Skip to main content
Some endpoints require wallet-based authentication, either on its own or alongside payment. This uses the SIWX (Sign-In With X) protocol, where your wallet signs a challenge to prove its identity.

How SIWX works

1

Request triggers a 402 with SIWX challenge

The endpoint responds with 402 Payment Required and includes a SIWX challenge, either on its own or alongside a payment requirement.
2

AgentCash signs the challenge

Your wallet signs the server’s challenge to prove ownership of the address.
3

Request retries with auth headers

AgentCash retries the original request with the signed proof in the headers.

Making authenticated requests

Ask your agent to use fetch:
Use AgentCash fetch to call https://example.com/api/protected-endpoint.
Or via CLI: 
npx agentcash fetch https://example.com/api/protected-endpoint
AgentCash handles the full SIWX handshake automatically and only falls back to payment if the route still returns 402.

When to use authenticated vs paid requests

ScenarioTool / command
Endpoint requires USDC paymentfetch
Endpoint requires wallet identity onlyfetch
Not sure which auth the endpoint usescheck_endpoint_schema / check first
Use check_endpoint_schema (MCP) or npx agentcash check (CLI) to inspect an endpoint before calling it. The response tells you whether it requires payment, SIWX auth, or both, but fetch handles every case.