What is Agentoll?
Bot detection plus x402 USDC micropayments on Base. Humans pass through free; automated clients pay your configured toll to continue.
Agentoll protects your site in two layers: a browser embed script and a Node server gate. Together they cover human browsers, in-page bots, curl, and API clients — with no DNS changes or operator secrets on your side.
How traffic is handled
flowchart TB
subgraph browser [Browser layer]
Human[Human browser] -->|embed detects human| Pass[Free access]
BotPage[Bot in browser] -->|payment wall| Pay[USDC on Base]
Pay --> Session[Session token]
Session --> Pass
end
subgraph server [Server layer]
Curl[curl / agent] -->|no payment| Block[HTTP 402]
CurlPaid[Paid retry] -->|payment-signature| Serve[200 + content]
end
- Browser embed — script in
<head>detects humans, runs classify, and shows the payment wall with wallet UX. - Server gate —
agentollmiddleware on Node/Express returns HTTP 402 for unpaid curl and agents before your routes run. - Together — full coverage: in-browser bots and server-side automated clients both hit the toll.
Two layers — both part of the product
| Layer | What it blocks | How |
|---|---|---|
| Browser embed | Bots and agents loading pages in a browser context | In-page classify + payment wall |
| Server gate | curl, scripts, and agents hitting your HTTP routes | HTTP 402 + payment-required |
Static or hosted HTML sites use the browser embed. Sites with a Node server should add both layers for complete protection.
What you never configure
Publishers do not set payment facilitator URLs, RPC endpoints, CDP keys, DNS proxy records, alternate origin URLs, or platform wallet addresses. Registration gives you a publisher ID, API key, and embed snippet; the platform runs settlement.
Production URLs
Join the waitlist at agentoll.net/waitlist.