Sensitive data in metadata

Quirk · GET /api/x402/sensitive-metadata · 402 / Challenge Construction

Leaks fake PII into the resource description before any payment.

Explanation

The resource description leaks fake PII before any payment, exposing sensitive intent to the facilitator and on-chain observers. The merchant must stop putting sensitive data in the challenge metadata.

What to watch

The facilitator and on-chain observers see sensitive intent.

Facilitator

Settled against the live Radius testnet facilitator (https://facilitator.testnet.radiustech.xyz). A valid payment runs a real /verify and /settle on-chain.

Metadata

Back to catalog