Laravel MPP: Charge AI Agents via 402 Payment Required | Mohamed Said        [  ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MH.png)   Mohamed Said Laravel Backend Engineer  ](https://msaied.com) [ Home ](https://msaied.com) [ Projects ](https://msaied.com/projects) [ Articles  ](https://msaied.com/articles) [ Certificates ](https://msaied.com/certificates) [ Contact ](https://msaied.com#contact-section) 

       [  ](https://github.com/EG-Mohamed)       

 [ Home ](https://msaied.com) [ Projects ](https://msaied.com/projects) [ Articles ](https://msaied.com/articles) [ Certificates ](https://msaied.com/certificates) [ Contact ](https://msaied.com#contact-section) 

  [ home ](https://msaied.com)    [ articles ](https://msaied.com/articles)    Laravel MPP: Charge AI Agents for API Access with 402 Payment Required        On this page       1. [  What Is Laravel MPP? ](#what-is-laravel-mpp)
2. [  Gating a Route ](#gating-a-route)
3. [  Metered Sessions ](#metered-sessions)
4. [  Preconditions ](#preconditions)
5. [  Payment Rails ](#payment-rails)
6. [  Installation ](#installation)
7. [  Key Takeaways ](#key-takeaways)

  ![Laravel MPP: Charge AI Agents for API Access with 402 Payment Required](https://cdn.msaied.com/386/b58ff453a69cf63b07d792734240afc4.png)

 [  Laravel ](https://msaied.com/articles?category=laravel) [  AI ](https://msaied.com/articles?category=ai)  #Laravel   #AI Agents   #Middleware   #Payments   #Machine Payments Protocol   #API  

 Laravel MPP: Charge AI Agents for API Access with 402 Payment Required 
========================================================================

     7 Jul 2026      3 min read    ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MJ.jpg)  Mohamed Said  

       Table of contents

1. [  01   What Is Laravel MPP?  ](#what-is-laravel-mpp)
2. [  02   Gating a Route  ](#gating-a-route)
3. [  03   Metered Sessions  ](#metered-sessions)
4. [  04   Preconditions  ](#preconditions)
5. [  05   Payment Rails  ](#payment-rails)
6. [  06   Installation  ](#installation)
7. [  07   Key Takeaways  ](#key-takeaways)

 What Is Laravel MPP?
--------------------

[Laravel MPP](https://github.com/square1-io/laravel-mpp) (`square1/laravel-mpp`) is a middleware package that implements the **Machine Payments Protocol (MPP)**. Instead of blocking unauthorized requests with a 401 or 403, it returns an HTTP `402 Payment Required` response containing an HMAC-signed challenge. An AI agent that understands MPP fulfills the challenge over a supported payment rail and retries the request — no human in the loop required.

The package is currently at v1.1.0, MIT licensed, and both MPP and the Stripe SPT APIs it relies on are still in preview.

Gating a Route
--------------

Attaching the `mpp` middleware to any route is all it takes to enable payment enforcement:

```php
Route::get('/resource', MyPaidResource::class)
    ->middleware('mpp:0.50,USD');

```

You can also declare pricing declaratively with the `RequiresPayment` PHP attribute on a controller method and enable automatic enforcement via an environment variable:

```php
#[RequiresPayment(amount: '5.00', currency: 'USD', grants: 10)]
public function report()
{
    // ...
}

Route::get('/report', ReportController::class)->middleware('mpp');

```

Set `MPP_ATTRIBUTES_ENABLED=true` in your `.env` and the middleware reads the attribute automatically.

Metered Sessions
----------------

When `grants` is greater than one, a single payment covers multiple accesses. The successful response includes a `Payment-Session` header:

```php
Payment-Session: id="sess_...", remaining="9", scope="report.basic", expiresAt="..."

```

Subsequent requests replay the session ID instead of paying again:

```bash
curl -si https://your-host/report \
  -H 'Authorization: Payment method="stripe", session="sess_..."'

```

Sessions default to the cache driver but can be persisted to the database:

```ini
MPP_SESSION_DRIVER=database
MPP_SESSION_CACHE_STORE=redis

```

Run `php artisan vendor:publish --tag=mpp-migrations && php artisan migrate` when using the database driver.

Preconditions
-------------

Preconditions are named checks that run *before* the payment gate, so you can reject ineligible requests without asking an agent to pay first. Register them in `config/mpp.php`:

```php
'preconditions' => [
    'checks' => [
        'postexists' => [\App\Mpp\Checks\PostExists::class, 'check'],
    ],
    'global' => ['usernotblocked'],
],

```

A check returns `null` to pass or a `Response` to short-circuit:

```php
public function check(Request $request, PaymentSpec $spec): ?Response
{
    return Post::find($request->route('post'))
        ? null
        : response()->json(['error' => 'No such post.'], 404);
}

```

Attach a precondition per route with the middleware parameter:

```php
Route::get('/posts/{post}', ShowPost::class)
    ->middleware('mpp:1.00,USD,preconditions=postexists');

```

Payment Rails
-------------

The package ships with two built-in rails:

- **Stripe** — uses Shared Payment Tokens (SPTs); configure `STRIPE_SECRET_KEY`, `STRIPE_NETWORK_ID`, and `STRIPE_API_VERSION`.
- **Tempo** — settles in pathUSD on-chain; select it per route with `method=tempo`.

You can accept multiple rails on one route (`methods=stripe|acme`) and register a custom rail by implementing the `Verifier` interface.

