Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.x402r.org/llms.txt

Use this file to discover all available pages before exploring further.

This is the on-chain Solidity struct. The JSON payload omits the payer field; the facilitator recovers it from the signature at settlement time. Wire-format extra uses spec-level field names; the on-chain struct keeps canonical names so the EIP-712 typehash matches the AuthCaptureEscrow contract byte-for-byte. 
struct PaymentInfo {
    address operator;            // = extra.captureAuthorizer
    address payer;               // payload-derived
    address receiver;            // = requirements.payTo
    address token;               // = requirements.asset
    uint120 maxAmount;           // = requirements.amount
    uint48  preApprovalExpiry;   // = now + maxTimeoutSeconds (client-derived)
    uint48  authorizationExpiry; // = extra.captureDeadline
    uint48  refundExpiry;        // = extra.refundDeadline
    uint16  minFeeBps;
    uint16  maxFeeBps;
    address feeReceiver;         // = extra.feeRecipient
    uint256 salt;                // = payload.salt (client-generated, fresh per request)
}

Expiry Ordering

The contract enforces: preApprovalExpiry <= authorizationExpiry <= refundExpiry
ExpiryWire fieldEnforced AtEffect
preApprovalExpiryderivedauthorize() / charge()Blocks settlement after this time
authorizationExpirycaptureDeadlinecapture()Blocks capture; allows reclaim()
refundExpiryrefundDeadlinerefund()Blocks refund requests

Safety Guarantees

The escrow contract enforces invariants on-chain:

No Overcharging

The client-signed maxAmount caps the settlement amount. Attempts to exceed the limit revert.

Replay Prevention

Each payment has a unique nonce derived from (chainId, escrowAddress, paymentInfoHash). The nonce is consumed on-chain at settlement.

Payer Reclaim

After captureDeadline, the payer can reclaim escrowed funds directly without captureAuthorizer approval.

Fee Bounds

Min/max fee bounds in PaymentInfo are client-signed and enforced on-chain. The captureAuthorizer must respect these limits.
CaptureAuthorizer Trust Required: The captureAuthorizer controls when and how much to capture. Choose with intent and understand the capture policy. See PaymentOperator for examples.

Next Steps

Wire Format

Where each PaymentInfo field comes from on the wire.

Verification and Settlement

The 13-step verification flow that enforces these invariants.