CardZero Payment Wallet

Beta — Smart contract audit in progress. Recommended wallet balance: < $100 USDC.

You have a CardZero payment wallet on Base (Coinbase L2). This wallet holds USDC and lets you make on-chain payments within rules set by your Owner (the human who manages your wallet).

Capabilities

1. 1. Create a new wallet — Register a wallet for your Owner to claim
2. Check balance — Query your current USDC balance
3. Make payments — Send USDC to any address (merchants, services, or other agents)
4. Pay x402 paywalls — Automatically pay for HTTP 402-protected resources
5. Agent-to-agent payments — Pay another CardZero agent directly by their wallet address
6. View payment history — See recent transactions

Authentication

All endpoints except Create Wallet require your API Key:

CODEBLOCK0

You receive this API Key from your Owner after they claim the wallet. Store it as CARDZERO_API_KEY.

Wallet Lifecycle

A wallet goes through two stages:

1. 1. You create it → You get a walletId and a one-time claimKey (no API Key needed)
2. Your Owner claims it → They get an API Key and give it to you as an Agent Configuration block
3. You start operating → Use the API Key for all subsequent requests

Until your Owner claims the wallet and gives you the API Key, you cannot make payments or check balance.

Agent Configuration

After claiming, your Owner will give you a block like this:

CODEBLOCK1

When you receive this, extract and save:

• - CARDZERO_API_KEY — the API Key (starts with czapi_)
• INLINECODE5 — the wallet ID
• INLINECODE6 — the API base URL

Rules

Before every payment

• - Tell the user the amount, recipient address, and reason before sending
• If the user hasn't confirmed, ask for confirmation first

When something goes wrong

• - INSUFFICIENT_BALANCE → Tell the user your balance is too low and suggest they add funds
• INLINECODE8 → Tell the user your wallet has been frozen by the Owner and you cannot make payments until they unfreeze it
• INLINECODE9 → This is rare — session keys are auto-managed by CardZero. If this persists, ask the Owner to contact support
• INLINECODE10 → The wallet hasn't been claimed yet; remind the user to claim it with the claimKey you provided
• INLINECODE11 → Your API Key is invalid or has been revoked; ask the Owner to check

Spending limits

Your Owner may set per-transaction and daily spending limits. If a payment exceeds these limits, the chain will reject it. When this happens, explain the limit to the user and suggest a smaller amount.

Config Summary

Your Owner may paste a Config Summary block that looks like this:

CODEBLOCK2

When you receive this, parse it to understand your current spending context. Use the limits to proactively check before attempting a payment that would fail.

API Reference

Base URL: ${CARDZERO_API_URL}/v1

---

1. Create Wallet

No authentication required — this is the first step before you have an API Key.

CODEBLOCK3

Response (201):
CODEBLOCK4

After creating a wallet, you MUST:

1. 1. Save the id as your INLINECODE14
2. Tell the Owner the claimKey clearly — this is the only time it's shown
3. Tell the Owner the chainAddress so they can send USDC to it
4. Explain: "Go to the CardZero Dashboard, enter this claim key, and set up your username and password to activate the wallet. The key expires in 7 days. After claiming, you'll get an Agent Configuration block — paste it back to me so I can start making payments."

Example message to Owner:

I've created a CardZero wallet for you. Here's what you need to do:

Wallet address: 0xa1f2...70D0

Claim key: czk_a1b2c3d4e5f6g7h8_i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2

Go to the CardZero Dashboard and enter this claim key to activate the wallet. The key is valid for 7 days and can only be used once. After claiming, you'll see an Agent Configuration block — copy it and paste it back to me so I can start making payments.

---

2. Check Balance

Requires API Key.

CODEBLOCK5

Response (200):
CODEBLOCK6

Errors:

• - WALLET_NOT_ACTIVE — Wallet hasn't been claimed yet
• INLINECODE20 — Invalid walletId
• INLINECODE21 — API Key is invalid or revoked
• INLINECODE22 — API Key is not bound to this wallet

---

3. Make Payment

Requires API Key. The wallet is automatically determined from your API Key — do NOT include walletId in the request body.

CODEBLOCK7

Response (201):
CODEBLOCK8

Fields:

• - to — Recipient Ethereum address (0x-prefixed, 42 characters)
• INLINECODE25 — USDC amount as a string (e.g. "2.50")
• INLINECODE26 — Must be INLINECODE27
• INLINECODE28 — Optional note for the payment
• INLINECODE29 — Optional; prevents duplicate charges if you retry

Important: Do NOT include walletId in the request body. Your API Key already identifies which wallet to use.

Errors:

• - WALLET_NOT_FOUND — Invalid walletId
• INLINECODE32 — Wallet hasn't been claimed
• INLINECODE33 — Owner froze the wallet
• INLINECODE34 — Not enough USDC
• INLINECODE35 — Internal signing key unavailable (auto-managed, rarely seen)
• INLINECODE36 — Only USDC is supported
• INLINECODE37 — On-chain transaction failed (may include "spend limit exceeded" for tx/daily limits)
• INLINECODE38 — API Key is invalid or revoked

After a successful payment, use remainingBalance to track your funds without a separate balance query.

Fee disclosure: A 2% service fee is automatically deducted from your wallet on each payment. For example, a $5.00 payment costs $5.10 total ($5.00 to the recipient + $0.10 fee). The fee is handled on-chain — you do not need to calculate or add it manually.

---

4. Pay for x402-Protected Resources

Requires API Key. Use this when you receive an HTTP 402 Payment Required response from a service that supports the x402 payment protocol.

CODEBLOCK9

Response (201):
CODEBLOCK10

Fields:

• - url — The URL that returned 402 (stored as memo for records)
• INLINECODE42 — Maximum USDC amount to pay
• INLINECODE43 — Merchant's Ethereum address (from the 402 response)
• INLINECODE44 — Chain identifier: eip155:8453 (Base Mainnet) or eip155:84532 (Base Sepolia)
• INLINECODE47 — USDC contract address (from the 402 response)

How to use x402:

1. 1. Make your original HTTP request to the protected resource
2. If you receive a 402 Payment Required response, extract recipient, maxAmount, network, and asset from the response headers/body
3. Call POST /v1/x402/pay with those values plus the original INLINECODE54
4. Take the paymentHeader from the response
5. Retry your original request with the header: INLINECODE56

Errors: Same as Make Payment above, plus:

• - UNSUPPORTED_NETWORK — Network not supported (must be Base)
• INLINECODE58 — Only USDC is supported

---

5. View Payment History

Requires API Key.

CODEBLOCK11

Response (200):
CODEBLOCK12

Query parameters:

• - limit — Number of records (default: 20, max recommended: 50)
• INLINECODE60 — Skip N records for pagination

Payment status values: pending, confirmed, INLINECODE63

Errors:

• - FORBIDDEN — API Key is not bound to this wallet

---

6. Check Payment Status

No authentication required — payment IDs are unguessable.

CODEBLOCK13

Returns the same shape as a single payment object from the history endpoint.