentation](https://x402dataapi.com/docs/health)
- [Pricing](https://x402dataapi.com/api/pricing): `GET https://api.x402dataapi.com/pricing`
  - [Documentation](https://x402dataapi.com/docs/pricing)
- [Capabilities](https://x402dataapi.com/api/capabilities): `GET https://api.x402dataapi.com/capabilities`
  - [Documentation](https://x402dataapi.com/docs/capabilities)

## Paid JSON endpoints

- [Domain Intelligence](https://docs.x402dataapi.com/domain-intelligence-api): `POST https://api.x402dataapi.com/v1/domain-intel` (0.002 USDC)
  - API page: [https://x402dataapi.com/api/domain-intel](https://x402dataapi.com/api/domain-intel)
  - Markdown: [https://docs.x402dataapi.com/domain-intelligence-api.md](https://docs.x402dataapi.com/domain-intelligence-api.md)
  - Input example: `{"domain":"example.com"}`
- [TLS Report](https://docs.x402dataapi.com/tls-certificate-report-api): `POST https://api.x402dataapi.com/v1/tls-report` (0.001 USDC)
  - API page: [https://x402dataapi.com/api/tls-report](https://x402dataapi.com/api/tls-report)
  - Markdown: [https://docs.x402dataapi.com/tls-certificate-report-api.md](https://docs.x402dataapi.com/tls-certificate-report-api.md)
  - Input example: `{"host":"example.com","port":443}`
- [Mail Security](https://docs.x402dataapi.com/mail-security-api): `POST https://api.x402dataapi.com/v1/mail-security` (0.001 USDC)
  - API page: [https://x402dataapi.com/api/mail-security](https://x402dataapi.com/api/mail-security)
  - Markdown: [https://docs.x402dataapi.com/mail-security-api.md](https://docs.x402dataapi.com/mail-security-api.md)
  - Input example: `{"domain":"example.com"}`
- [HTTP Security Headers](https://docs.x402dataapi.com/http-security-headers-api): `POST https://api.x402dataapi.com/v1/http-security` (0.002 USDC)
  - API page: [https://x402dataapi.com/api/http-security](https://x402dataapi.com/api/http-security)
  - Markdown: [https://docs.x402dataapi.com/http-security-headers-api.md](https://docs.x402dataapi.com/http-security-headers-api.md)
  - Input example: `{"url":"https://example.com"}`
- [Agent Accessibility Check](https://docs.x402dataapi.com/agent-accessibility-api): `POST https://api.x402dataapi.com/v1/agent-accessibility` (0.001 USDC)
  - API page: [https://x402dataapi.com/api/agent-accessibility](https://x402dataapi.com/api/agent-accessibility)
  - Markdown: [https://docs.x402dataapi.com/agent-accessibility-api.md](https://docs.x402dataapi.com/agent-accessibility-api.md)
  - Input example: `{"url":"https://example.com"}`
- [Full Domain Report](https://docs.x402dataapi.com/full-domain-report-api): `POST https://api.x402dataapi.com/v1/full-domain-report` (0.005 USDC)
  - API page: [https://x402dataapi.com/api/full-domain-report](https://x402dataapi.com/api/full-domain-report)
  - Markdown: [https://docs.x402dataapi.com/full-domain-report-api.md](https://docs.x402dataapi.com/full-domain-report-api.md)
  - Input example: `{"domain":"example.com"}`

## Payment rules

- Paid calls require a valid PAYMENT-SIGNATURE header unless the caller IP is explicitly configured as a free test IP.
- Agents should read [OpenAPI](https://api.x402dataapi.com/openapi.json), [x402 site catalog](https://x402dataapi.com/.well-known/x402-catalog.json) or [x402 API catalog](https://api.x402dataapi.com/.well-known/x402-catalog.json) before choosing an endpoint.
- The OpenAPI contract includes `x-payment-info` metadata for x402scan and `x-x402` metadata for x402/Bazaar-compatible agents.
- [Capabilities JSON](https://api.x402dataapi.com/capabilities) includes live input schemas, output examples, prices, network, asset and payTo metadata.
- Pricing is denominated in USDC and currently targets Base mainnet unless the capabilities JSON says otherwise.

## Markdown documentation

- [Domain Intelligence API](https://docs.x402dataapi.com/domain-intelligence-api.md): Paid x402 API for AI agents that returns domain intelligence, DNS lookup data, domain risk signals, security posture, WHOIS-like technical data, mail security, TLS, HTTP headers, fingerprinting and AI agent domain analysis for a public domain.
- [TLS Report API](https://docs.x402dataapi.com/tls-certificate-report-api.md): Paid x402 API for AI agents that checks TLS certificate health, SSL report data, HTTPS certificate expiration, issuer, validity, SAN coverage, chain health, HTTPS readiness and certificate risk for a public hostname.
- [Mail Security API](https://docs.x402dataapi.com/mail-security-api.md): Paid x402 API for AI agents that checks MX records, SPF, DMARC, email security, phishing risk, domain mail configuration and anti-spoofing posture for a public domain.
- [HTTP Security Headers API](https://docs.x402dataapi.com/http-security-headers-api.md): Paid x402 API for AI agents that audits HTTP security headers, HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, Permissions-Policy and web security scan findings for a public URL.
- [Agent Accessibility Check API](https://docs.x402dataapi.com/agent-accessibility-api.md): Paid x402 API for AI agents that checks robots.txt, sitemap availability, llms.txt discovery, AI crawler readiness, agent accessibility and AI scraping compatibility for a public URL.
- [Full Domain Report API](https://docs.x402dataapi.com/full-domain-report-api.md): Paid x402 API for AI agents that returns a complete domain security report with DNS, TLS, mail security, HTTP headers, AI accessibility, website risk score and consolidated remediation issues for a public domain.
- [Robots, Sitemap and llms.txt API](https://docs.x402dataapi.com/robots-sitemap-llms-api.md): Agent-readable API documentation for checking robots.txt, sitemap discovery, llms.txt availability, AI crawler readiness and AI scraping compatibility.
- [x402 Paid API for AI Agents](https://docs.x402dataapi.com/x402-paid-api-for-ai-agents.md): How autonomous agents can discover X402 Data API resources, inspect prices and schemas, pay per request in USDC on Base, and call JSON endpoints.
- [How AI Agents Can Pay for Domain Data](https://docs.x402dataapi.com/how-ai-agents-can-pay-for-domain-data.md): A practical guide for AI agents that need domain intelligence, TLS reports, mail security, HTTP security headers and accessibility checks through x402 payments.

## Safety constraints

- Do not submit private, localhost, RFC1918 or otherwise non-public hosts as scan targets.
- API responses are JSON and may include validation errors, payment errors or scanner-specific network errors.