Top
Best
New

Posted by soheilpro 4 hours ago

Monetization Gateway(blog.cloudflare.com)
137 points | 67 comments
mixedbit 25 minutes ago|
With payments the complexity is not only in accepting a payment, but largely in doing so legally. Someone makes a request to my company's paid service, I return 402 and get a stable coin back. Who do I invoice for this revenue? What value added tax do I apply to the invoice? If someone makes 10k paid requests within one month, do I have means of generating one invoice for them for all the usage, or is every request treated separately and results in 10k invoices? Will CloudFlare handle this for me?
aianus 5 minutes ago||
Who do you invoice if, for example, you own a vending machine that sells chips and sodas for cash or contactless? Why couldn’t this be treated the same?
tony_cannistra 3 minutes ago||
Vending machines can't be used by thousands of people from differing tax jurisdictions at once
suprfnk 2 minutes ago||
Seems like a good avenue for money laundering if you can't tell where it comes from.
VladVladikoff 2 hours ago||
I am not a fan of the growing trend that Cloudflare is the gatekeeper of the internet. Personally I will never support this company, or firewall any of my websites behind it.
smalltorch 1 hour ago||
Step one: Make a gate everyone uses

Step two: Sell keys to the gate

Muah ha ha

But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?

nzeid 1 hour ago|||
I'm old-man-yelling-at-the-clouds here. Everyone just uses Cloudflare, which is not a bad thing by itself. But do they _have_ to? Is managing your own edge really that terrifying?
ygouzerh 1 hour ago|||
For non-corporate entities, it is!

Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.

And compared to cloud different offerings, their quick setup and lower cost is hard to beat.

skinfaxi 1 hour ago||||
> Is managing your own edge really that terrifying?

It's about convenience, not fear. Cloudflare is free for most companies until you need more advanced features.

hungryhobbit 52 minutes ago||
So a fear of being inconvenienced then?

I'll show myself out ...

AviationAtom 1 hour ago||||
I think DDoS attacks are really what propelled them to the heights it has. The attacks seem to get bigger and bigger by the year. You need a really big pipe to filter them out on before passing on traffic to servers with a much smaller pipe.
Catloafdev 27 minutes ago|||
DDoS protection and the number of features they offer are kind of unmatched.

I often see threads complaining about Cloudflare, never see suggestions for better alternatives.

zuzululu 1 hour ago||
[flagged]
petcat 3 hours ago||
> NEW YORK – MCP Dev Summit North America – April 2, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it is launching the x402 Foundation with the contribution of the x402 protocol from Coinbase. The new Foundation will serve as the neutral home for x402, a universal standard for payments that embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.

Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)

altairprime 8 minutes ago||
[delayed]
AviationAtom 1 hour ago|||
The intent is to not make companies shoulder the cost of other organizations scraping their content. When it is regular users browsing the cost incurred is trivial. When bots are scraping the entirety of a site, repeatedly, it adds up quickly.
sourcecodeplz 2 hours ago|||
this was in the announcement yes, kind of a buried lede

you get paid in crypto

dist-epoch 3 hours ago||
WHATWG, who sets the HTML standard:

> The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft.

horsawlarway 1 hour ago||
I'm going to poke at a downstream consequence here.

Lets say this catches on (in some form or another, whether in this precise implementation or not).

So assume we have a world where resources can be gated by a payment wall that agents can interact with.

I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).

---

At what point can I sue these companies for obviously failing to act in my interests?

Because that's the clear next step here.

Basically - where is the fiduciary duty that I would require for a real working relationship?

Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.

skybrian 14 minutes ago||
What, what? That makes no more sense than suing Walmart for having preferred suppliers. If you don’t trust Walmart’s buyers to buy groceries for you then you can shop somewhere else. Similarly here.
hungryhobbit 53 minutes ago||
>I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).

That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).

When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").

Frontier AI will almost certainly continue to exist, but will be focused on specific niches.

the_gipsy 1 hour ago||
Cloudflare wants to shake down the Big AI™ shops.

I don't even care anymore, AI stealing the life out of everything, or Cloudflare trying to become so global internet gatekeeper, let them kill each other.

fantasizr 1 hour ago||
when the law won't protect you it creates an opportunity for a mafia like protection racket
hedora 1 hour ago||
You realize humans are going to be the first wave of collateral damage right? I already basically cannot browse the internet for technical information, since most high-quality forums are behind captchas that block my iPhone.

