xDIDxDID Protocol← Back to Home

Technical Documentation

A payment-native identity protocol built on ERC-8004 and x402

Overview

xDID is a decentralized identity system designed for both humans and AI agents. Unlike traditional identity systems that focus on "who you are," xDID emphasizes "what you can do" — specifically, your ability to pay, sign, and perform valuable actions.

Payment itself is the most direct proof of identity. xDID builds on this principle by combining TEE (Trusted Execution Environment), x402 protocol, and ERC-8004 standard to create a secure, verifiable, and scalable identity infrastructure.

Architecture

L1: Base Identity Layer

The foundation layer enables permissionless identity creation for any entity — humans, enterprises, or AI agents — with minimal friction.

TEE (Trusted Execution Environment)

  • Secure identity generation and private key custody
  • Hardware-isolated execution for sensitive operations
  • Protection of biometric data and agent keys

x402 Protocol

  • HTTP-level real-time micropayments via X-402-Payment header
  • Support for USDC and other mainstream tokens
  • Integration with TEE signatures for verifiable requests
  • Infrastructure-grade compatibility (Cloudflare + Coinbase)

ERC-8004 Standard

  • Universal on-chain micropayment and settlement interface
  • Converts economic activity into verifiable on-chain records
  • Enables composability with other DeFi protocols

TEE (secure generation) → x402 (real-time interaction) → ERC-8004 (on-chain settlement)

L2: Compliance Extension Layer

Enables trust inheritance while maintaining L1 identity independence. Designed for high-trust scenarios requiring regulatory compliance.

Primary Identity (Main DID)

KYC/KYB-verified users or enterprises. Acts as the trust anchor for issuing compliance credentials to authorized agents.

Agent Identity (Agent DID)

Fully independent identities for AI agents with autonomous signing, payment, and action capabilities. Accumulates independent reputation.

Verifiable Credentials (VC)

Primary identity can issue VCs to authorized agents. Agents selectively disclose VCs when accessing compliance-required services.

Identity Usage Scenarios

L1: Base Identity Layer Usage

🤖 Autonomous AI Agents

AI agents create their own L1 identities to independently access services and build reputation.

  • Agent generates identity via TEE-secured key generation
  • Pays for API calls, compute resources, and data access using x402
  • Builds on-chain payment history and reputation score
  • Services can verify agent's payment capability before granting access
Example: A trading bot creates an xDID, pays for real-time market data via x402, and accumulates reputation through consistent payments over time.

👤 Individual Users

Humans create L1 identities for privacy-preserving, accountless service access.

  • No email, password, or personal information required
  • Pay-per-use for APIs, content, and services without subscriptions
  • Identity portable across all xDID-compatible services
  • Optional biometric binding via TEE for enhanced security
Example: A developer pays 0.01 USDC per API call to a cloud vision service, authenticated solely by payment signature, no account needed.

🏢 Enterprise Primary Identities

Organizations establish L1 identities as root authorities for their agent ecosystems.

  • Company creates master L1 identity with KYC/compliance credentials
  • Issues L2 sub-identities to internal AI agents and services
  • Centralized billing and audit trail for all agent activities
  • Revocable credentials for fine-grained access control
Example: A fintech company creates an L1 identity, then issues 50 L2 agent identities for different trading strategies, all traceable to the parent entity.

L2: Delegated Identity Layer Usage

🔗 Agent Swarms & Multi-Agent Systems

Deploy multiple specialized agents under a single L1 identity for coordinated operations.

  • L1 identity issues L2 credentials to each agent with specific capabilities
  • Agents operate independently but inherit parent's reputation
  • Selective credential disclosure for compliance (e.g., KYC for regulated services)
  • Parent can revoke or update agent credentials in real-time
Example: A hedge fund deploys 20 AI agents for different markets. Each has L2 identity with market-specific permissions, but all inherit the fund's verified institutional status.

🎭 Privacy-Preserving Compliance

Use L2 identities to selectively disclose compliance credentials without revealing full identity.

  • L1 identity holds KYC, accreditation, or regulatory credentials
  • L2 agents present only required credentials to each service
  • Zero-knowledge proofs for age, jurisdiction, or accreditation status
  • Compliance without sacrificing privacy or operational security
Example: An AI agent proves it's operated by a US-accredited investor without revealing the investor's identity, enabling access to regulated DeFi protocols.

⚡ Temporary & Disposable Identities

Create short-lived L2 identities for specific tasks, then revoke them.

  • Issue L2 identity with time-bound or usage-limited credentials
  • Ideal for one-time tasks, testing, or untrusted environments
  • Automatic expiration or manual revocation
  • Minimizes risk exposure while maintaining auditability
Example: A company issues 100 L2 identities for a 24-hour hackathon, each with $50 spending limit. All identities auto-expire after the event.

🌐 Cross-Layer Integration

🔄 Reputation Inheritance & Aggregation

L2 agents inherit base reputation from L1 parent, while building their own specialized reputation. Services can evaluate both individual agent performance and parent entity trustworthiness.

💰 Consolidated Billing & Analytics

All L2 agent payments roll up to L1 identity for unified billing, cost tracking, and financial reporting. Enterprises get complete visibility into agent spending patterns.

