MPP Logo
MPP Layer
Deep Dive

P2P Payment Architecture

The Machine Payments Protocol (MPP) operates on a completely non-custodial, Peer-to-Peer (P2P) architecture. This means MPP never holds, escrows, or touches the funds of providers or consumers. All payments happen directly on the Solana blockchain in real time.

~400ms

Settlement Time

Solana block time

2%

Platform Fee

Direct to fee wallet

Zero

Custody

Fully non-custodial

System Overview

Every API interaction on the MPP platform follows a strict, verifiable lifecycle involving three parties: the Consumer (the caller), the MPP Gateway (our proxy), and the Provider (the API owner). Here is the complete flow from start to finish.

Consumer

App / AI Agent

MPP Gateway

Verifier & Proxy

Solana RPC

Blockchain

Provider

Upstream Server

① Initial Request

② 402 Challenge

③ Verify Signature

④ Proxy + Log

Step-by-Step Request Lifecycle

Let's trace a complete request through the system. In this example, a Consumer wants to call the defi-sentiment API, which costs 1.0 USDC per request.

1

Initial Request (No Auth)

The Consumer sends a standard HTTP request to the MPP Gateway endpoint. No authentication headers are included at this stage.

terminal
POST https://api.mpp.dev/v1/gateway/defi-sentiment
Content-Type: application/json

{"prompt": "Is Solana trending bullish today?"}
2

402 Payment Challenge

The Gateway looks up the endpoint in the registry, finds it requires payment, and immediately returns a 402 Payment Required response. The WWW-Authenticate header contains everything the Consumer needs to construct the payment:

response headers
HTTP/1.1 402 Payment Required
WWW-Authenticate: Payment
  address="9eW9z...ProviderWallet",
  amount="1.0",
  currency="USDC",
  fee_wallet="MPP1...PlatformWallet",
  fee_percent="2%"

{"error": "Payment Required"}

What does each field mean?

  • address — The Provider's Solana wallet. Send the API price here (minus the 2% fee).
  • amount — The total cost per request.
  • currency — The token to use for payment (SOL, USDC, USDT).
  • fee_wallet — The MPP Platform wallet. Send 2% of the total amount here.
  • fee_percent — The platform fee. Always 2%.
3

Build & Sign the Solana Transaction

The Consumer's application constructs a single Solana transaction containing two transfers: one to the Provider and one to the MPP Platform. This is the core of the non-custodial P2P model.

Strict Verification Rules

Both transfers must exist in the same transaction signature. The MPP Gateway will reject the request if either transfer is missing or below the required amount.


Provider amount = 1.0 USDC × (1 - 0.02) = 0.98 USDC

Platform fee = 1.0 USDC × 0.02 = 0.02 USDC

mpp-client.ts
import { Transaction, SystemProgram, PublicKey } from "@solana/web3.js";

const totalAmount = 1.0 * 1e9; // 1.0 SOL in lamports (or use token decimals for USDC)
const platformFee = totalAmount * 0.02;  // 2%
const providerAmount = totalAmount - platformFee; // 98%

const transaction = new Transaction().add(
  // Transfer 98% to Provider
  SystemProgram.transfer({
    fromPubkey: consumerWallet.publicKey,
    toPubkey: new PublicKey("9eW9z...ProviderWallet"),
    lamports: providerAmount,
  }),
  // Transfer 2% to MPP Platform Fee Wallet
  SystemProgram.transfer({
    fromPubkey: consumerWallet.publicKey,
    toPubkey: new PublicKey("MPP1...PlatformWallet"),
    lamports: platformFee,
  })
);

const signature = await sendAndConfirmTransaction(connection, transaction, [consumerWallet]);
// → "5gPz8...txSignature"
4

Retry Request with Payment Proof

The Consumer retries the exact same HTTP request, but this time includes the confirmed transaction signature in the Authorization header.

terminal
POST https://api.mpp.dev/v1/gateway/defi-sentiment
Content-Type: application/json
Authorization: Payment signature=5gPz8...txSignature

{"prompt": "Is Solana trending bullish today?"}
5

On-Chain Verification (Gateway)

The MPP Gateway extracts the signature and calls the Solana RPC to fetch the full transaction details. It runs the following checks against the raw transaction data:

Transaction is confirmed

Not pending or failed.

No transaction errors

tx.meta.err === null.

Provider received ≥ 98%

Checked via pre/post balance delta.

Platform received ≥ 2%

Checked against fee wallet address.

Signature not reused

Replay attack prevention via signature cache.

6

Proxy to Provider & Log

If all checks pass, the Gateway forwards the request to the Provider's Upstream URL (their real server). The Gateway injects a special header X-MPP-Verified-Payment: true so the Provider's server knows the payment has been verified.

The Provider's response is streamed back to the Consumer, and the transaction is recorded in the request_logs table. This log entry automatically updates the Provider's Total Earnings and Trust Metrics (success rate, latency) on their dashboard.

Security Considerations

Replay Attack Prevention

A Replay Attack occurs when a malicious user captures a valid transaction signature and re-uses it to call the API multiple times without paying again.

The MPP Gateway prevents this with a global Signature Cache. Every successfully consumed signature is stored. If the same signature appears in a second request, the Gateway returns a 409 Conflict: Signature already consumed error immediately.

One signature = One API call

Transaction signatures on Solana are unique, time-stamped, and permanently recorded on the blockchain. It is cryptographically impossible to forge or reuse a signature undetected.

Protecting the Upstream URL

Because your Upstream URL is a public web server, a bad actor could attempt to bypass the MPP Gateway entirely and call your server directly for free. To mitigate this:

  • Verify the presence of the X-MPP-Verified-Payment: true header on all incoming requests to your server.
  • Maintain a strict IP allowlist of MPP Gateway egress IPs.
  • For maximum security, use mutual TLS (mTLS) between the Gateway and your upstream server.

Fee Distribution Summary

Every payment is split automatically and verifiably on-chain:

Provider

98%

Sent directly to the API owner's wallet. Instantly. No withdrawal required.

MPP Platform

2%

Sent directly to the MPP fee wallet. Funds the protocol infrastructure and development.

Why P2P Instead of Smart Contracts?

Many decentralized payment systems use on-chain smart contracts (e.g., escrow contracts on Ethereum) to enforce payment rules. MPP deliberately avoids smart contracts for the following reasons:

Lower Cost

Smart contract calls cost gas fees on top of the payment itself. A P2P transfer on Solana costs ~0.000005 SOL.

No Audit Risk

Smart contract bugs have caused billions in losses. A simple P2P transfer has no exploitable logic.

Faster Settlement

No contract execution means settlement is purely a transfer, completing in Solana's native ~400ms block time.

Built for the machine economy by MPP Layer.