First Call Free: What Weeks of 402 Telemetry Taught Us About Agent Conversion

Agents were discovering our API around the clock — monitors, directory indexers, real frameworks probing the 402 flow — and paying almost never. We audited every notification and concluded the problem wasn't technical. It was the funnel. Here are the four fixes we shipped today.

July 4, 2026 5 min read By Petteri Leinonen, Founder, AsterPay

If you run an x402 or MPP API, you get a very particular kind of traffic. Uptime monitors probing your 402 envelope every fifteen minutes. Directory crawlers keeping their catalogues fresh. Agent frameworks doing capability discovery. It all looks like interest, and none of it is a purchase decision.

When we separated that infrastructure traffic from genuinely new callers, the picture was uncomfortable but clear: real agents were reaching our paywall, reading a spec-correct 402 challenge with everything they needed to pay — and leaving. The payment rail worked. The offer didn't.

A 402 challenge is a sales page rendered as JSON. We had been treating it as an error message.

Fix 1: The shop window is now free

Our most-probed endpoint was GET /v2/x402/offramp/estimate — the USDC-to-EUR settlement estimate. It cost $0.005. That was exactly backwards: the estimate is the shop window, and the 0.5% fee on the settlement itself is the product. Nobody charges you to look at the menu.

curl "https://x402.asterpay.io/v2/x402/offramp/estimate?amount=100"
# → 200, free
# { "outputAmount": 91.83, "outputCurrency": "EUR",
#   "estimatedDelivery": "10 seconds (SEPA Instant)" }

Locking a rate (POST /v2/x402/offramp/quote) stays paid — that is where a caller signals real intent.

Fix 2: First call free, per wallet

The deepest friction in machine payments isn't price, it's the first commitment. An agent (or its developer) has to wire up a wallet, sign an EIP-3009 authorization, and spend real money on an API it has never seen return a byte.

So we removed the spend from the first step. If a payer wallet has never paid AsterPay before, its first call to any endpoint priced at $0.02 or less works like this:

Why this doesn't get farmed: verification requires the wallet to actually hold the USDC it signed for. Spinning up throwaway wallets means funding every one of them — at which point you may as well pay the two cents. One free call per wallet, persisted server-side.

For us, a first-call-free grant is also the highest-intent signal our telemetry can produce: a funded wallet that took the trouble to sign a valid authorization is not a crawler.

Fix 3: Show the goods inside the 402

Before today, our 402 told an agent everything about how to pay and nothing about what it would get. Now every challenge on our main endpoints embeds an example_response — a short, truthful sample of the 200 body:

HTTP/1.1 402 Payment Required
{
  "accepts": [ ... ],
  "example_response": {
    "prices": { "BTC": 109432.5, "ETH": 3921.14, "SOL": 212.87 },
    "sources": 3
  },
  "first_call_free": {
    "eligible_endpoint": true,
    "how": "Retry with a normally signed PAYMENT-SIGNATURE...",
    "one_per_wallet": true
  }
}

An agent evaluating ten APIs for a task can now rank ours on actual output structure instead of a one-line description. That is the difference between being indexed and being chosen.

Fix 4: Sell what only we have

Commodity data doesn't convert — an agent can get crypto prices in fifty places. What converts is data with no substitute. So the scan that powers the agent-readiness checker on our homepage is now a machine-callable paid endpoint:

GET /v2/x402/agent-readiness?url=example.com   # $0.02 via x402/MPP
# → { "score": 60, "bucket": "partial",
#     "signals": { "discoverable": ..., "payable": ... },
#     "top_gaps": [{ "label": "Agents can't pay you yet" }] }

It scores any public site 0–100 on MCP transport, agent.json, llms.txt, OpenAPI validity and x402 payability — the same published methodology, SSRF-guarded, priced inside the first-call-free window so trying it is free.

The meta-lesson

Machine customers read everything and forgive nothing. A human developer might tolerate a paywalled estimate, an opaque 402, and a "trust us" value proposition, because a landing page talked them into it. An agent just moves to the next entry in the directory. In agent commerce, your protocol surface is your marketing.

Try it — the first call is on us

No sign-up, no API key. Hit a paid endpoint, read the 402, retry with a signed payment.

See what changed → API docs