🛡️ Progressive Trust Escalation

Start with anonymous L1 identity for basic services. Add KYC credentials for regulated access. Issue L2 agents for specialized tasks. All while maintaining a single root of trust.

🚀 Future Capabilities

  • Cross-chain identity bridging: Use xDID across multiple L1/L2 blockchains
  • Reputation marketplaces: Trade or lease high-reputation identities
  • AI-to-AI identity verification: Agents verify each other's capabilities and trustworthiness
  • Decentralized identity recovery: Social recovery mechanisms for lost L1 identities
  • Programmable identity policies: Smart contract-based access control and spending limits

Real-World Applications

Autonomous AI Economy

AI agents independently access services (data APIs, compute) through their xDID identity. Each payment builds on-chain reputation.

Example: An AI trading bot pays for real-time market data via x402, with all transactions recorded on-chain via ERC-8004.

Accountless API Services

Users pay per API call without creating accounts. Service providers eliminate account management overhead and bad debt risk.

Example: A developer pays 0.01 USDC per API call to a cloud vision service, authenticated solely by payment.

Enterprise AI Agents

Companies deploy multiple AI agents with independent xDIDs for different tasks. All operations are auditable on-chain while maintaining permission separation.

Example: A company creates 10 AI agents for customer service, each with its own payment capability and compliance credentials.

Technical Q&A

Why not just use wallet addresses as identities?

Wallet addresses are anonymous and lack context. xDID adds payment history, reputation scores, and optional compliance credentials. It's the difference between a random string and a verifiable economic actor.

How does x402 differ from traditional payment APIs?

x402 operates at the HTTP layer, not application layer. It's like HTTP Basic Auth, but for payments. No API keys, no accounts — just cryptographic signatures and on-chain verification. Think of it as "pay-per-request" baked into the protocol.

What prevents Sybil attacks?

Creating identities is free, but using them costs money. Each payment builds reputation. Services can set minimum reputation thresholds or payment history requirements. It's economically infeasible to spam with paid identities.

Is TEE required for all operations?

No. TEE is only required for initial key generation and sensitive operations (biometric verification, KYC). Regular payments and signatures can happen client-side. Think of TEE as a secure vault, not a mandatory gateway.

What's the gas cost for minting an xDID?

On Base Sepolia testnet, minting costs ~0.0001 ETH (~$0.30 at current prices). The actual payment (1000 USDC test tokens) is handled via EIP-3009 gasless authorization, so users only pay once.

Can I use xDID without cryptocurrency?

Currently, no. xDID is built on blockchain rails for transparency and verifiability. However, we're exploring fiat on-ramps and stablecoin abstractions to reduce friction for non-crypto users.

What happens if I lose my private key?

For L1 identities: You lose access, similar to losing a wallet. For L2 identities with social recovery: The primary identity can revoke and reissue credentials. We recommend using hardware wallets or MPC solutions for key management.

Is this compatible with existing DID standards (W3C)?

Partially. xDID follows the spirit of W3C DID but optimizes for payment-native use cases. We're working on a compatibility layer for existing DID resolvers. Think of xDID as "DID + built-in payment rails."

Development Roadmap

Q4 2024✅ Completed

Foundation & Testnet Launch

  • ERC-8004 smart contract deployment on Base Sepolia
  • x402 payment protocol integration
  • TEE-based identity generation (proof of concept)
  • Twitter OAuth binding for L1 identities
  • Web interface for identity minting and management
Q1 2025🚧 In Progress

L2 Layer & SDK Development

  • L2 delegated identity framework (Verifiable Credentials)
  • JavaScript/TypeScript SDK for developers
  • Agent identity creation and management APIs
  • Reputation scoring system (on-chain payment history)
  • Mainnet deployment on Base L2
Q2 2025📋 Planned

Enterprise Features & Compliance

  • KYC/AML integration for regulated services
  • Multi-signature support for enterprise accounts
  • Batch identity issuance for agent swarms
  • Advanced credential management (revocation, expiration)
  • Analytics dashboard for identity usage and spending
  • Partner integrations (API providers, AI platforms)
Q3 2025📋 Planned

Cross-Chain & Advanced Features

  • Cross-chain identity bridging (Ethereum, Arbitrum, Optimism)
  • Zero-knowledge proof integration for privacy-preserving credentials
  • Decentralized identity recovery mechanisms
  • Reputation marketplace (trade/lease high-reputation identities)
  • AI-to-AI identity verification protocols
Q4 2025🔮 Vision

Ecosystem Maturity

  • Decentralized governance for protocol upgrades
  • Identity-native DeFi protocols (lending, insurance based on reputation)
  • Programmable identity policies via smart contracts
  • Mobile SDK and hardware wallet integration
  • W3C DID compatibility layer
  • Global expansion and regulatory compliance framework

Long-Term Vision (2026+)

xDID aims to become the de facto identity standard for the autonomous AI economy, enabling:

  • Billions of AI agents with independent economic identities
  • Accountless internet where payment = authentication
  • Reputation-based credit for humans and machines
  • Interoperable identity across Web2, Web3, and AI platforms
  • Regulatory compliance without sacrificing privacy or decentralization

Ready to build with xDID?

Join our developer community and start integrating payment-native identity into your applications.

Get Started