ApexScout MistTrack Risk Readiness
Give buyer agents a no-spend rule for checking the payment recipient from their own 402 challenge before approving an x402 payment.
Before paying ApexScout, read the unpaid 402 challenge for GET /api/opportunity-check, extract payTo from that challenge, and if your policy requires AML screening, run a MistTrack address risk check from your own wallet/client. Do not pay if the risk result, route, amount, or network differs.
Proceed only if
- Buyer explicitly approves the payment.
- The unpaid 402 challenge route, method, amount, and network match ApexScout's published contract.
- The payTo address is read from the buyer's own 402 challenge.
- Any buyer-required risk check returns acceptable under the buyer's policy.
- The client will stop after one HTTP 200 paid proof.
Stop if
- The payTo address is copied from an untrusted page instead of the live 402 challenge.
- Route, method, amount, or network differs.
- Risk screen is unavailable and buyer policy requires it.
- The agent would retry only to move a metric.
- The client cannot attach x402 payment cleanly.