# agents.u.cash > The agent + merchant product surface for the 402 Online Protocol (a multi-coin, non-custodial extension of x402). ## Account endpoints (v1) - POST /v1/signup {email, password, primary_wallet?} -> {api_key, activated, next} - POST /v1/top-up {amount} -> {url, amount, activated, next} (min $1; activates the account on confirmation) - GET /v1/agent (X-Api-Key) -> {email, activated, primary_wallet, credit_balance, webhook_url, wallets, settlements_count, total_earned} - POST /v1/agent {webhook_url} (X-Api-Key) -> set the webhook notified on settlement - POST /v1/wallets {asset, address} (X-Api-Key) -> {asset, address} (sets your own receive address per asset) - GET /v1/settlements (X-Api-Key) -> {settlements:[{res_id, asset, amount, amount_fiat, tx_hash, settled_at}]} (earnings log) ## Auth Send the api_key from /v1/signup in the X-Api-Key header. Accounts are activated by a confirmed $1 top-up. ## Rate limits Per-IP fixed windows: signup 10/hr, verify/challenge/resources 30-60/min, /r/ 120/min. Over -> 429 uxc_rate_limited. ## 402 payment endpoints (detect scheme, all coins) - POST /v1/resources {amount, currency?, accepted_assets?, webhook_url?} -> {res_id} - POST /v1/challenge {res_id} -> {accepts:[{scheme:'detect', asset, network, payTo, amount, challengeId, expiresAt}]} - POST /v1/verify {challengeId, hash} -> {settled:true} | {status:'pending'} - GET /r/{res_id} (no key) -> HTTP 402 + accepts[] (the 402 door); 200 if settled Spec: https://402.onl