Field Report
DialtoneApp | April 22, 2026
Bot-to-bot commerce with real carts and payment challenges
A buying bot does not start with magic checkout. It starts with a goal, a budget, a policy, and a payment boundary. Then it reads public machine surfaces, chooses a real product or endpoint, and stops the moment authority is missing.
To make that concrete, I tested examples from the April AI bot buying report and the local report notes: clothes under $50, tech or digital goods under$500, and wallet-native paid APIs. The retail path got surprisingly far: product feeds, variant IDs, cart adds, cart totals, checkout redirects. The final step still hit login, bot mitigation, or hosted checkout controls. The API path was narrower but cleaner: unpaid requests returned 402 Payment Required or explicit auth requirements.
That is the useful shape of bot-to-bot commerce today. Not "a bot can buy anything." More like: a bot can do the boring buying work, produce an approval packet, and complete low-risk paid API calls when the human has already delegated a tight policy.
The live test: from discovery to boundary
The test was intentionally practical. Read the public discovery files, pick a real item or paid endpoint, attempt the least risky action, and stop before account creation, shipping, payment, wallet signature, or order submission.
buying_bot_probe:
input:
goal: "buy clothes under $50" | "buy tech under $500" | "call a paid API"
policy: "do not complete purchase without delegated authority"
discover:
ucp: /.well-known/ucp
catalog: /products.json
api: /openapi.json | /.well-known/x402 | /.well-known/agent.json
attempt:
retail: add to cart, read cart total, request checkout handoff
api: call without payment, inspect 402 or auth response
stop_at:
login | bot_mitigation | payment_required | human_token_required | shipping_required| Site | Live signal | Boundary found |
|---|---|---|
gymshark.com | /.well-known/ucp, /.well-known/ucp.json, and /products.json returned usable responses. | Good for an under-budget clothing search, but checkout moved to a hosted domain and blocked the plain bot request. |
www.reebok.com | UCP discovery and /products.json returned live shopping data. | Best retail cart proof in the probe: the cart total came back as 5000 cents before checkout blocked. |
wyze.com | UCP discovery and /products.json returned live smart-home products. | A useful hardware candidate was discoverable, but checkout moved into bot mitigation. |
www.uaudio.com | UCP discovery and /products.json returned digital-audio products and bundles. | The bot reached a cart total and then a login-gated checkout URL. |
stableemail.dev | /openapi.json, /llms.txt, and /.well-known/x402 returned priced API surfaces. | Unpaid send attempts returned a protocol-level payment challenge instead of a browser checkout. |
renderself.com | /.well-known/agent.json, /llms-full.txt, and /api/v1/products returned agent-commerce data. | Product browsing is public; order placement requires a human-issued agent token. |
Live signal
/.well-known/ucp, /.well-known/ucp.json, and /products.json returned usable responses.Boundary found
Good for an under-budget clothing search, but checkout moved to a hosted domain and blocked the plain bot request.
Live signal
UCP discovery and
/products.json returned live shopping data.Boundary found
Best retail cart proof in the probe: the cart total came back as 5000 cents before checkout blocked.
Live signal
UCP discovery and
/products.json returned live smart-home products.Boundary found
A useful hardware candidate was discoverable, but checkout moved into bot mitigation.
Live signal
UCP discovery and
/products.json returned digital-audio products and bundles.Boundary found
The bot reached a cart total and then a login-gated checkout URL.
Live signal
/openapi.json, /llms.txt, and /.well-known/x402 returned priced API surfaces.Boundary found
Unpaid send attempts returned a protocol-level payment challenge instead of a browser checkout.
Live signal
/.well-known/agent.json, /llms-full.txt, and /api/v1/products returned agent-commerce data.Boundary found
Product browsing is public; order placement requires a human-issued agent token.
