Subscribe to Bankless or sign in
This week, 
Coinbase launched agentic.market, a storefront for x402 designed to make endpoints more discoverable and easier to surface.
Browse it and you'll find live, metered access to a wide range of services, from onchain tools to mainstream APIs. Some endpoints are offered directly by the original provider. Others come through third parties: companies wrapping existing APIs in x402 (and/or MPP) and packaging them as agent-ready toolkits, accessible through a single connection for a small fee.
That second arrangement complicates things. Among these third-party-originated endpoints on Agentic Market are services for Wolfram Alpha, Google Flights, and Amadeus, a widely-used travel data platform. I focus on these three because none of the platforms have themselves announced an x402 integration, and their terms of service make it unlikely they've authorized a third party to build one on their behalf.
Every endpoint on Agentic Market is either first-party (the original provider offering their own API directly), third-party authorized (a reseller with explicit permission, usually through a formal certification or partnership program), or third-party unauthorized (a company reselling API access it pays for without permission to do so).
Across the marketplace and the entire x402 ecosystem overall, there's no way to immediately tell which is which, with many third-party wrappers seemingly falling into that last bucket.
Introducing Agentic(dot)Market, the homepage of the agent economy.
— nick.base.eth 🛡 (@Nick_Prince12) April 20, 2026
- Monitor agentic commerce trends
- Discover services for your agent to buy
- Sell your services to agents
Thousands of services. Zero API keys. Powered by x402. https://t.co/dgrNV73MAJ pic.twitter.com/0QU9Bpb3kG
What the Contracts Say
As I mentioned, these three providers' terms make unauthorized third-party arrangements appear likely, and in some cases rule out authorized third parties entirely.
Wolfram Alpha explicitly prohibits "resellers and aggregators," bans scraping or data mining by any means, and bars selling or sublicensing the service without permission. The terms don't appear to leave room for an authorized third-party path at all. And when looking at the endpoint's Quick Start guide, it's clear this is not a first-party integration.
Amadeus's Master Subscription Services Agreement grants customers access strictly for internal business purposes and prohibits any attempt to "rent, lease, distribute, sell, resell, assign, or otherwise transfer" their access rights. Any third-party connection requires certification by Amadeus, documented in a formal Service Order, meaning that's the only route to third-party authorized status, and whether any current endpoint meets it isn't visible from the outside.
Google is the sharpest case. Google Flights has no public API, and Google protects its data aggressively.
On Agentic Market, a third-party wrapper is packaging access to Google Flights data sourced via SerpApi - a company Google is actively suing for scraping Search results and reselling access to them. Google's complaint alleges SerpApi built tools to bypass access controls, sends "hundreds of millions" of artificial requests per day to scrape, and resells copyrighted content embedded in Search.
So, Google is suing SerpApi for reselling copyrighted content and bypassing their access controls. At the same time, SerpApi is having its service wrapped by an agentic toolkit provider who’s providing it to agents and collecting fees for that provision. Food for thought.
What Compliance Looks Like
It doesn't take a legal expert to see these dynamics are "tricky." The good news is that a cleaner model already exists.
MPP, the agentic payments protocol Tempo launched alongside its mainnet, shipped with 100+ compatible services on day one. Providers that integrated MPP directly - Parallel, Stripe Climate, Browser Base, and others - are marked with a green circle on their card, showcasing first-party status.
Two(ish) weeks ago, Exa, a popular AI research tool, announced native x402 support across its search and contents endpoints - going first-party, partnering with Coinbase, and citing x402's governance under the Linux Foundation as a reason for choosing it over a proprietary route.
We're excited to partner with @coinbase to enable agents to natively pay for web search, via x402!
— Exa (@ExaAILabs) April 7, 2026
x402 is an open protocol that enables agents to pay via HTTP, governed by the Linux Foundation. When an Exa API request is made without an API key, Exa now returns a 402 status… pic.twitter.com/lWvioY7TVG
The Inevitable Outcome
Right now, whether a given endpoint is first-party, third-party authorized, or third-party unauthorized isn't visible from the outside. That's a solvable problem, and MPP's service directory - which makes the provenance of each integration legible - is a step in that direction.
Unauthorized scraping already strains providers in ways they can measure: server load, bandwidth costs, traffic they never agreed to serve. A third party wrapping that scraped data in x402 and collecting fees for it adds insult to injury. The provider bears the cost and sees none of the revenue.
If that's how this plays out at scale, it poisons the well for x402 broadly - turning potential native integrators into adversaries instead of participants. That revenue belongs to the providers. Native integration is how they claim it, and how x402 earns the legitimacy it needs to grow.
