Tollbooth: Pay-Per-Crawl Access Control

Most websites today defend against bots with captchas or outright blocking. That frustrates AI agents, crawlers, and automation tools that want legitimate access. With Tollbooth, site owners don’t have to choose between “let everyone in” or “block them all.” Instead, they can charge a small fee for automated traffic.

How It Works

1. Bot requests a page If the site requires payment, it responds with HTTP 402 Payment Required, including the cost in headers.

2. Bot pays with X402 The agent automatically uses its wallet (managed via X402) to confirm payment intent.

3. Site grants access Once payment is verified, the site returns normal content—no captchas, no friction.

4. On Flow: Subscriptions Instead of paying per request, sites can configure recurring access windows (e.g., 30 seconds, 1 day, or a custom interval). This is implemented via Flow’s scheduled callbacks, which automatically handle subscription renewals.

Why It’s Better

• For sites & publishers Earn revenue from automated traffic instead of wasting resources on captchas or blocking. (Coming soon: split payments between stakeholders like website owners and journalists.)

• For bots & agents No more captcha-solving farms, OCR hacks, or blocked sessions. Just pay a micro-fee or subscribe for seamless browsing.

Features at a Glance

• Pay-per-crawl access with X402
• Subscription-based access powered by Flow
• Expiration support (access ends when time runs out unless renewed)
• Captcha fallback for humans
• Planned: Revenue splitting to automatically share fees across multiple parties

How It’s Made

We built a lightweight edge proxy that routes all traffic through a gate page. Humans can pass through by solving a captcha, while bots are offered the option to pay a small fee using Coinbase X402. Once either path succeeds, the backend issues a short-lived access token that grants entry to the requested resource.

Payments are processed via X402 intents and webhooks, with all verification handled in a minimal Node/TypeScript backend. On the subscription side, we used Flow’s scheduled callbacks to implement recurring access windows, so agents can pay once and continue browsing for the duration of their subscription.

The stack is intentionally simple:

• Cloudflare Workers → edge gate & traffic routing
• Node/TypeScript → token issuance & payment verification
• Coinbase AgentKit → wallet and payment abstraction
• Flow → subscription scheduling and expiration handling

We’ve kept the design hack-friendly and modular—no heavy bot-detection heuristics, just a clear binary choice: solve a captcha or pay.

👉 Coming soon: split-payment support, so revenue can be automatically shared between multiple parties (e.g. site owner and journalist).