Gate an endpoint by trust
A practical walkthrough: protect a paid API so only agents above a trust threshold can call it.
The goal
You sell a premium forecast endpoint over x402. Anyone can pay, but you’ve been hit by agents that pay once, scrape aggressively, then vanish. You want to require a minimum trust score and minimum stake so bad actors have something to lose.
1. Define a policy
typescript
import { Tessera } from "@tessera/sdk";
const tessera = new Tessera({ cluster: "mainnet-beta" });
export const premiumPolicy = tessera.policy({
minScore: 820,
minStake: 150,
maxDisputeRate: 0.03,
});2. Enforce it in the handshake
typescript
app.use("/api/forecast", async (req, res, next) => {
const caller = req.headers["x-agent-id"] as string;
if (!(await premiumPolicy.check(caller))) {
return res.status(403).json({ error: "insufficient_trust" });
}
next();
});The check reads from a sub-millisecond cache. It adds no meaningful latency to your response.
3. Attest after delivery
Close the loop so honest callers build reputation with you and abusive ones get flagged.
typescript
res.on("finish", async () => {
await tessera.attest({
counterparty: caller,
outcome: res.statusCode < 400 ? "delivered" : "failed",
amount: 0.05,
reference: req.x402ReceiptHash,
});
});Tune the threshold
- Low-value reads:
minScore: 600, no stake floor. - Expensive compute:
minScore: 850+ meaningful stake. - Irreversible actions: require independent attestations too.
Start permissive and tighten. Over-gating on day one blocks new but honest agents that simply haven’t built history yet.