Skip to main content
When you pay for a browser session via x402, you get a standard browser by default. To unlock Verified browsers — purpose-built Chromium recognized by bot protection partners — your agent needs to prove it’s operating on behalf of a real human. This is where AgentKit comes in. AgentKit provides cryptographic proof-of-humanity using the World Chain network, so your agent can prove it’s human-backed without revealing who that human is.
AgentKit human verification is only required for x402 sessions. If you’re using the standard Browserbase SDK with API keys, verified browsers are available directly through your plan.

How it works

1

Register your wallet

Register your EVM wallet address in the AgentBook smart contract on World Chain. This is a one-time setup that links your wallet to a verified human identity.
2

Sign a proof header

Before each session request, your agent signs an EIP-191 message proving it controls a registered wallet. The signed message includes the target URL, a nonce, and a short TTL for replay protection.
3

Send with your x402 payment

Include the signed proof as an agentkit HTTP header alongside your X-PAYMENT header. The gateway verifies the signature, checks AgentBook registration, and upgrades your session.
4

Get a premium browser

If verification succeeds, your session gets Browserbase’s Verified browser — purpose-built Chromium recognized by bot protection partners — the same premium feature available to Scale plan customers.

Session behavior

ScenarioBrowser
x402 payment, no agentkit headerStandard
x402 payment, invalid or expired proofStandard
x402 payment, valid proof from registered humanVerified
The gateway never returns an error for missing or invalid proofs — it silently falls back to a standard browser. Your agent always gets a working session.

Setup

1. Install dependencies

npm install @worldcoin/agentkit viem

2. Register in AgentBook

You need a wallet registered in AgentBook on World Chain. Registration requires the wallet holder to be a verified human (Orb-verified via World App). 
npx @worldcoin/agentkit-cli register <your-wallet-address>
Registration is a one-time on-chain transaction on World Chain (chain ID eip155:480). Once registered, any agent signing with this wallet’s private key can prove human backing.

3. Sign the AgentKit header

Your agent signs a SIWE-formatted message before each request: 
import { privateKeyToAccount } from "viem/accounts";
import { formatSIWEMessage } from "@worldcoin/agentkit";
import { randomBytes } from "crypto";

const account = privateKeyToAccount(process.env.AGENTKIT_PRIVATE_KEY as `0x${string}`);

async function signAgentkitHeader(url: string): Promise<string> {
  const parsed = new URL(url);
  const now = new Date();
  const expiry = new Date(now.getTime() + 5 * 60 * 1000); // 5-minute TTL

  const info = {
    domain: parsed.host,
    uri: url,
    version: "1" as const,
    nonce: randomBytes(16).toString("hex"),
    issuedAt: now.toISOString(),
    expirationTime: expiry.toISOString(),
    chainId: "eip155:480", // World Chain
    type: "eip191" as const,
    statement: "Verify your agent is backed by a real human",
  };

  const message = formatSIWEMessage(info, account.address);
  const signature = await account.signMessage({ message });

  const payload = { ...info, address: account.address, signature };
  return Buffer.from(JSON.stringify(payload)).toString("base64");
}

4. Create a verified x402 session

Combine the agentkit header with your x402 payment: 
import { wrapFetchWithPayment } from "x402-fetch";
import { privateKeyToAccount } from "viem/accounts";

const walletAccount = privateKeyToAccount(process.env.PRIVATE_KEY as `0x${string}`);
const x402Fetch = wrapFetchWithPayment(fetch, walletAccount);

const url = "https://x402.browserbase.com/browser/session/create";

// Sign the AgentKit proof
const agentkitHeader = await signAgentkitHeader(url);

// Create session with both payment and human verification
const session = await x402Fetch(url, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "agentkit": agentkitHeader,
  },
  body: JSON.stringify({ estimatedMinutes: 30 }),
}).then((r) => r.json());

console.log(session.connectUrl); // Verified browser session
The same wallet can be used for both x402 payments (USDC on Base) and AgentKit signing (identity on World Chain). They serve different purposes — payment vs. identity — but can share a key pair for convenience.

Server-side verification

The x402 gateway verifies AgentKit proofs in four steps:
  1. Decode — Base64-decode the agentkit header and parse the JSON payload
  2. Validate — Check the SIWE message fields, TTL (must not be expired), and target URI
  3. Recover — ECRECOVER the signer’s address from the EIP-191 signature
  4. Lookup — Query the AgentBook contract on World Chain (eip155:480) to confirm the address belongs to a registered human
If any step fails, the gateway logs the reason and falls back to a standard browser. No error is returned to the client.

FAQ

Yes. AgentBook registration requires the wallet holder to be verified through World App’s Orb verification. This is what makes the proof meaningful — it’s not just a wallet, it’s a wallet linked to a unique human.
Yes. The x402 payment wallet (USDC on Base) and the AgentKit signing wallet (registered on World Chain) are independent. You can use the same wallet for both or separate them.
Nothing. The AgentKit proof is only checked at session creation time. Once your session is created as Verified, it stays that way for the session’s lifetime.
No. The AgentKit proof is between your agent and the x402 gateway. Websites see a Verified Browserbase browser — they don’t see your wallet address or World ID.
You still get a working browser session (you paid for it via x402). It just won’t have Verified browser fingerprints. The gateway never rejects a paid request over a missing proof.

Further reading

x402 Quickstart

Set up x402 payments for browser sessions

AgentKit

AgentKit SDK documentation

Agent Identity

How Browserbase handles agent authentication