aisthetic·services401 Unauthorized
Identity evidence missing or invalid. No wallet, no DID, no VC. Nothing reaches the upstream provider.
Demo01 02 03 04
Try AgentTrust in your own terminal.
Run a real sandbox gateway flow against https://sandbox.aisthetic.services, 401 → 402 → 200 + signed receipt, without contacting us, without a sign-up, and without real funds.
What you will do
- Check that the gateway is live.
- Fetch the bounded sandbox helper context.
- Call without identity → 401 Unauthorized.
- Call with sandbox identity headers → 402 Payment Required.
- Call with the sandbox proof header → 200 + signed receipt.
- Verify the receipt and proof bundle offline.
Lifecycle
402 Payment Required
Identity is good, policy allows the call, but the call is paid. The gateway emits a payment challenge bound to this exact request.
200 + signed receipt
Verified, paid, audited. The response carries an X-AgentTrust-Receipt-Id pointing at the canonical Ed25519-signed receipt.
Proof bundle
The receipt + hash-chained audit + proof bundle verify offline against the published gateway public key. No contact with us required.
Try it now
1. Liveness probe
curl -i https://sandbox.aisthetic.services/live
# → 200 OK
# { "ok": true, "service": "agenttrust-api", ... }2. Sandbox helper context
curl -s https://sandbox.aisthetic.services/v1/sandbox/demo-session # → bounded JSON, no secrets, schema-versioned
3. Unauthenticated call → 401
curl -i -X POST https://sandbox.aisthetic.services/g/aisthetic/probe # → 401 Unauthorized # identity evidence missing
4. Identified but unpaid → 402
curl -i -X POST https://sandbox.aisthetic.services/g/aisthetic/probe \ -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \ -H "X-AgentTrust-Signature-Scheme: sandbox" \ -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services" # → 402 Payment Required # challenge body bound to the request hash
5. Sandbox paid call → 200 + signed receipt
X-AgentTrust-Sandbox-Proof: demo-paid is a sandbox-only header. It accepts no real settlement, calls no facilitator, touches no chain. Production deploys refuse the header unconditionally.
curl -i -X POST https://sandbox.aisthetic.services/g/aisthetic/probe \ -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \ -H "X-AgentTrust-Signature-Scheme: sandbox" \ -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services" \ -H "X-AgentTrust-Sandbox-Proof: demo-paid" # → 200 OK # X-AgentTrust-Receipt-Id: rcp_<placeholder>
6. Verify offline
# clone the repo locally, then:
pnpm proof:verify ./bundle-<placeholder>.zip
# → { "verdict": "valid", "hashChainContinuous": true, "signaturesValid": true }Solana SPL USDC payment (mainnet)
The same 401 → 402 → 200 + signed receipt flow runs on Solana mainnet via SPL transferChecked. An agent transfers 0.01 USDC to the AgentTrust recipient associated token account, the gateway waits for finalized commitment, an on-chain Anchor receipt verifier program validates the signed receipt against the Ed25519SigVerify sysvar instruction in a single transaction, and a signed receipt is issued. Verify-first, settle-once, never-retry — same invariant as the EVM x402 path.
1. Build the SPL transferChecked transaction
Recipient associated token account: Hbzx5A9MzU1PfHD2UMaGFcBLi3fDDadphBcyVtH6s11A. USDC mint: EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v. Network: solana-mainnet. Commitment: finalized. Amount: 0.01 USDC (10000 base units, 6 decimals).
# Build the SPL transferChecked tx with 0.01 USDC to: # Hbzx5A9MzU1PfHD2UMaGFcBLi3fDDadphBcyVtH6s11A # Mint: EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v # Network: solana-mainnet (commitment: finalized) # Sign with the agent's wallet, submit, and capture the base58 signature.
2. Send the signature to the gateway
curl -i -X POST \ -H "X-AgentTrust-Wallet-Address: <agent solana wallet>" \ -H "X-AgentTrust-Signature-Scheme: solana" \ -H "X-AgentTrust-Principal: <agent principal DID>" \ -H "X-Payment-Solana: <base58 signature>" \ https://sandbox.aisthetic.services/g/aisthetic/probe # → 200 OK # X-AgentTrust-Receipt-Id: <UUID> # (the receipt's externalPaymentId is the Solana transaction signature)
3. Live evidence
First mainnet canary transaction (slot 417818028, 2026-05-05): solscan.io/tx/4N9XggyC…gQaY. On-chain Anchor receipt verifier program FWdCDkFnex…vw9Z is the deployed verifier on Solana mainnet.
What this proves
- The gateway path is live and reachable.
- The 401 / 402 / 200 policy + payment challenge works end-to-end.
- A receipt id is issued on every successful paid call.
- An offline proof + audit chain exists for the call.
What this does not prove
- No real funds moved. Sandbox proof is not real settlement.
- No production SLA. Public-beta sandbox; rate-limited; no uptime promise.
- No official certification. SOC 2 / ISO 27001 / HIPAA / PCI all not claimed.
- No mainnet payment, marketplace, custody, or token. Out of scope.