KEYS STAY HOME. AGENTS GO OUT.

Give agents limits,
not seed phrases.

A permissioned payment layer for AI agents on Solana. Issue API keys scoped to a program-controlled vault - agents pay for services, x402-gated APIs, and swaps, without ever holding a private key.

View Quickstart

PDA-Controlled VaultsPer-TX LimitsDaily CapsMint AllowlistsInstant Revocationx402 Payments

LIVE · DEVNET

A real agent call, live on devnet

Every LobsterPay endpoint returns JSON. Agents use Bearer auth, the server enforces your policy, and the response tells them exactly what happened - on-chain signature, net amount, service fee.

agent@devnet - lobsterpay

HOW IT WORKS

Three steps from wallet to agent spend

A vault is the boundary. Your wallet signs policy, the agent signs nothing - it just asks the API, which enforces your limits both off-chain (before the tx) and on-chain (inside the program).

Create a vault

Connect your wallet, sign one transaction. You get a program-controlled vault PDA on Solana and a fee vault for tx gas - no seed phrases, no hot wallets to manage.

1 wallet signature · ~5 seconds

Set limits, issue a key

Choose which tokens can move, pick per-tx and daily caps, whitelist destinations. Issue an API key with its own override limits - pause or revoke it any time.

On-chain policy · enforced before any payment

Agent spends - you watch

Point an AI agent at the key. It calls /v1/agent/actions/pay for payments, /v1/agent/actions/x402 for paywalled APIs, /v1/agent/actions/swap for DEX quotes. Every action lands in your activity feed with a tx signature.

Your keys never leave your wallet

WORKS WITH

Any agent that speaks HTTP

Four skill formats ship in the box: Skill JSON, Agent Prompt, OpenAPI 3.0, and MCP server config. Drop one into your agent and it picks up check_vault, make_payment, get_swap_quote, execute_swap, and pay_x402.

Claude Code

Claude Desktop

Cursor

Windsurf

Codex CLI

Gemini CLI

OpenAI GPT

Any MCP client

Any HTTP client

USE CASES

What agents actually buy

LobsterPay is a spending boundary, not a wallet replacement. The owner keeps the treasury; the vault is what the agent is allowed to touch.

📚

Research agents

Pay per-call for paid APIs (arxiv paywalls, scientific databases, Bloomberg feeds). Issue a key with a $10/day cap and let the agent pull what it needs without a corporate card in the loop.

check_vault → pay_x402 → fetch content

🛠️

Coding & deploy agents

Give your build agent a key scoped to Railway, Vercel, AWS metered endpoints. Per-tx caps prevent a runaway loop from draining the budget.

make_payment · memo="prod deploy #1247"

📈

Trading & market-data agents

Subscribe to market data feeds (CoinGecko Pro, Birdeye, Helius) from an agent account. Revoke the key the moment the strategy changes.

pay_x402 on paywalled candles · swap USDC→SOL

SECURITY

Why your keys stay home

The vault is a Solana program account, not a wallet file. It has rules written onto it, and the program refuses every transaction that violates them - even if the relayer or our API is compromised.

On-chain limits

Per-tx cap, daily cap, mint allowlist, destination allowlist, and action bitmask live inside the Policy PDA. The Anchor program enforces every rule before a single lamport moves.

Agent can't sign

Agents never hold a keypair. They hold a scoped HTTP bearer token. Our relayer hot wallet signs txs, but only the authorized_agent set on your policy - and it cannot bypass any of your limits.

Revocable in one tap

Revoke an API key → every in-flight request is rejected. Emergency-pause the vault → all agent actions stop until you unpause. Policy updates land in a single signed tx.

Full audit trail

Every action - approved, rejected, on-chain, failed - is logged with its Solana tx signature and reason. The activity feed links straight to explorer.solana.com for independent verification.

DEVELOPER QUICKSTART

Four lines to a paying agent

Any HTTP client works. The SDK is optional - just hit the REST endpoints with a Bearer key. If your agent speaks MCP, drop our config in and it picks up 6 tools instantly.

CURL · REST

curl -H "Authorization: Bearer lp_live_xxx" \
  https://api.lobsterpay.xyz/v1/agent/vault
# → { vaultPda, balances, permissions: { maxPerTxAmountAtomic, ... } }

TYPESCRIPT SDK

import { LobsterPay } from "@lobsterpay/sdk";

const lp = new LobsterPay({ apiKey: process.env.LOBSTERPAY_API_KEY! });

await lp.pay({
  mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", // USDC
  amountAtomic: "1000000",                              // 1.00 USDC
  destinationOwner: "ByPCbo5cPAm8JuBvoEXLxGYr9fyQLnMF21KUoWRNkxa",
  memo: "agent invoice #42",
});

MCP · CLAUDE / CURSOR

{
  "mcpServers": {
    "lobsterpay": {
      "command": "npx",
      "args": ["-y", "@lobsterpay/mcp-server"],
      "env": { "LOBSTERPAY_API_KEY": "lp_live_xxx" }
    }
  }
}

PRICING

One fee, no subscription

LobsterPay is free to install. We take a small fee on each successful payment - your vault covers its own network gas out of a SOL reserve you deposit once.

SERVICE FEE

1.5%

Taken from each agent payment - split on-chain by the Anchor program: 98.5% → your destination, 1.5% → LobsterPay treasury.

NETWORK GAS

~0.00001 SOL / tx

Paid by our relayer, then reimbursed from your vault's fee_vault PDA (hard-capped at 10,000 lamports per action). Deposit once, the relayer handles the rest.

SUBSCRIPTION

No seat fee, no API-call minimums. Install the SDK, create a vault, fund it with USDC. If your agent doesn't spend, you don't pay.

FAQ

Questions you'd have if you weren't in a hurry

Is LobsterPay on mainnet yet?+

What's x402?+

How do I revoke a key mid-task?+

What stops a compromised relayer from draining vaults?+

Do I pay gas on every agent payment?+

What happens if I lose my wallet?+

Why Solana instead of Ethereum / L2s?+

Can I run my own relayer?+

Give agents limits,not seed phrases.