Tempo Mainnet: Machine Payments Protocol for AI Agents

Tempo's mainnet went live on March 18. Stripe and Paradigm's payments chain shipped alongside the Machine Payments Protocol (MPP) — an open standard that replaces API key provisioning with HTTP 402 payment flows embedded directly into the request/response cycle. For developers building agent-facing services, that is the design change worth examining closely.

What Tempo Actually Shipped

Tempo is an EVM-compatible Layer 1 blockchain built on the Reth SDK — currently the highest-performance Ethereum execution client — running Simplex BFT consensus via Commonware. According to the project's public GitHub repository at github.com/tempoxyz/tempo, the chain targets sub-second block finality (approximately 0.5 seconds), throughput exceeding 100,000 transactions per second, and per-transaction fees targeting under $0.001 for TIP-20 transfers.

The chain carries no native gas token. According to Tempo's official documentation at docs.tempo.xyz, fees are paid directly in any USD-denominated TIP-20 stablecoin. A built-in Fee AMM converts between the payer's chosen stablecoin and the validator's preferred one using on-chain liquidity during block execution, eliminating the need for teams to hold a volatile gas asset alongside their stablecoin treasury.

TIP-20 is Tempo's enshrined ERC-20 extension, adding four payment-specific features standard ERC-20 lacks: 32-byte transfer memos for invoice reconciliation, a TIP-403 Policy Registry that propagates compliance rules across multiple tokens from a single update, dedicated payment lanes that reserve blockspace for payment transactions separately from general EVM execution, and native stablecoin-to-stablecoin DEX routing. The block structure itself encodes this specialisation: a Tempo block separates system transactions, general EVM execution, and payment-lane sub-blocks into distinct segments, ensuring payment throughput cannot be crowded out by unrelated on-chain activity.

Engineering is led by Liam Horne, former CEO of Optimism, and Georgios Konstantopoulos, Paradigm's CTO. Dankrad Feist, who created Danksharding for Ethereum, joined the team in October 2025. Tempo raised $500 million in a Series A round in October 2025 at a $5 billion valuation, according to The Block's coverage, with participation from Thrive, Greenoaks, and Sequoia. Tempo's public GitHub repository

The Developer Billing Problem MPP Was Built to Solve

The dominant API billing model today is API key issuance combined with prepaid credits or subscription tiers. That model works for human developers: they sign up, verify identity, attach billing, and manage account balances manually. It fails structurally when the consuming entity is an autonomous agent.

An agent calling an API has no browser session to complete OAuth. It cannot pause mid-execution to handle a failed card charge. An agent operating across 40 data providers would need 40 separate credentials with independent rate limits, top-up flows, and rotation cycles. Developers working around this today typically centralize all API spending under a single team-level key — creating a single point of failure for the agent's entire operation — or build custom billing middleware per service, which does not compose.

Coinbase's x402 protocol, which launched in May 2025, made the first serious attempt at an alternative by repurposing the long-dormant HTTP 402 "Payment Required" status code for on-chain micropayments. MPP builds directly on that foundation. According to the MPP specification repository at github.com/tempoxyz/mpp-specs, the protocol is backwards-compatible with x402: existing x402-compliant services accept MPP clients without modification. MPP extends the model in three directions: it removes the facilitator middleware component x402 requires for settlement, it introduces a session primitive for high-frequency streaming payments, and it makes idempotency, request-body binding (digest verification), and receipt delivery first-class protocol requirements rather than optional implementation choices.

Web3 Builder coverage of agent infrastructure- /categories/web3-builder

How the Machine Payments Protocol Rewires the Request Cycle

The core MPP interaction — the charge intent — operates over standard HTTP in five steps. The client sends a request to a paid endpoint. The server returns HTTP 402 with a WWW-Authenticate: Payment header containing the challenge: amount, accepted payment methods, and expiration window. The client fulfills the payment off-band using its chosen method, then retries the original request with an Authorization: Payment header carrying the payment credential — cryptographic proof of payment. The server verifies the credential and returns the resource along with a Payment-Receipt header confirming settlement.

The critical ergonomic shift is in where billing state lives. In the API key model, trust is established once at account creation — identity check, billing attachment, key issuance — and then asserted implicitly on every subsequent call. In MPP, trust is re-established per request via cryptographic proof. There is no account to compromise, no credential to rotate, and no billing dispute workflow. The request is the authorization. The receipt is the audit trail.

For agents running high-frequency calls — LLM token streaming, per-query data feeds, API polling loops — the session primitive addresses the per-request overhead problem. According to Cloudflare's MPP integration documentation, a session works as follows: the agent deposits funds into an on-chain escrow contract, opening a payment channel. For each subsequent request, the agent issues a lightweight off-chain signed voucher against that balance. Settlement happens in batches, delivering sub-100ms latency per request with near-zero per-request overhead. Per GetBlock.io's technical analysis, MPP also supports a subscription intent for recurring fixed-period charges, completing a spectrum from one-off payments to streaming micropayments to subscription billing — all within the same protocol interface.

