Sponsor: MetaMask - Trade prediction markets on mobile, powered by Polymarket.
This week, 
Coinbase launched agentic.market, a storefront surfacing x402 endpoints to make the ecosystem more discoverable.
Browse it and you'll find live, metered access to a wide range of services, from onchain tools to mainstream APIs. Some endpoints are offered directly by the original provider. Many arrive via third parties: companies wrapping existing APIs in x402 (and/or MPP) and packaging them as agent-ready toolkits, accessible through a single connection for a small fee.
That second arrangement complicates things. Among those third-party-originated endpoints featured on Agentic Market are services for Wolfram Alpha, Google Flights, and Amadeus, a widely-used travel data platform. I focus on these three because none of the platforms have themselves announced an x402 integration, and their terms of service make it unlikely they've authorized a third party to build one on their behalf.
Every endpoint indexed on Agentic Market can either be first-party (the original provider offering their own API directly), third-party authorized (a reseller with explicit permission, usually through a formal certification or partnership program), or third-party unauthorized (a company reselling API access it pays for without permission to do so).
Across the marketplace, and the entire x402 ecosystem overall, there's no way to immediately tell which is which, with many seemingly falling into that last bucket.
What the Contracts Say
As mentioned, these three providers' terms make unauthorized third-party arrangements appear likely, and in some cases rule out other setups entirely.
Wolfram Alpha explicitly prohibits "resellers and aggregators," bans scraping or data mining by any means, and bars selling or sublicensing the service without permission. The terms don't appear to leave room for an authorized third-party path at all. And, when looking at the endpoint's Quick Start guide, it's clear this is not a first-party integration.
Amadeus's Master Subscription Services Agreement grants customers access strictly for internal business purposes and prohibits any attempt to "rent, lease, distribute, sell, resell, assign, or otherwise transfer" their access rights. Any third-party connection requires certification by Amadeus, documented in a formal Service Order, meaning that's the only route to third-party authorized status, and whether any current endpoint meets it isn't visible from the outside.
Google is the sharpest case. Google Flights has no public API, and Google protects its data aggressively.
Yet, a third-party wrapper shown on Agentic Market is packaging access to Google Flights data, sourced via SerpApi - a company Google is actively suing for scraping Search results and reselling access to them. Google's complaint alleges SerpApi built tools to bypass access controls, sends "hundreds of millions" of artificial requests per day to scrape, and resells copyrighted content embedded in Search.
So, Google is suing SerpApi for reselling copyrighted content and bypassing their access controls. At the same time, SerpApi is having its service wrapped by an agentic toolkit provider who’s providing it to agents and collecting fees for that provision. Food for thought.
What Compliance Looks Like
It doesn't take a legal expert to see these dynamics are "tricky." The good news is that a cleaner model already exists.
MPP, the agentic payments protocol 
Tempo launched alongside its mainnet, shipped with 100+ compatible services on day one. Providers that integrated MPP directly - Parallel, Stripe Climate, Browser Base, and others - are marked with a green circle on their card, showcasing first-party status.
Two(ish) weeks ago, Exa, a popular AI research tool, announced native x402 support across its search and contents endpoints - going first-party, partnering with Coinbase, and citing x402's governance under the Linux Foundation as a reason for choosing it over a proprietary route.
The Inevitable Outcome
Right now, whether a given endpoint is first-party, third-party authorized, or third-party unauthorized isn't visible from the outside. That's a solvable problem, and MPP's service directory - which makes the provenance of each integration legible - is a step in that direction.
Unauthorized scraping already strains providers in ways they can measure: server load, bandwidth costs, traffic they never agreed to serve. A third party wrapping that scraped data in x402 and collecting fees for it adds insult to injury. The provider bears the cost and sees none of the revenue.
It's worth being precise about where the problem actually lives. x402 is an open protocol - the same way any developer can build on HTTP, any developer can build on x402. The payment rail has no visibility into whether upstream data was obtained with authorization. The accountability sits with those packaging these endpoints for consumption.
If there's no accountability, it could poison the well for x402 broadly - turning potential native integrators into adversaries, rather than participants. That revenue belongs to the providers. Native integration is how they claim it, and how x402 earns the legitimacy it needs to grow.
Tool spotlight: With builders backed by Microsoft's m12 venture arm, Dreamspace just opened to the public as a vibe coding suite for 
Base apps.
The platform uses the Space and Time "data blockchain" to power its backend and lets users build apps for Base or other EVM chains using simple text prompts. Not only will it create your smart contracts, but it will also audit your code and generate a streamlined frontend.
If you have app ideas but have been blocked by not knowing Solidity, this one's certainly one new viable avenue to consider exploring.
What else is new...
- Bankr launches two new skills, bankr-twitter-agent, for running Twitter agents, and bankr-token-scam-analysis, for analyzing tokens for scam and rug risks
- Birdeye's x402 support so agents can pay for fetching real-time onchain data
- CoinMarketCap MCP for equipping agents with knowledge around +48M tokens
Plus, this week's headlines...
🤖 News
- diid — Unveiled Automate Attention, an art project featuring a fully onchain LLM customized on Jack Butcher tweets.
- EigenCloud — Launched transit402, giving agents real-time access to NYC MTA arrivals, bus predictions, and Citi Bike availability.
- Gensyn — Launched Delphi, a permissionless AI-settled information markets platform.
- 🔥 Herodotus — Launched Risklayer in early beta, an platform to score and automate DeFi risk intelligence using AI.
- OpenGradient — Launched on Base: a network providing verifiable AI inference, accessible via x402.
- 🔥 OpenCover — Partnered with Vaults.fyi to bring insurance coverage natively into the vault browsing UI. Users can see which DeFi yield vaults have coverage, and access Vaults.fyi's API via x402.
- USD.AI — Rolled out its governance and utility token, CHIP.
- Venice — Released Venice Skills repo with 19 SKILL.md folders covering the full Venice API suite including chat, image generation, audio, video, x402, and crypto RPC.
📚 Reads
- 🔥 Nick Sawinyh — Bittensor and TAO
- jordy — OpenClaw vs. Hermes
- Gregor Zunic — The Bitter Lesson of Agent Harnesses
- Nader Dabit — Paying Down Tech Debt with Agents
- Aparna Dhinakaran — Sandboxes Are the Servers of the Harness Era
a16z crypto — The Missing Infrastructure for AI Agents
Trade the outcomes of real-world events across sports, politics, crypto, finance, all on mobile—with prediction markets on MetaMask, powered by Polymarket. No KYC, total self-custody, and simple two-tap trades.
