[Docs] Add comprehensive x402 payment documentation

[joaquim-verges]

---

PR-Codex overview

This PR primarily enhances the x402 payment protocol documentation, adding detailed guides for client-side and server-side implementations, alongside examples and explanations for payment handling. It also removes outdated files and improves the overall structure of the documentation.

Detailed summary

• Deleted page.tsx and x402-protocol-flow.png files.
• Updated sidebar.tsx to reflect new payment guides.
• Added client-side documentation with wrapFetchWithPayment usage.
• Expanded server-side payment handling examples.
• Introduced facilitator API documentation.
• Included middleware examples for various frameworks.
• Improved descriptions and structured content for better clarity.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • Updated Payments sidebar: added a “Guides” subgroup and expanded “x402” into a multi-link submenu (Get Started, Client Side, Server Side, Facilitator API).

• Documentation

  • Added comprehensive x402 Client, Server, and Facilitator API guides with step-by-step flows, usage examples (TypeScript & HTTP), framework integrations (Next.js, Express, Hono), pricing configuration, error-handling patterns, improved overview, and a new “Going Further” section linking key resources.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Ready	Preview	Comment	Sep 29, 2025 11:22pm

4 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
nebula	Skipped			Sep 29, 2025 11:22pm
thirdweb_playground	Skipped			Sep 29, 2025 11:22pm
thirdweb-www	Skipped			Sep 29, 2025 11:22pm
wallet-ui	Skipped			Sep 29, 2025 11:22pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: f9b75bf

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Adds three x402 documentation pages (client, server, facilitator), updates the x402 overview page (text, examples, and server handler signature changed from middleware to GET), and updates the Payments sidebar to add a Guides subgroup and replace the single x402 link with an x402 submenu containing multiple entries.

Changes

Cohort / File(s)	Summary
Sidebar navigation updates apps/portal/src/app/payments/sidebar.tsx	Adds a new "Guides" subgroup; replaces the previous single x402 link with an x402 submenu containing Get Started, Client Side, Server Side, and Facilitator API entries; adjusts ordering and labels.
x402 overview adjustments apps/portal/src/app/payments/x402/page.mdx	Title and copy edits; adds icons; refactors client and server sections (rewritten examples); replaces middleware example/entrypoint with a GET(request: Request) handler and changes header key usage (e.g., x-payment); adds "Going Further" cards.
New client documentation apps/portal/src/app/payments/x402/client/page.mdx	Adds client-side guide describing fetch wrapper (wrapFetchWithPayment), 402 detection, payment creation/signing, retry logic, TypeScript and HTTP usage examples, and parameter details.
New server documentation apps/portal/src/app/payments/x402/server/page.mdx	Adds server-side guide covering Settle Direct vs Verify-then-Settle patterns, Next/Express/Hono examples, middleware patterns, price formats, and response/header handling.
New facilitator documentation apps/portal/src/app/payments/x402/facilitator/page.mdx	Adds facilitator API guide explaining role, TypeScript and HTTP usage, examples for settle/verify/supported, middleware integrations, authentication notes, and OpenAPI references.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as User Agent
  participant R as Resource Server
  participant F as Facilitator
  participant X as x402 Backend
  participant L as Ledger

  rect rgb(238,245,255)
  note over U,R: Client requests protected resource
  U->>R: GET /resource
  R-->>U: 402 Payment Required (price, terms)
  end

  rect rgb(241,252,240)
  note over U,F: Client creates & signs payment
  U->>F: createPayment(terms)
  F->>X: verify(proof)
  X-->>F: verified
  F->>X: settle(payment)
  X->>L: submit tx
  L-->>X: confirmation
  X-->>F: settlement result
  F-->>U: payment receipt
  end

  rect rgb(255,249,235)
  note over U,R: Client retries request with payment
  U->>R: GET /resource (with payment headers)
  R->>X: verify/settle as needed
  X-->>R: ok
  R-->>U: 200 OK (resource)
  end

Loading

sequenceDiagram
  autonumber
  participant R as Resource Server
  participant X as x402 Backend
  participant F as Facilitator

  opt Verify then Settle
    R->>X: verify(request headers)
    X-->>R: verified | error
    alt verified
      R->>X: settle(payment)
      X-->>R: settled | failed
    end
  end

  opt Direct Settle
    R->>X: settle(payment)
    X-->>R: settled | failed
  end

  note over R,F: Facilitator can encapsulate verify/settle and manage wait states (simulated/submitted/confirmed)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description includes only the commented template and a generic PR-Codex overview without filling in required sections like the formatted title line, issue tag, “Notes for the reviewer,” or “How to test” guidance, so it does not adhere to the repository’s description template.	Please remove the PR-Codex placeholder block and populate the description template by adding the formatted title header, branch or issue tag, a detailed “Notes for the reviewer” section, and clear “How to test” instructions.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “[Docs] Add comprehensive x402 payment documentation” clearly and concisely summarizes the primary change of adding extensive x402 payment guides and examples across the portal, making the main intent of the PR immediately apparent to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch _Docs_Add_comprehensive_x402_payment_documentation

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3a3bd49 and f9b75bf.

