Monitoring payment-gated MCP servers

Some MCP and HTTP tool endpoints return HTTP 402 Payment Required until a buyer presents credentials or completes a machine-payment handshake. DriftGuard classifies that outcome separately from downtime so your fleet view stays honest.

Why 402 is not a failed check

A payment-gated server can be reachable while refusing unpaid catalog probes. Treating 402 as a hard error creates false alarms and hides the real setup work: attach buyer credentials or negotiate access with the seller.

DriftGuard records lastProbe.outcome = payment_required on Pro+ watches instead of marking the watch down.

Watch vs CI lockfile

ApproachPayment-gated MCPWhen to use
Hosted MCP watch Detects 402, surfaces pricing hints when present, keeps drift baseline once access works Third-party or internal metered servers you depend on
CI lockfile Compares pinned catalog in git — does not negotiate live payment MCP servers you build and version in your repo

Setup steps

  1. Create an MCP watch pointing at the server URL (same as any MCP watch).
  2. Run a check — if the endpoint returns 402, the console shows a Payment required badge on the watch hub.
  3. Configure seller-approved access (API token, pre-negotiated bearer, or your org's payment flow) in watch headers — DriftGuard never stores wallet private keys.
  4. Re-run the check; once the catalog probe succeeds, drift monitoring proceeds on the normal schedule.

Status API

GET /api/watches/:id/status includes:

{
  "lastCheckStatus": "payment_required",
  "lastProbe": {
    "outcome": "payment_required",
    "paymentRequired": true,
    "pricingHint": { "amountUsd": 0.01, "asset": "USDC" }
  }
}

Pricing hints are redacted on Free plans. Pro+ sees non-secret metadata parsed from JSON 402 bodies when available.

FAQ — what DriftGuard does not do

  • We do not operate an x402 facilitator or on-chain settlement.
  • We do not become a payment processor or marketplace.
  • We do not store buyer wallet private keys.

Pair this guide with MCP catalog drift monitoring for breaking-change classification once access is established.