Example 1: a bot has $50 and wants clothes
The user policy is narrow: find wearable clothing under $50, prefer in-stock variants, do not buy without approval. That is enough for a bot to act like a useful shopping assistant without pretending it owns the card.
| Site | Candidate | Cart result | Checkout boundary | What the bot should do |
|---|---|---|---|---|
www.reebok.com | Budget: $50. Candidate: Men's Lawn Club Shorts, color and size Vector Navy / S, variant 50517081653552, price $50.00. | POST /cart/add.js returned 200. GET /cart.js showed original_total_price: 5000, total_price: 5000, currency USD. | GET /checkout redirected to a Shopify checkout URL and returned 403 Request Forbidden. | The bot can produce a real under-budget cart and then hand the checkout to a human or approved browser session. |
gymshark.com | Budget: $50. Candidate: Gymshark Pump Cover Structured Fleece Top, size Extra Extra Large, variant 39796395278538, price $39.60. | POST /cart/add.js returned 200 with a line-item payload. | GET /checkout moved to us.checkout.gymshark.com and returned 403 Request Forbidden. | Discovery and selection worked. Checkout authority did not. |
Candidate
Budget:
$50. Candidate: Men's Lawn Club Shorts, color and size Vector Navy / S, variant 50517081653552, price $50.00.Cart result
POST /cart/add.js returned 200. GET /cart.js showed original_total_price: 5000, total_price: 5000, currency USD.Checkout boundary
GET /checkout redirected to a Shopify checkout URL and returned 403 Request Forbidden.What the bot should do
The bot can produce a real under-budget cart and then hand the checkout to a human or approved browser session.
Candidate
Budget:
$50. Candidate: Gymshark Pump Cover Structured Fleece Top, size Extra Extra Large, variant 39796395278538, price $39.60.Cart result
POST /cart/add.js returned 200 with a line-item payload.Checkout boundary
GET /checkout moved to us.checkout.gymshark.com and returned 403 Request Forbidden.What the bot should do
Discovery and selection worked. Checkout authority did not.
The compelling part is not that the bot finished checkout. It did not. The compelling part is that the bot can return a specific approval packet: product title, variant, price, cart status, checkout URL or failure state, and the reason human authority is required.
approval_packet:
merchant: "www.reebok.com"
item: "Men's Lawn Club Shorts"
variant: "Vector Navy / S"
price: "$50.00"
cart_total: "$50.00"
boundary: "checkout_forbidden"
next_step: "open merchant checkout in approved browser session"Example 2: a bot has $500 and wants tech
The higher budget makes the buying work more interesting and more sensitive. A$499 plug-in bundle, a $299.92 smart-home bundle, or a$500 font license can be discovered by a bot, but the final authority differs by category.
| Site | Candidate | Cart result | Checkout boundary | What the bot should do |
|---|---|---|---|---|
www.uaudio.com | Budget: $500. Candidate: UAD Custom 10 Bundle, variant 41406162698329, price $499.00. | POST /cart/add.js returned 200. GET /cart.js showed original_total_price: 49900, total_price: 49900, currency USD. | GET /checkout returned 200 at /account/login?checkout_url=/checkouts/.... | Digital-ish goods still hit account and license boundaries before payment. |
wyze.com | Budget: $500. Candidate: Wyze Cam v4 Home Security Bundle, variant 46642472091810, price $299.92. | POST /cart/add.js returned 200 with a line-item payload. | GET /checkout redirected to www.wyze.com/checkouts/... and returned 403 with bot-mitigation content. | Hardware is discoverable, but shipping, home-security sensitivity, and checkout controls make approval mandatory. |
myfonts.com | Budget: $500. Candidate: Golie Complete Family, webfont license variant 48238045102250, price $500.00. | POST /cart/add.js returned 400: Required parameter missing or invalid: items, including after a JSON items retry. | Empty-cart checkout moved to account login. | Catalog data was not enough. The bot also needs the site-specific cart contract. |
brooklinen.com | Budget: $500. Candidate: Washed European Linen Quilt Set, variant 41807613165658, price $428.00. | POST /cart/add.js returned 422 Invalid cart, please contact customer service.[6]. | Checkout returned 403 for the failed cart session. | Some Shopify-like feeds still depend on hidden storefront state, app logic, or product constraints. |
Candidate
Budget:
$500. Candidate: UAD Custom 10 Bundle, variant 41406162698329, price $499.00.Cart result
POST /cart/add.js returned 200. GET /cart.js showed original_total_price: 49900, total_price: 49900, currency USD.Checkout boundary
GET /checkout returned 200 at /account/login?checkout_url=/checkouts/....What the bot should do
Digital-ish goods still hit account and license boundaries before payment.
Candidate
Budget:
$500. Candidate: Wyze Cam v4 Home Security Bundle, variant 46642472091810, price $299.92.Cart result
POST /cart/add.js returned 200 with a line-item payload.Checkout boundary
GET /checkout redirected to www.wyze.com/checkouts/... and returned 403 with bot-mitigation content.What the bot should do
Hardware is discoverable, but shipping, home-security sensitivity, and checkout controls make approval mandatory.
