WAF blocks the payment payload

Quirk · GET /api/x402/edge-waf-blocks-payment · Edge / CDN Controls

The large base64 PAYMENT-SIGNATURE trips a managed WAF rule and is rejected with 403 before the payment logic runs.

Explanation

The large base64 PAYMENT-SIGNATURE payload trips a managed WAF rule heuristic and the request is rejected with 403 before the payment is ever processed. The merchant must tune its WAF and managed rules to allow the payment header so legitimate payments reach the origin.

What to watch

The paid call returns 403 (WAF) instead of verifying — the payment never reaches the origin logic.

Facilitator

Settled against the live Radius testnet facilitator (https://facilitator.testnet.radiustech.xyz). A valid payment runs a real /verify and /settle on-chain.

Metadata

Back to catalog