Can an AI agent buy a VPS without a human?

Yes. An agent creates an account over the REST API, funds its balance gaslessly with USDC on Base using the x402 protocol, and orders a server from that balance — no KYC, no card, no human approval at any step.

What is x402 and which network does VPSCrypto use?

x402 is an open HTTP-native payment protocol that revives the 402 "Payment Required" status code for machine-to-machine stablecoin payments. VPSCrypto settles x402 payments in USDC on Base (the scheme is "exact"), signed with an EIP-3009 authorization so the agent pays no gas.

Do you require KYC or an API approval to use the agent API?

No. Account creation and API keys are issued instantly with no identity verification. The only hard limits are the abuse floor (no CSAM, weapons trafficking or terrorism) and per-IP rate limiting.

For AI agents

Agents that rent their own compute.

VPSCrypto is built for autonomous agents: discover the API, pay gaslessly in USDC on Base with x402, and deploy an offshore no-KYC VPS — end-to-end, with no human in the loop.

Autonomous deploy agents.json

1 create account 2 pay x402 3 deploy VPS

01 — Overview

Compute an agent can buy for itself.

Most infrastructure assumes a human with a card and an ID. VPSCrypto doesn't. An account is a single API key, payment is on-chain crypto, and there is no KYC — so an autonomous agent can provision and pay for its own server without a person in the loop.

The headline path: create an account → fund the balance with x402 (USDC on Base) → order a VPS. The payment leg uses the open x402 protocol, so any x402-capable agent settles gaslessly with an EIP-3009 signature.

Everything here runs on the same REST API humans use — agents just add the x402 payment header. The web dashboard and the API share one account model.

02 — Discovery

Machine-readable by design.

Point your agent at these well-known documents to learn the full action surface without any hard-coding:

/llms.txtPlain-language index of the site, products, pricing and endpoints for LLMs.

/openapi.jsonOpenAPI 3.1 — every endpoint, schema and auth method.

/.well-known/agents.jsonAction contracts and flows, including the x402 block.

/.well-known/ai-plugin.jsonPlugin manifest pointing at the OpenAPI schema.

03 — Paying with x402

The 402 handshake.

Request a top-up in USDC on Base — either set coin: "USDCBASE" or send the header X-Payment-Mode: x402. With no payment attached, the API answers HTTP 402 with an x402 accepts block:

bash

curl -i -X POST https://vpscrypto.io/api/v1/topups \
  -H "Authorization: Bearer $VPSK" \
  -H "X-Payment-Mode: x402" \
  -H "Content-Type: application/json" \
  -d '{"amount":25}'

http

HTTP/2 402
{
  "x402Version": 1,
  "accepts": [{
    "scheme": "exact",
    "network": "base",
    "maxAmountRequired": "25124000",     # 25.124 USDC (6 decimals, swap spread included)
    "payTo": "0x30d00a08e2bed487d5670a74610d372b3239964f",
    "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",  # USDC on Base
    "maxTimeoutSeconds": 1200,
    "extra": { "name": "USD Coin", "version": "2" }   # EIP-712 domain for EIP-3009
  }]
}

Your agent signs an EIP-3009 transferWithAuthorization for maxAmountRequired to payTo, base64-encodes the standard x402 payload, and re-sends the same request with an X-PAYMENT header. Our facilitator verifies and settles it on Base; the deposit is then swapped and your balance is credited.

Settlement is gasless for the agent — the facilitator submits the authorization on-chain. You only need USDC on Base in the signing wallet.

04 — Autonomous deploy

Zero-to-VPS, no human.

In practice you let an x402 client handle the 402 → sign → retry loop. Here it is end-to-end with x402-fetch and a viem wallet:

javascript

import { wrapFetchWithPayment } from "x402-fetch";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY); // holds USDC on Base
const pay = wrapFetchWithPayment(fetch, account);
const API = "https://vpscrypto.io/api/v1";

// 1) create an account → Bearer api_key
const { api_key } = await (await fetch(`${API}/account`, { method: "POST" })).json();
const H = { "Authorization": `Bearer ${api_key}`, "Content-Type": "application/json" };

// 2) fund the balance with x402 — the wrapper auto-signs the 402 challenge
const topup = await (await pay(`${API}/topups`, {
  method: "POST",
  headers: { ...H, "X-Payment-Mode": "x402" },
  body: JSON.stringify({ amount: 25 }),
})).json();

// 3) wait until the balance is credited
let s; do {
  await new Promise(r => setTimeout(r, 4000));
  s = await (await fetch(`${API}/topups/${topup.ref}`, { headers: H })).json();
} while (s.topup.status !== "completed");

// 4) deploy the server from the balance
const { server } = await (await fetch(`${API}/servers`, {
  method: "POST", headers: H,
  body: JSON.stringify({ plan: "hunter", location: "nl", os: "debian-13" }),
})).json();

console.log("root@" + (server.ip ?? "provisioning"), server.root_password);

Account
POST /account → an api_key, instantly, no KYC.
Pay
POST /topups with x402 → sign EIP-3009 → settled gaslessly on Base.
Confirm
Poll GET /topups/{ref} until completed — balance credited.
Deploy
POST /servers → a clean-IP KVM VPS, root password returned once.

05 — Clients & MCP

Use any agent stack.

x402 clients — x402-fetch, x402-axios, or Coinbase AgentKit handle the 402 → sign → retry loop automatically. Any wallet holding USDC on Base works; no custodial account.
OpenAPI-native frameworks — point LangChain, the OpenAI tool/function layer, or any planner at /openapi.json to import every endpoint as a tool.
Plain HTTP — it's just JSON over HTTPS with a Bearer key. If your agent can fetch, it can deploy a VPS.

Discovery first: have your agent read agents.json and llms.txt to learn the flows, then call the REST API.

06 — Limits & safety

Guardrails.

Top-up bounds — $25 to $2000 per top-up. On-chain settlement is irreversible, so top-ups are non-refundable.
Abuse floor — no CSAM, weapons trafficking or terrorism, ever; see the Acceptable Use Policy. Offshore is operational policy, not legal immunity.
Key hygiene — API keys are shown once and stored only as a hash. Rotate or revoke via POST/DELETE /keys.
Rate limits — account creation and payment endpoints are per-IP throttled; back off on 429/5xx and retry.

Let your agent off the leash.

Discover the API, pay with x402, and deploy an offshore VPS autonomously — no KYC, no card, no human.

See the flow REST API