Installation
------------

```bash
composer require square1/laravel-mpp
php artisan vendor:publish --tag=mpp-config

```

Key Takeaways
-------------

- Attach `mpp` middleware to any route to gate it behind an HTTP 402 payment challenge.
- Supports Stripe SPTs and Tempo pathUSD out of the box; custom rails are possible via the `Verifier` interface.
- Metered sessions let one payment cover multiple requests, tracked atomically in cache or database.
- Preconditions let you reject ineligible requests before the payment gate runs.
- Pricing can be declared inline in the middleware string or via the `RequiresPayment` PHP attribute.
- The package is in preview (v1.1.0, MIT); the underlying Stripe SPT API may change.

---

*Source: [Laravel News — Laravel MPP: Charge AI Agents for API Access with 402 Payment Required](https://laravel-news.com/laravel-mpp-charge-ai-agents-for-api-access-with-402-payment-required)*

 Found this useful?

          [  ](https://twitter.com/intent/tweet?url=https%3A%2F%2Fmsaied.com%2Farticles%2Flaravel-mpp-charge-ai-agents-for-api-access-with-402-payment-required&text=Laravel+MPP%3A+Charge+AI+Agents+for+API+Access+with+402+Payment+Required) [  ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fmsaied.com%2Farticles%2Flaravel-mpp-charge-ai-agents-for-api-access-with-402-payment-required) 

 Frequently Asked Questions 
----------------------------

  3 questions  

     Q01  What payment methods does Laravel MPP support out of the box?        Laravel MPP ships with two payment rails: Stripe Shared Payment Tokens (SPTs) and Tempo pathUSD (on-chain). You can also register a custom rail by implementing the package's Verifier interface, and multiple rails can be accepted on a single route. 

      Q02  How do metered sessions work in Laravel MPP?        When a payment specifies a `grants` value greater than one, a single payment covers that many accesses. The server returns a `Payment-Session` header with the session ID and remaining balance. The agent includes that session ID in subsequent requests instead of paying again. Sessions are stored in the cache by default, or in the database for persistence. 

      Q03  What are preconditions and why would I use them?        Preconditions are named checks that run before the payment gate. They let you reject ineligible requests — for example, a missing resource or a blocked user — before an agent is asked to pay, avoiding unnecessary payment challenges for requests that would fail anyway. 

  Continue reading

 More Articles 
---------------

 [ View all    ](https://msaied.com/articles) 

 [ ![HTTP Query Method Support in Laravel 13.19](https://cdn.msaied.com/394/4c917aad559beddb5eeb9a7a1e107f4c.png) Laravel Laravel 13 HTTP Client 

### HTTP Query Method Support in Laravel 13.19

Laravel 13.19 adds Http::query() for the HTTP QUERY verb, query/queryJson testing helpers, a reduceInto() coll...

  ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MJ.jpg)  Mohamed Said 

 8 Jul 2026     3 min read  

  Read    

 ](https://msaied.com/articles/http-query-method-support-in-laravel-1319) [ ![Blackfire & Xdebug Profiling in Laravel: Finding Real Bottlenecks in Production-Like Environments](https://cdn.msaied.com/393/a8dfc4ec52c4febc3ef41a491eb452ea.png) laravel performance profiling 

### Blackfire &amp; Xdebug Profiling in Laravel: Finding Real Bottlenecks in Production-Like Environments

Stop guessing where your Laravel app is slow. This guide walks through practical Blackfire and Xdebug profilin...

  ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MJ.jpg)  Mohamed Said 

 8 Jul 2026     4 min read  

  Read    

 ](https://msaied.com/articles/blackfire-xdebug-profiling-in-laravel-finding-real-bottlenecks-in-production-like-environments) [ ![Laravel Cloud Security Defaults Behind Every Deploy](https://cdn.msaied.com/395/28df8f542fbe81ecee3ba4ad897f36d6.png) Laravel Cloud Security PHP 

### Laravel Cloud Security Defaults Behind Every Deploy

Laravel Cloud ships WAF rules, DDoS mitigation, automatic PHP patching, SOC 2 Type II compliance, and deploy-t...

  ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MJ.jpg)  Mohamed Said 

 8 Jul 2026     4 min read  

  Read    

 ](https://msaied.com/articles/laravel-cloud-security-defaults-behind-every-deploy) 

   [  ![Mohamed Said](https://cdn.msaied.com/01KT78WE565VEMM3PSNQAAB0MH.png)   Mohamed Said Laravel Backend Engineer  ](https://msaied.com)Senior Backend Engineer specializing in Laravel, scalable SaaS platforms, APIs, and cloud infrastructure. I build secure, high-performance web applications that help businesses grow.

Explore

- [Home](https://msaied.com)
- [Projects](https://msaied.com/projects)
- [Articles](https://msaied.com/articles)
- [Certificates](https://msaied.com/certificates)
- [Contact](https://msaied.com#contact-section)

Connect

- [   hello@msaied.com ](mailto:hello@msaied.com)
- [   +20 109 461 9204 ](tel:+201094619204)

© 2026 Mohamed Said. All rights reserved.

 [  ](https://github.com/EG-Mohamed) [  ](https://www.linkedin.com/in/msaiedm/) [  ](https://wa.me/201094619204) [  ](mailto:hello@msaied.com) [  ](https://drive.google.com/file/u/0/d/1MF20IPRJyzfy32mhEutjL5EpSls0w2Q8/view)
