Trust Score
Overview
Every API in the x402 Relay catalog receives a Trust Score (0-100) that helps AI agents make informed decisions about which APIs to use.
Scoring Factors
| Factor | Weight | Description |
|---|---|---|
| Protocol Compliance | 30% | Valid HTTP 402 response with correct payment-required headers |
| Uptime | 25% | Historical availability based on health check probes |
| On-chain Activity | 25% | Transaction count and volume on Base chain |
| Community Signals | 20% | GitHub activity, documentation quality |
Score Tiers
| Score | Tier | Badge | Meaning |
|---|---|---|---|
| 80-100 | Excellent | 🟢 | Highly trusted, significant on-chain history |
| 60-79 | Good | 🟡 | Verified and reliable |
| 40-59 | Fair | 🟠 | Limited history, but functional |
| 0-39 | Low | 🔴 | New or unreliable |
Verification Levels
Tier 1: Protocol Verified (Current)
- HTTP 402 response confirmed
payment-requiredheader format validatedpayTo,network,price,assetfields extracted
Tier 2: Payment Verified (Planned)
- Small test payment sent and confirmed
- Response quality evaluated after payment
- Refund behavior tested
Tier 3: Audit Verified (Planned)
- Manual or automated security audit
- API behavior consistency over time
- Community vouching / staking
Spam Detection (Phase 1)
x402 Relay automatically screens all discovered APIs for spam and malicious behavior. Services that fail critical checks are suspended (Trust Score set to 0, hidden from directory).
Detection Layers
| Layer | What it checks | Result |
|---|---|---|
| Domain Validation | Google Safe Browsing API, domain age (RDAP), SSL certificate validity | Threat match → suspended. Domain < 7 days old → warning flag |
| Payment Address Validation | Duplicate address detection (≥3 services sharing same address), EOA vs contract check (Base RPC) | ≥3 duplicates → suspended as spam suspect |
| Response Validation | Empty/meaningless 402 response body (honeypot detection), clone spam detection (>5 sibling endpoints) | Empty body → suspended. Clone spam → warning flag |
Service Statuses
| Status | Meaning |
|---|---|
active | Responding correctly, passes all checks |
inactive | Not responding or returning errors |
unverified | Newly discovered, not yet checked |
suspended | Failed spam detection — hidden from directory, Trust Score = 0 |
Appealing a Suspension
If your service is incorrectly suspended, ensure it:
- Returns a valid JSON body with
paymentAddress,network, andpricefields on 402 responses - Uses a unique payment address (not shared across many unrelated services)
- Is hosted on a domain with a valid SSL certificate and not flagged by Safe Browsing
The next crawl cycle will automatically re-evaluate and restore the service if all checks pass.
Improving Your Score
- Ensure proper 402 responses — Follow the x402 Protocol guide
- Maintain uptime — x402 Relay probes every hour
- Build on-chain history — More successful transactions = higher score
- Open-source your code — GitHub activity contributes to community signals