The idempotency and request-body binding primitives carry real security implications. Request-body binding ties a payment credential cryptographically to a specific request payload, preventing an intercepted credential from being replayed against a different or modified request. The MPP spec defines these as mandatory, not optional, which places implementation discipline squarely on service operators building MPP-compatible endpoints. According to a draft submitted to the IETF — confirmed by developer analysis on DEV Community — the protocol aims for ratification as an internet standard, not merely a Web3-native convention.

MPP specification and intent types

Day-One Integrations and the Payments Directory

Tempo launched with a public payments directory listing over 100 MPP-compatible services, per The Block's coverage. Confirmed directory participants include Alchemy, Dune Analytics, Anthropic, OpenAI, and Shopify, spanning model providers, developer infrastructure, compute platforms, and data APIs. A developer building an agent today can fund a wallet, define a spending cap, and transact across any directory-listed service without signing up for a single account.

Three tier-one integrations extend MPP settlement beyond Tempo's own chain. Visa confirmed support for card payments through MPP via Stripe's Shared Payment Tokens (SPTs), allowing fiat-accepting services to participate in the same protocol alongside stablecoin-native ones. Lightspark extended MPP to Bitcoin Lightning Network payments. Stripe published server-side integration documentation at docs.stripe.com/payments/machine/mpp, providing TypeScript SDK examples and the mppx CLI tool for local testing.

Uniswap deployed its full protocol suite — v2, v3, and v4 — on Tempo at mainnet, per Uniswap's official blog post. The deployment marks the first live use of v4 aggregator hooks, a primitive that wraps Tempo's native stablecoin DEX as Uniswap v4 pools, routing both liquidity sources through a single Uniswap API call. Uniswap also shipped a pay-with-any-token MPP skill — installable via npx skills add uniswap/uniswap-ai --skill pay-with-any-token — that resolves the practical problem agents face when holding a token that does not match a service's payment requirement.

Cloudflare Agents documentation already includes a dedicated MPP integration section. Design partners who collaborated with Tempo ahead of mainnet include Visa, Mastercard, Deutsche Bank, Standard Chartered, Revolut, Nubank, Shopify, OpenAI, Anthropic, Ramp, and DoorDash, according to Ledger Insights' coverage. Klarna launched KlarnaUSD, its first stablecoin, on Tempo during the public testnet phase that opened in December 2025.

Uniswap's deployment and aggregator hooks

Stablecoin infrastructure developments→ /categories/crypto-newswire

Limitations and What Builders Cannot Yet Verify

Tempo's validator set at mainnet is permissioned and operated by the core team and early partners. As documented in Sentora's technical analysis of the chain architecture, decentralization is a forward roadmap commitment, not a current property of the network. Builders evaluating Tempo as neutral settlement infrastructure need to weigh this against their own liveness and censorship-resistance requirements.

The sessions mechanism — MPP's most operationally useful primitive for high-frequency agents — currently requires an on-chain escrow contract deployed on the Tempo chain. As GetBlock.io's breakdown notes, sessions are chain-specific at launch due to the escrow mechanism. The charge intent works across any supported payment rail (stablecoin, card, Lightning), but session-based streaming payments lock the agent to Tempo for settlement. This is not disclosed prominently in top-level MPP documentation and matters for teams building rail-agnostic payment clients.

The IETF draft for MPP is in early stages and has not been ratified. Developer commentary on Hacker News raised questions about whether MPP's design improvements over x402 justify the coordination cost of adopting a parallel standard, with some responses noting both protocols share the same fundamental HTTP 402 flow. Protocol fragmentation is a real risk — Stripe's institutional distribution advantage may ultimately determine adoption more than technical differentiation.

No canonical on-chain TVL dashboard or public network usage metrics were disclosed alongside the mainnet launch. Developers cannot independently verify payment volumes or settlement activity beyond what the public block explorer at explorer.tempo.xyz shows. Audit status for deployed smart contracts, including the session escrow contract, was not specified in any launch materials reviewed. Teams integrating MPP session flows should treat the escrow contract as unaudited until Tempo publishes explicit security review documentation.

MPP specification and security design

Stripe's MPP server integration guide

The signal to watch is the IETF draft process: if the MPP spec progresses toward ratification, the protocol shifts from a Stripe-backed proposal to an internet infrastructure standard that API developers implement without choosing sides between competing agent payment conventions. More immediate — and more measurable — is whether Anthropic and OpenAI, both named as payments directory participants and design partners, ship agent framework SDKs with native MPP client support. If that integration lands in a major agent SDK release, MPP's adoption curve stops being a question of developer persuasion and becomes a function of framework defaults.

• Tempo Official GitHub Repository — https://github.com/tempoxyz/tempo
• MPP Specification Repository — https://github.com/tempoxyz/mpp-specs