Prerequisites
- An EVM wallet (any wallet that can sign messages)
- World App with Orb verification completed
- USDC on Base network (for x402 session payments)
- Node.js 18+
Setup
1. Install dependencies
2. Register your wallet in AgentBook
AgentBook is a smart contract on World Chain that links wallet addresses to verified humans. Registration is a one-time on-chain transaction.Registration requires the wallet holder to be Orb-verified through World App. This is what makes the proof meaningful — it’s not just a wallet, it’s a wallet linked to a unique human.
3. Set your environment variables
Create a verified session
Sign the AgentKit header
Your agent signs a SIWE-formatted message before each request:Send the request
Combine theagentkit header with your x402 payment using x402-fetch:
Connect with Playwright
How verification works server-side
The x402 gateway verifies AgentKit proofs in four steps:- Decode — Base64-decode the
agentkitheader and parse the JSON payload - Validate — Check the SIWE message fields and TTL (must not be expired)
- Recover — ECRECOVER the signer’s address from the EIP-191 signature
- Lookup — Query AgentBook on World Chain (
eip155:480) to confirm the address belongs to a registered human
FAQ
Do I need to be Orb-verified?
Do I need to be Orb-verified?
Yes. AgentBook registration requires the wallet holder to be verified through World App’s Orb verification. This is what makes the proof meaningful — it’s not just a wallet, it’s a wallet linked to a unique human.
Can I use different wallets for payment and identity?
Can I use different wallets for payment and identity?
Yes. The x402 payment wallet (USDC on Base) and the AgentKit signing wallet (registered on World Chain) are independent. You can use the same wallet for both or separate them.
What happens if my proof expires mid-session?
What happens if my proof expires mid-session?
Nothing. The AgentKit proof is only checked at session creation time. Once your session is created as Verified, it stays that way for the session’s lifetime.
Is my identity revealed to websites I visit?
Is my identity revealed to websites I visit?
No. The AgentKit proof is between your agent and the x402 gateway. Websites see a Verified Browserbase browser — they don’t see your wallet address or World ID.
What if I don't include the agentkit header?
What if I don't include the agentkit header?
You still get a working browser session (you paid for it via x402). It just won’t have Verified browser fingerprints. The gateway never rejects a paid request over a missing proof.
Next steps
x402 deep dive
Detailed x402 payment flow with AgentKit premium unlock
Agent Identity
All identity layers available to agents