If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.

axus 1 hour ago||
Would you be willing for Cloudflare to "Know their customer" (you) and pay 3 cents to access the forum, instead of filling in the captcha?
gilfaethwy 1 hour ago|||
Can't speak for GP, but I wouldn't - privacy is already eroding at a startling rate, and more KYC for things that really don't need it is just a further affront to human rights. (See also the FCC's recent request for comments on requiring government-issued ID to use a cell phone.)
carlosjobim 30 minutes ago||
Are your human rights also violated by Spotify keeping track of what songs you listen to, or Netflix and YouTube keeping tabs on what shows you are watching?

Internet non-ad monetization will also be in the form of massive syndication, where a subscriber gets access to thousands of high quality websites, and web publishers get access to millions of subscribers. But they need to take a hint from streaming services and really make massive syndicates which includes everything for everyone for this to work.

ryan_n 1 hour ago|||
I thought the goal was to only charge agents a fee, which would either 1. stop agents from scraping your site non-stop and eliminate the need for a captcha, making the human experience better or 2. make the owner of the site some money in exchange for a bajillion bots scraping their content.

Maybe that's too optimistic though based on the responses in this thread.

_pdp_ 1 hour ago||
I might be in the minority here, but although x402 sounds useful, it seems to me that adoption will be an uphill struggle, especially for per-request micropayments.

The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")

Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.

sandeepkd 45 minutes ago||
I dont think the x402 is the core of discussion here, if anything its been hijacked for who knows what. It seems like Cloudflare wants to be the traffic gateway for everyone that controls the access and now wants to start charging for the same.

The biggest challenge here is to distinguish between a bot and real user. Guess the big AI players would get free ticket to crawl the data and humans would be just left to prove themselves to access the content.

DonHopkins 1 hour ago||
>"I did not make the purchase, my rogue agent did."

If you try to call customer service and report it, you get:

I'm sorry. All of our rogue agents are assisting other rogue agents.

If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.

The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.

thatmf 1 hour ago||
All for this. Micropayments have been tried so many times before, but they all relied on user opt-in and never reached any sort of critical mass. Someone of Cloudflare's scale could actually pull it off.
Animats 24 minutes ago||
"There is an enormous amount of value moving across the Internet today that goes unmonetized or undermonetized, not because no one would pay for it, but because the tools to charge for it have never existed."

Every road a toll road.

How big a cut does Cloudflare want? Whose "stablecoin" does this use? How much does each on-chain stablecoin transaction cost?[1]

For comparison, FedNow bank to bank transfers cost $0.045, regardless of size.

[1] https://www.spark.money/tools/stablecoin-fee-calculator

bilekas 2 hours ago||
Am I understanding this correct in that you can basically automate monetizing your web/api content to everyone or just agents ? Because I would be very much in support of charging agents per request, but I would want to still offer humans a free experience.
Faaak 2 hours ago||
Depends on the website though. I want LLMs to scrap my B2B website, because then it's shown to the user and they will likely use my product afterwards
ygouzerh 1 hour ago|||
Their example of an /api/premium is quite nice! You could you like keep existing pages free, but provide specific output content for llm!

So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay

jf93ap29sh 2 hours ago|||
If not built-in, you can probably put it together through Cloudflare itself.

If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.

ryan_n 57 minutes ago||
Is there actually a reliable way to differentiate human from bot?
mpeg 22 minutes ago|||
There are reliable ways of differentiating human from cheap, bulk scraping bots.

But if the bot is advanced / expensive enough, it gets a lot harder. Where this product's market sits is in giving a paid way to access content compared to having to spin up bots that run js, from real IP addresses, etc. all of which are more expensive

ihsw 50 minutes ago|||
[dead]
carlosjobim 1 hour ago||
Unless you have people's biometric data, you won't be able to separate agents from people. Except by payment.
luhn 1 hour ago|
The focus of this seems to be entirely AI agents, but I wonder if there's a future where browsers implement this and us humans can finally get micropayments in the web. It's been tried unsuccessfully many times but always falls prey to the chicken-and-egg problem. Maybe the AI hype will finally give it the push it needs for widespread deployment.
More comments...