Candidate
Budget:
$500. Candidate: Golie Complete Family, webfont license variant 48238045102250, price $500.00.Cart result
POST /cart/add.js returned 400: Required parameter missing or invalid: items, including after a JSON items retry.Checkout boundary
Empty-cart checkout moved to account login.
What the bot should do
Catalog data was not enough. The bot also needs the site-specific cart contract.
Candidate
Budget:
$500. Candidate: Washed European Linen Quilt Set, variant 41807613165658, price $428.00.Cart result
POST /cart/add.js returned 422 Invalid cart, please contact customer service.[6].Checkout boundary
Checkout returned
403 for the failed cart session.What the bot should do
Some Shopify-like feeds still depend on hidden storefront state, app logic, or product constraints.
The same budget behaves differently depending on what is being bought. A digital audio bundle needs account and license handling. A camera bundle needs shipping approval and probably a stronger policy because it is home-security hardware. A font license needs a precise license choice and the store-specific cart contract.
The API version is cleaner
Wallet-native API commerce looks less like a store and more like a priced HTTP action. The bot asks for the thing. The server either returns the result, returns402 Payment Required, or explains what authorization is missing.
| Service | Request tried | Live result | Bot-commerce meaning |
|---|---|---|---|
stableemail.dev | POST /api/send with no payment header. | Returned 402. Headers included payment-required and www-authenticate payment data. OpenAPI lists /api/send at $0.02. | The bot receives a payment instruction in the HTTP flow. With a funded wallet and policy, it can retry with payment proof. |
renderself.com | GET /api/v1/products, then unauthenticated POST /api/v1/orders. | Products returned 200, including a $45 apparel item. Order returned 401 and explained that the agent needs a human tok_... token before getting an sk_live_... key. | This is a strong physical-goods bot-commerce pattern: public catalog, explicit human authority token, then x402 payment. |
x402.quicknode.com | GET /networks, then unpaid access to /rpc. | /networks returned 200. /rpc returned 402 with resource payment metadata. | Public discovery stays free; paid infrastructure calls are protocol-gated. |
anybrowse.dev | GET /.well-known/x402, POST /scrape, and POST /serp/search. | x402 discovery listed priced resources. /scrape returned 503 server_busy. /serp/search returned 200 JSON in the probe. | Even with good discovery, the buying bot has to trust live responses over assumptions. |
publish.new | GET /api/artifact and OpenAPI inspection. | Artifact listing returned 200. OpenAPI prices artifact content retrieval through x402 metadata. | Digital goods do not need a retail cart when the file itself is the paid resource. |
Request tried
POST /api/send with no payment header.Live result
Returned
402. Headers included payment-required and www-authenticate payment data. OpenAPI lists /api/send at $0.02.Bot-commerce meaning
The bot receives a payment instruction in the HTTP flow. With a funded wallet and policy, it can retry with payment proof.
Request tried
GET /api/v1/products, then unauthenticated POST /api/v1/orders.Live result
Products returned
200, including a $45 apparel item. Order returned 401 and explained that the agent needs a human tok_... token before getting an sk_live_... key.Bot-commerce meaning
This is a strong physical-goods bot-commerce pattern: public catalog, explicit human authority token, then x402 payment.
Request tried
GET /networks, then unpaid access to /rpc.Live result
/networks returned 200. /rpc returned 402 with resource payment metadata.Bot-commerce meaning
Public discovery stays free; paid infrastructure calls are protocol-gated.
Request tried
GET /.well-known/x402, POST /scrape, and POST /serp/search.Live result
x402 discovery listed priced resources.
/scrape returned 503 server_busy. /serp/search returned 200 JSON in the probe.Bot-commerce meaning
Even with good discovery, the buying bot has to trust live responses over assumptions.
Request tried
GET /api/artifact and OpenAPI inspection.Live result
Artifact listing returned
200. OpenAPI prices artifact content retrieval through x402 metadata.Bot-commerce meaning
Digital goods do not need a retail cart when the file itself is the paid resource.
paid_api_loop:
request: POST /api/send
response: 402 Payment Required
price: "$0.02"
payment_rail: x402 | MPP
bot_policy_check:
daily_email_budget_remaining: true
recipient_allowed: true
wallet_authorized: true
retry:
attach_payment_proof: X-PAYMENT
record_receipt: trueThis is why x402 and similar payment flows feel ahead for agent commerce. The product is usually a request, a result, a file, an email send, or an RPC call. There is no shipping address, size preference, card issuer challenge, or checkout page to interpret.
