resources/x402-endpoint-risk-corpus/e402dac0f0a0951ddbf5407d
POSTorigin + 2 sourcesqualified signals

https://x402-endpoint-risk-corpus.mtree.workers.dev/v1/x402/attack_surface_check

Check authorization binding, replay-window, paid-but-denied, catalog drift, and price-drain classes for a candidate x402 endpoint. Returns JSON. Price 0.25 USDC on Base via x402. Demo/preview: https://x402-endpoint-risk-corpus.mtree.workers.dev/demo/attack_surface_check. Contact: https://x402-endpoint-risk-corpus.mtree.workers.dev/contact.

https://x402-endpoint-risk-corpus.mtree.workers.dev/v1/x402/attack_surface_check
USE THIS RESOURCE

Start with a quote-only recipe. Payment signing stays in your project.

CODE
AI CODING TOOLS
quote-check.ts
const response = await fetch("https://x402-endpoint-risk-corpus.mtree.workers.dev/v1/x402/attack_surface_check", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify({
  "type": "http",
  "method": "POST",
  "bodyType": "json",
  "bodyFieldNames": [
    "method",
    "require_body_digest",
    "require_idempotency_key",
    "url"
  ],
  "pathParamNames": [],
  "queryParamNames": []
}),
});

console.log(response.status);
console.log(Object.fromEntries(response.headers));
console.log((await response.text()).slice(0, 1000));

// A valid 402 is a quote, not a completed paid call.

Review the provider input schema before running this non-read-only method. No payment code is included.

STATUS HISTORY

  1. Exact route checked

    not safely testable · potentially-mutating-method:POST

  2. Origin reachable

    HEAD https://x402-endpoint-risk-corpus.mtree.workers.dev/ returned 200.

  3. Observed in cdp-bazaar

    The registry record was observed and retained with provenance.

  4. Observed in 402-index

    Discovered through bazaar.

  5. Registry record checked

    Registry health: healthy.

EVIDENCE

cdp-bazaarobserved 2026-07-10 · https://api.cdp.coinbase.com/platform/v2/x402/discovery/resources
402-indexobserved 2026-07-10 · https://402index.io/api/v1/services
origin checkHEAD https://x402-endpoint-risk-corpus.mtree.workers.dev/ → 200 on 2026-07-10
route quotenot invoked automatically · potentially-mutating-method:POST · 2026-07-10

Each record has an exact-route quote outcome. Unresolved templates and potentially mutating methods are labeled instead of being invoked without provider-specific test input. A quote is still separate from a settled paid call.

PAYMENT OPTIONS

eip155:8453exact250000 atomic · 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
x402-endpoint-risk-corpus POST x402/attack_surf… · TOLL·402