Claim Your Listings on 402 Index

If your API endpoints are already indexed on 402 Index (e.g., from Bazaar, Satring, or self-registration), you can verify domain ownership to edit your listings directly — update names, descriptions, categories, and pricing without contacting us.

1. Find your domain

Your domain is the hostname of your API endpoints. For example, if your endpoint URL is https://api.example.com/v1/chat, your domain is api.example.com.

You can search the directory to find your listings, or use the API to query by URL.

2. Claim your domain

Initiate a claim by sending a POST request with your domain. You'll receive a unique verification token and instructions.

curl -X POST https://402index.io/api/v1/claim \
  -H 'Content-Type: application/json' \
  -d '{"domain": "api.example.com"}'

Response:

{
  "domain": "api.example.com",
  "verification_token": "a1b2c3d4e5f6...  (64 hex characters)",
  "verification_hash": "e3b0c44298fc1c14...  (SHA-256 of the token)",
  "verification_url": "https://api.example.com/.well-known/402index-verify.txt",
  "instructions": "Place a text file at the URL above containing only this hash: e3b0c442..."
}

Save the verification_token — this becomes your ongoing credential for editing listings. The claim expires after 72 hours if not verified.

3. Place the verification file

Create a file at /.well-known/402index-verify.txt on your domain containing only the verification_hash (the SHA-256 hash, not the raw token). This ensures the raw token is never exposed publicly.

Express / Node.js

app.get('/.well-known/402index-verify.txt', (req, res) => {
  res.type('text/plain').send('YOUR_VERIFICATION_HASH_HERE')
})

Nginx

location = /.well-known/402index-verify.txt {
    return 200 'YOUR_VERIFICATION_HASH_HERE';
    default_type text/plain;
}

Static hosting (Vercel, Netlify, S3)

Create the file public/.well-known/402index-verify.txt (or equivalent static directory) with the hash as its only content.

4. Verify

Once the file is in place, trigger verification:

curl -X POST https://402index.io/api/v1/claim/verify \
  -H 'Content-Type: application/json' \
  -d '{"domain": "api.example.com"}'

Response:

{
  "domain": "api.example.com",
  "status": "verified",
  "services_count": 12
}

We fetch your verification file, compare the hash against the SHA-256 of your stored token, and mark your domain as verified. The file must be served directly (no redirects) and must be under 1KB.

5. Edit your listings

With a verified domain, you can update any service whose URL hostname matches your domain. Include your domain and verification_token in every request:

curl -X PATCH https://402index.io/api/v1/services/SERVICE_ID \
  -H 'Content-Type: application/json' \
  -d '{
  "domain": "api.example.com",
  "verification_token": "a1b2c3d4e5f6...",
  "description": "Updated description for my API",
  "category": "ai/text",
  "price_usd": 0.01
}'

What you can edit

Field	Type	Constraints
`name`	string	Max 200 characters
`description`	string	Max 2000 characters
`category`	string	Max 100 characters
`price_usd`	number	Non-negative
`price_sats`	integer	Non-negative integer
`payment_asset`	string	Max 50 characters (e.g. BTC, USDC)
`payment_network`	string	Max 50 characters (e.g. Lightning, Base)

6. Delete your listings

Verified domain owners can soft-delete any service whose URL matches their domain. Deleted listings are hidden from the directory, health checks, pollers, and API queries. They are permanently purged after 30 days. Contact hello@402index.io to restore a deleted listing before purge.

Single delete

curl -X DELETE https://402index.io/api/v1/services/SERVICE_ID \
  -H 'Content-Type: application/json' \
  -d '{
  "domain": "api.example.com",
  "verification_token": "a1b2c3d4e5f6..."
}'

Bulk delete (up to 25 at once)

curl -X POST https://402index.io/api/v1/services/bulk-delete \
  -H 'Content-Type: application/json' \
  -d '{
  "ids": [101, 102, 103],
  "domain": "api.example.com",
  "verification_token": "a1b2c3d4e5f6..."
}'

Bulk delete returns which IDs were deleted, which were skipped (wrong domain, not found), and reasons for each skip.

7. Revoke access

If your token is compromised or you want to rotate credentials, revoke it:

curl -X POST https://402index.io/api/v1/claim/revoke \
  -H 'Content-Type: application/json' \
  -d '{
  "domain": "api.example.com",
  "verification_token": "a1b2c3d4e5f6..."
}'

This invalidates the token immediately. To regain access, start the claim flow again from step 2. You'll receive a new token and hash, and will need to update your verification file.

Multi-Protocol Endpoints

If your endpoint supports multiple payment protocols (e.g., both L402 and x402), 402 Index will automatically detect additional protocols during health checks. Detected protocol changes are reviewed by our team and, when confirmed, create sibling listings so your endpoint appears under each supported protocol in the directory.

No action is needed from you — just ensure your endpoint responds with the appropriate payment challenge headers for each protocol it supports.

8. Lost your token?

If you've lost your verification token and can't revoke it yourself, email hello@402index.io with your domain name and we'll initiate a reset. You'll need to re-verify by updating your .well-known/402index-verify.txt file with the new hash.

Questions? Email hello@402index.io or check the API docs for the full endpoint reference.