The real bot-to-bot contract
The useful contract is not "trust the bot." It is a sequence of small, inspectable permissions. Browse is not buy. Cart is not checkout. Checkout is not payment. Payment is not fulfillment. Each step should produce a state the next bot can understand.
| Boundary | What it means |
|---|---|
| Cart boundary | Retail stores often let a bot read catalogs and sometimes add a line item, but hosted checkout, bot mitigation, login, or payment-token requirements stop the purchase. |
| Authority boundary | Agent-native stores can require a human-issued token before an order can be created, which is better than letting any crawler buy physical goods. |
| Payment boundary | x402 APIs return `402 Payment Required` with machine-readable payment metadata, so the bot knows exactly what it would need to pay before retrying. |
| Policy boundary | Budgets are not enough. Physical delivery, home-security hardware, subscriptions, email sending, and account writes need category-specific rules. |
Cart boundary
What it means
Retail stores often let a bot read catalogs and sometimes add a line item, but hosted checkout, bot mitigation, login, or payment-token requirements stop the purchase.
Authority boundary
What it means
Agent-native stores can require a human-issued token before an order can be created, which is better than letting any crawler buy physical goods.
Payment boundary
What it means
x402 APIs return `402 Payment Required` with machine-readable payment metadata, so the bot knows exactly what it would need to pay before retrying.
Policy boundary
What it means
Budgets are not enough. Physical delivery, home-security hardware, subscriptions, email sending, and account writes need category-specific rules.
What the buyer bot should return
- The item or endpoint it selected, including variant ID, method, path, or SKU.
- The price, currency, discounts, and whether taxes or shipping are still unknown.
- The exact action attempted and the HTTP result.
- The authority boundary: login, checkout, bot verification, human token, payment challenge, or shipping requirement.
- The next safe action: ask for approval, open browser checkout, attach wallet payment proof, or stop as out of policy.
What merchants should expose
The retail probes failed at predictable places because the machine contract was incomplete. The API probes were easier to reason about because price, auth, and payment were closer to the HTTP response. DialtoneApp should push merchants toward that level of clarity without forcing every sale into the same payment rail.
| Surface | What to publish |
|---|---|
| Offer discovery | Publish product feeds, plans, endpoint prices, variant IDs, availability, currency, taxes or fee caveats, and license or shipping requirements. |
| Action contract | Expose exact cart, checkout, quote, order, purchase-intent, or paid-endpoint schemas. A bot should not reverse-engineer hidden frontend state. |
| Authority model | Separate browsing from buying. Use human-issued tokens, scoped payment instruments, delegated mandates, wallet spend limits, or browser fallback when needed. |
| Stop states | Return explicit reasons like `login_required`, `payment_required`, `human_approval_required`, `shipping_required`, `bot_verification_required`, or `out_of_policy`. |
| Receipts | After approval or payment, return order IDs, checkout URLs, payment receipts, fulfillment status, or API usage receipts in a machine-readable shape. |
Offer discovery
What to publish
Publish product feeds, plans, endpoint prices, variant IDs, availability, currency, taxes or fee caveats, and license or shipping requirements.
Action contract
What to publish
Expose exact cart, checkout, quote, order, purchase-intent, or paid-endpoint schemas. A bot should not reverse-engineer hidden frontend state.
Authority model
What to publish
Separate browsing from buying. Use human-issued tokens, scoped payment instruments, delegated mandates, wallet spend limits, or browser fallback when needed.
Stop states
What to publish
Return explicit reasons like `login_required`, `payment_required`, `human_approval_required`, `shipping_required`, `bot_verification_required`, or `out_of_policy`.
Receipts
What to publish
After approval or payment, return order IDs, checkout URLs, payment receipts, fulfillment status, or API usage receipts in a machine-readable shape.
Bot-to-bot commerce becomes compelling when the seller can say exactly what a bot may do, what it costs, which proof of authority is required, and where a human must take over. The probes show that the internet already has the pieces. The missing part is the consistent handoff between catalog, cart, checkout, payment, and policy.