https://api-production-2800.up.railway.app/v1/x402-risk
x402 endpoint risk preflight API by AgentSpendGuard for autonomous buyer agents before paying unknown x402 resources. Search keywords: x402 risk, x402 endpoint risk, agent payment guardrail, buyer agent spend guard, Bazaar discovery risk, API payment preflight. Checks CDP Bazaar discovery, unique payers, recent calls, price, metadata quality, network match, and returns strict JSON verdict allow/caution/block with score, reason codes, evidence, and alternatives.
Start with a quote-only recipe. Payment signing stays in your project.
const response = await fetch("https://api-production-2800.up.railway.app/v1/x402-risk", {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({
"type": "http",
"method": "POST",
"bodyType": "json",
"bodyFieldNames": [
"expectedMaxPriceUsd",
"expectedNetwork",
"resourceUrl"
],
"pathParamNames": [],
"queryParamNames": []
}),
});
console.log(response.status);
console.log(Object.fromEntries(response.headers));
console.log((await response.text()).slice(0, 1000));
// A valid 402 is a quote, not a completed paid call.Review the provider input schema before running this non-read-only method. No payment code is included.
- Exact route checked
not safely testable · potentially-mutating-method:POST
- Origin reachable
HEAD https://api-production-2800.up.railway.app/ returned 200.
- Observed in cdp-bazaar
The registry record was observed and retained with provenance.
- Observed in 402-index
Discovered through bazaar.
- Registry record checked
Registry health: healthy.
EVIDENCE
Each record has an exact-route quote outcome. Unresolved templates and potentially mutating methods are labeled instead of being invoked without provider-specific test input. A quote is still separate from a settled paid call.