| Primary purpose | Security preflight for paid API calls and agent payment workflows. | Protocol-level payment challenge, proof, settlement, and response flow. |
| Spend policy | Per-call caps, daily caps, recipient allowlists, network allowlists, and approval thresholds. | Buyer must implement policy checks around the protocol. |
| Input sensitivity | Warns or blocks paid calls that send customer data, secrets, health data, or financial data to risky endpoints. | Does not know whether request payload data is sensitive. |
| Vendor trust | Can incorporate registry status, endpoint metadata, receipt support, and verifier identity. | Verifies payment mechanics, not vendor suitability. |
| Evidence | Signed Hekate receipt plus payment proof, task hash, policy hash, and evidence hash. | x402 payment proof and response metadata. |
| Best fit | Companies deploying agents that pay APIs under budgets and audit requirements. | Builders implementing the payment wire flow directly. |