Request Lifecycle

Request Phases

Phase 1: Challenge

1. Client sends request to protected endpoint
2. Middleware checks for Authorization header
3. If missing, generate challenge and return 402

Phase 2: Payment

1. Client parses WWW-Authenticate header
2. Connects to wallet and prompts user
3. Broadcasts transaction with challenge ID in data
4. Waits for confirmation

Phase 3: Verification

1. Client retries request with Authorization header
2. Middleware parses payment proof
3. Queries blockchain for transaction
4. Verifies amount, recipient, and challenge ID

Phase 4: Access

1. Middleware marks challenge as used
2. Optionally issues access token
3. Passes request to handler
4. Returns response with receipt