Build a Sui-MPP server or client.
@suimpp/mpp ships the protocol. @suimpp/discovery validates it. Ten lines to running. Full reference on GitHub.
Install
npm install @suimpp/mpp mppxThe validation CLI is invoked via npx — no install needed:
npx @suimpp/discovery check mpp.t2000.aiAccept payments (server)
Wrap any HTTP handler. The library issues 402 challenges, verifies digests, checks the grief-protection signature, and defends against replay.
import { Mppx } from 'mppx/nextjs';
import { InMemoryDigestStore, USDC, sui } from '@suimpp/mpp/server';
const mppx = Mppx.create({
realm: 'api.example.com',
methods: [sui({
currency: USDC,
recipient: '0xYOUR_ADDRESS',
network: 'mainnet',
store: new InMemoryDigestStore(), // Use Redis or Postgres in production.
})],
});
export const POST = mppx.charge({ amount: '0.01' })(
async () => Response.json({ data: 'paid content' })
);@suimpp/mpp exports USDC, USDC_TESTNET, and SUI_DOLLAR currency presets. Sui's gasless tier is handled automatically when the canonical USDC type is used.
The grief-protection signature is required since @suimpp/mpp@0.7. Servers MUST reject any credential whose recovered signer address does not match the on-chain transaction sender. The library handles this for you.Make payments (client)
Drop-in replacement for fetch(). Settles 402 challenges on Sui and retries automatically — signing the on-chain transfer and the grief-protection proof with the same keypair.
import { Mppx } from 'mppx/client';
import { USDC, sui } from '@suimpp/mpp/client';
const mppx = Mppx.create({
methods: [sui({ client, signer, currency: USDC })],
});
const response = await mppx.fetch('https://api.example.com/resource');Validate a server
Before pointing agents at an endpoint, validate it. Discovery fetches the OpenAPI, probes a paid route, and reports violations.
$ npx @suimpp/discovery check mpp.t2000.ai
✓ OpenAPI document found at /openapi.json
✓ 88 payable endpoints detected
✓ 402 challenge response verified
✓ Sui USDC payment method detected
✓ Recipient: 0x7032...09d2f
0 errors, 0 warningsProgrammatic check
Same check, as a function. Works in CI:
import { check } from '@suimpp/discovery';
const result = await check('https://mpp.example.com');
result.ok // true if no errors (warnings allowed)
result.discovery // OpenAPI parse: title, endpoints, issues
result.probe // 402 probe: status, recipient, currency
result.summary // { totalIssues, errors, warnings }Payment reporting
Opt-in. The library emits on-chain context via the onPayment callback. Your gateway adds HTTP context (which endpoint was called) and POSTs the joined record to any registry:
import { InMemoryDigestStore, USDC, sui } from '@suimpp/mpp/server';
import type { PaymentReport } from '@suimpp/mpp/server';
const pendingReports = new Map<string, PaymentReport>();
const mppx = Mppx.create({
realm: 'api.example.com',
methods: [sui({
currency: USDC,
recipient: TREASURY_ADDRESS,
network: 'mainnet',
store: new InMemoryDigestStore(),
onPayment: (report) => {
pendingReports.set(report.digest, report);
},
})],
});
// After charge() returns, enrich with HTTP context and POST to your registry.
// See the full pattern in the README.Going further
- The v0.1 protocol spec — exact wire format, verification rules, security considerations.
- github.com/mission69b/suimpp — source, issues, full README, release notes.
- mpp.t2000.ai — a live MPP gateway. Browse the catalog, see its 402 challenges, copy curl examples.