⛔ Files ignored due to path filters (1)

• apps/portal/src/app/payments/x402/server/x402-protocol-flow.png is excluded by !**/*.png

📒 Files selected for processing (5)

• apps/portal/src/app/payments/sidebar.tsx (1 hunks)
• apps/portal/src/app/payments/x402/client/page.mdx (1 hunks)
• apps/portal/src/app/payments/x402/facilitator/page.mdx (1 hunks)
• apps/portal/src/app/payments/x402/page.mdx (3 hunks)
• apps/portal/src/app/payments/x402/server/page.mdx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• apps/portal/src/app/payments/x402/server/page.mdx
• apps/portal/src/app/payments/x402/client/page.mdx

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/portal/src/app/payments/sidebar.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/portal/src/app/payments/sidebar.tsx

🧠 Learnings (1)

📚 Learning: 2025-08-20T10:35:18.543Z

Learnt from: jnsdls
PR: thirdweb-dev/js#7888
File: apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/payments/page.tsx:77-81
Timestamp: 2025-08-20T10:35:18.543Z
Learning: The webhooks/payments route exists at apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/webhooks/payments/page.tsx and was added as part of the unified project layout changes.

Applied to files:

• apps/portal/src/app/payments/sidebar.tsx

🪛 Gitleaks (8.28.0)

apps/portal/src/app/payments/x402/facilitator/page.mdx

[high] 296-298: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

---

[high] 306-308: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

---

[high] 257-257: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Size
• GitHub Check: Analyze (javascript)

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[joaquim-verges]

• [Docs] Add comprehensive x402 payment documentation #8149 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.28%. Comparing base (496615f) to head (f9b75bf).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8149      +/-   ##
==========================================
- Coverage   56.29%   56.28%   -0.01%     
==========================================
  Files         906      906              
  Lines       59208    59208              
  Branches     4177     4176       -1     
==========================================
- Hits        33329    33324       -5     
- Misses      25774    25779       +5     
  Partials      105      105              

Flag	Coverage Δ
packages	56.28% <ø> (-0.01%)	⬇️
see 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	64.69 KB (0%)	1.3 s (0%)	253 ms (+71.31% 🔺)	1.6 s
thirdweb (cjs)	361.52 KB (0%)	7.3 s (0%)	1.3 s (+5.31% 🔺)	8.6 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	85 ms (+1142.51% 🔺)	199 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	29 ms (+557.2% 🔺)	39 ms
thirdweb/react (minimal + tree-shaking)	19.14 KB (0%)	383 ms (0%)	125 ms (+1955.5% 🔺)	508 ms

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

apps/portal/src/app/payments/sidebar.tsx (1)

69-89: Name nit: consider “Overview” instead of another “Get Started”.

You now have “Get Started” at the Payments root and inside the x402 submenu. Renaming the x402 entry to “Overview” avoids duplicate labels in breadcrumbs/search.

apps/portal/src/app/payments/x402/client/page.mdx (2)

43-48: Prefer BigInt literal for clarity.

Use an explicit BigInt literal to avoid number-to-BigInt coercion.

-      BigInt(1 * 10 ** 6) // max 1 USDC
+      1_000_000n // max 1 USDC (in base units)

---

104-106: Standardize header casing to x-payment.

Other pages use x-payment. Headers are case-insensitive, but consistency helps. Update the curl example to match.

-      -H "X-PAYMENT: <base64-encoded-payment>"
+      -H "x-payment: <base64-encoded-payment>"

apps/portal/src/app/payments/x402/facilitator/page.mdx (1)

40-47: Avoid hard‑coding secret keys in samples.

Use environment variables to discourage bad practices and quiet secret scanners.

-    const client = createThirdwebClient({
-      secretKey: "your-secret-key",
-    });
+    const client = createThirdwebClient({
+      secretKey: process.env.THIRDWEB_SECRET_KEY!,
+    });

Also applies to: 78-86, 171-179, 204-211

apps/portal/src/app/payments/x402/page.mdx (1)

45-49: Prefer env var for secrets in examples.

Replace inline "your-secret-key" with process.env.THIRDWEB_SECRET_KEY to model best practices.

-const client = createThirdwebClient({ secretKey: "your-secret-key" });
+const client = createThirdwebClient({ secretKey: process.env.THIRDWEB_SECRET_KEY! });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 99c2af5 and 3a3bd49.

⛔ Files ignored due to path filters (1)

• apps/portal/src/app/payments/x402/server/x402-protocol-flow.png is excluded by !**/*.png

📒 Files selected for processing (5)

• apps/portal/src/app/payments/sidebar.tsx (1 hunks)
• apps/portal/src/app/payments/x402/client/page.mdx (1 hunks)
• apps/portal/src/app/payments/x402/facilitator/page.mdx (1 hunks)
• apps/portal/src/app/payments/x402/page.mdx (3 hunks)
• apps/portal/src/app/payments/x402/server/page.mdx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/portal/src/app/payments/sidebar.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/portal/src/app/payments/sidebar.tsx

🧠 Learnings (1)

📚 Learning: 2025-08-20T10:35:18.543Z

Learnt from: jnsdls
PR: thirdweb-dev/js#7888
File: apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/payments/page.tsx:77-81
Timestamp: 2025-08-20T10:35:18.543Z
Learning: The webhooks/payments route exists at apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/webhooks/payments/page.tsx and was added as part of the unified project layout changes.

Applied to files:

• apps/portal/src/app/payments/sidebar.tsx

🪛 Gitleaks (8.28.0)

apps/portal/src/app/payments/x402/facilitator/page.mdx

[high] 260-260: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 299-301: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

---

[high] 309-311: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

apps/portal/src/app/payments/x402/server/page.mdx (1)

1-4: Image import is valid
The file apps/portal/src/app/payments/x402/server/x402-protocol-flow.png exists, so the ./x402-protocol-flow.png import in page.mdx is correct and will not break the build.

Likely an incorrect or invalid review comment.

apps/portal/src/app/payments/x402/client/page.mdx (1)

64-65: Verify reference URL exists.

Confirm this path resolves in the generated docs nav.