Monitoring payment-gated MCP servers
Some MCP and HTTP tool endpoints return HTTP 402 Payment Required until a buyer presents credentials or completes a machine-payment handshake. DriftGuard classifies that outcome separately from downtime so your fleet view stays honest.
Why 402 is not a failed check
A payment-gated server can be reachable while refusing unpaid catalog probes. Treating 402 as a hard error creates false alarms and hides the real setup work: attach buyer credentials or negotiate access with the seller.
DriftGuard records lastProbe.outcome = payment_required on Pro+ watches instead of marking the watch down.
Watch vs CI lockfile
| Approach | Payment-gated MCP | When to use |
|---|---|---|
| Hosted MCP watch | Detects 402, surfaces pricing hints when present, keeps drift baseline once access works | Third-party or internal metered servers you depend on |
| CI lockfile | Compares pinned catalog in git — does not negotiate live payment | MCP servers you build and version in your repo |
Setup steps
- Create an MCP watch pointing at the server URL (same as any MCP watch).
- Run a check — if the endpoint returns 402, the console shows a Payment required badge on the watch hub.
- Configure seller-approved access (API token, pre-negotiated bearer, or your org's payment flow) in watch headers — DriftGuard never stores wallet private keys.
- Re-run the check; once the catalog probe succeeds, drift monitoring proceeds on the normal schedule.
Status API
GET /api/watches/:id/status includes:
{
"lastCheckStatus": "payment_required",
"lastProbe": {
"outcome": "payment_required",
"paymentRequired": true,
"pricingHint": { "amountUsd": 0.01, "asset": "USDC" }
}
}
Pricing hints are redacted on Free plans. Pro+ sees non-secret metadata parsed from JSON 402 bodies when available.
FAQ — what DriftGuard does not do
- We do not operate an x402 facilitator or on-chain settlement.
- We do not become a payment processor or marketplace.
- We do not store buyer wallet private keys.
Pair this guide with MCP catalog drift monitoring for breaking-change classification once access is established.