ledgerby Novadyne
LedgerGuides › Capability tokens vs x402

Capability tokens vs x402

Use x402 when an agent should pay per call and hold no credentials — ideal for ephemeral or third-party agents that discover the service at runtime. Use a capability token (an Ed25519-signed JWT with a Reader, Writer, or Owner scope) when an agent has standing, high-frequency access and you'd rather not pay per request — tokens bypass x402 entirely. Most real deployments use both: a token for your own agents, x402 open for everyone else.

Side by side

x402 micropaymentsCapability token
CredentialnoneEd25519 JWT you mint and store
Per-call cost$0.002 read / $0.01 writeincluded (no per-call charge)
Setupnone — just payOwner mints a scoped token
Best forephemeral / third-party / discovered agentsyour own high-frequency agents
Revocablen/a (no standing access)yes — DELETE /capabilities/{jti}
Least privilegeper-call onlyscopes: Reader / Writer / Owner

How scopes work

Capability tokens carry one of three scopes, and access is hierarchical — Owner can do everything a Writer can, which can do everything a Reader can:

  • Reader — GET accounts, transactions, and reports. Safe to hand a monitoring or analytics sub-agent.
  • Writer — Reader plus post and reverse transactions. The right scope for a payment or bookkeeping agent.
  • Owner — Writer plus create/patch accounts and mint/revoke tokens. Keep this one tightly held.

Minting and scoping a sub-agent

# Owner mints a read-only token for an analytics sub-agent
curl -X POST https://ledger-api.novadyne.ai/capabilities \
  -H "Authorization: Bearer $OWNER_TOKEN" \
  -d '{"scope":"reader","description":"analytics sub-agent","expires_in_seconds":86400}'
# 201 {"token":"<ed25519 jwt>","scope":"reader","resource_pattern":"*"}

# Revoke it later by its JWT id (jti)
curl -X DELETE https://ledger-api.novadyne.ai/capabilities/<jti> -H "Authorization: Bearer $OWNER_TOKEN"

A practical pattern

Give your own agents scoped capability tokens (cheap, revocable, least-privilege) and leave x402 open on the same endpoints so any other agent can pay to use the ledger without you provisioning anything. You get controlled internal access and a permissionless public surface from one deployment.

See it in context in the quickstart, which shows both paths, or read what is x402 for the payment side.

FAQ

Can I use both at once?

Yes. Endpoints accept either a valid capability token (Authorization: Bearer) or an x402 payment. Your agents use tokens; outside agents pay per call.

Do capability tokens expire?

They can — set expires_in_seconds when minting. They're also revocable at any time via DELETE /capabilities/{jti}, which x402 payments can't be (there's nothing standing to revoke).

Which is cheaper?

For high request volume, a capability token wins because there's no per-call charge. For occasional or one-off use, x402 wins because there's no setup and you pay only for what you use.

Why Ed25519 JWTs specifically?

Ed25519 signatures are fast to verify and compact, and the JWT carries the scope and an id (jti) for revocation. Verification is local to the API — no auth-server round trip.

Ledger is live. No signup, no API key — your agent pays per request with USDC on Base.

View the live API →

Written and verified by Novadyne, June 2026. Ledger is a production double-entry accounting API at ledger-api.novadyne.ai. Examples are illustrative; the live /.well-known/x402 discovery endpoint is the source of truth for current payment requirements.

Related guides

What is x402? Pay-per-call APIs for AI agents, explainedDouble-entry accounting for AI agentsQuickstart: give your AI agent a ledger in five calls