aptos-labs · jillxuu · Dec 24, 2025 · jtang17 · Dec 28, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -59,6 +59,15 @@ spl-token-2022 = { version = "10.0.0" }
 solana-client = { version = "3.1.4" }
 bincode = { version = "1.3.3" } # Older version due to compatibility with solana-sdk
 
+# Aptos
+aptos-sdk = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+aptos-rest-client = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+aptos-types = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+aptos-crypto = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+move-core-types = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+bcs = { version = "0.1" }
+hex = { version = "0.4" }
+
 # Tracing and OpenTelemetry
 tracing = { version = "0.1.41" }
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
@@ -77,11 +86,15 @@ futures-util = "0.3.31"
 [features]
 telemetry = []
 
+[patch.crates-io]
+merlin = { git = "https://github.com/aptos-labs/merlin" }
+
 [workspace]
 members = [
   "crates/x402-axum",
   "examples/x402-axum-example",
   "crates/x402-reqwest",
   "examples/x402-reqwest-example",
+  "examples/aptos-e2e",
   "."
 ]
diff --git a/crates/x402-reqwest/Cargo.toml b/crates/x402-reqwest/Cargo.toml
@@ -45,6 +45,15 @@ solana-rpc-client = { version = "3.1.4" }
 spl-associated-token-account = { version = "8.0.0" }
 solana-keypair = { version = "3.1.0" }
 
+# Aptos
+aptos-rest-client = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+aptos-types = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+aptos-crypto = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+move-core-types = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+bcs = { version = "0.1" }
+base64 = { version = "0.22.1" }
+hex = { version = "0.4" }
+
 # Telemetry
 tracing = { version = "0.1.41" }
 

diff --git a/crates/x402-reqwest/src/chains/aptos.rs b/crates/x402-reqwest/src/chains/aptos.rs
@@ -0,0 +1,257 @@
+use async_trait::async_trait;
+use aptos_crypto::ed25519::{Ed25519PrivateKey, Ed25519PublicKey};
+use aptos_rest_client::Client as AptosClient;
+use aptos_types::{
+    account_address::AccountAddress,
+    chain_id::ChainId,
+    transaction::{
+        authenticator::{AccountAuthenticator, AuthenticationKey},
+        EntryFunction, RawTransaction, TransactionPayload,
+    },
+};
+use base64::Engine;
+use move_core_types::identifier::Identifier;
+use move_core_types::language_storage::ModuleId;
+use std::str::FromStr;
+use std::sync::Arc;
+use x402_rs::chain::aptos::Address as AptosAddress;
+use x402_rs::chain::ChainId as X402ChainId;
+use x402_rs::network::NetworkFamily;
+use x402_rs::proto::v2::PaymentPayload as V2PaymentPayload;
+use x402_rs::scheme::v1_eip155_exact::types::ExactScheme;
+use x402_rs::scheme::v2_aptos_exact::types::ExactAptosPayload;
+
+use crate::chains::{IntoSenderWallet, SenderWallet};
+use crate::X402PaymentsError;
+
+/// Internal structure for JSON payload encoding
+#[derive(serde::Serialize)]
+struct AptosPayloadJson {
+    transaction: Vec<u8>,
+    #[serde(rename = "senderAuthenticator")]
+    sender_authenticator: Vec<u8>,
+}
+
+#[derive(Clone)]
+pub struct AptosSenderWallet {
+    private_key: Arc<Ed25519PrivateKey>,
+    account_address: AccountAddress,
+    rest_client: Arc<AptosClient>,
+}
+
+impl AptosSenderWallet {
+    /// Create a new Aptos sender wallet from a private key
+    ///
+    /// # Arguments
+    /// * `private_key_hex` - Ed25519 private key as hex string (with or without 0x prefix)
+    /// * `rest_client` - Aptos REST client
+    pub fn new(
+        private_key_hex: &str,
+        rest_client: AptosClient,
+    ) -> Result<Self, X402PaymentsError> {
+        // Normalize the private key (remove 0x prefix if present)
+        let normalized_key = private_key_hex.trim_start_matches("0x");
+
+        // Parse the private key
+        let private_key_bytes = hex::decode(normalized_key).map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to decode private key hex: {}", e))
+        })?;
+
+        let private_key = Ed25519PrivateKey::try_from(private_key_bytes.as_slice()).map_err(
+            |e| X402PaymentsError::SigningError(format!("Failed to parse Ed25519 key: {}", e)),
+        )?;
+
+        // Derive public key and account address using AuthenticationKey
+        let public_key = Ed25519PublicKey::from(&private_key);
+        let authentication_key = AuthenticationKey::ed25519(&public_key);
+        let account_address = authentication_key.account_address();
+
+        Ok(Self {
+            private_key: Arc::new(private_key),
+            account_address,
+            rest_client: Arc::new(rest_client),
+        })
+    }
+
+    /// Get the account address
+    pub fn address(&self) -> AccountAddress {
+        self.account_address
+    }
+}
+
+impl IntoSenderWallet for AptosSenderWallet {
+    fn into_sender_wallet(self) -> Arc<dyn SenderWallet> {
+        Arc::new(self)
+    }
+}
+
+#[async_trait]
+impl SenderWallet for AptosSenderWallet {
+    fn can_handle(&self, requirements: &x402_rs::proto::PaymentRequirements) -> bool {
+        // Check if this is an Aptos network by parsing the chain ID
+        let chain_id_str = requirements.network.clone();
+        if let Ok(chain_id) = X402ChainId::from_str(&chain_id_str) {
+            chain_id.namespace() == "aptos"
+        } else {
+            false
+        }
+    }
+
+    async fn payment_payload(
+        &self,
+        selected: x402_rs::proto::PaymentRequirements,
+    ) -> Result<x402_rs::proto::PaymentPayload, X402PaymentsError> {
+        // Fetch current sequence number from chain
+        let account_info = self
+            .rest_client
+            .get_account(self.account_address)
+            .await
+            .map_err(|e| {
+                X402PaymentsError::SigningError(format!("Failed to fetch account info: {}", e))
+            })?
+            .into_inner();
+
+        let sequence_number = account_info.sequence_number;
+
+        // Parse recipient address
+        let recipient: AptosAddress = selected.pay_to.clone().parse().map_err(|e: String| {
+            X402PaymentsError::SigningError(format!("Failed to parse recipient address: {}", e))
+        })?;
+        let recipient: AccountAddress = (*recipient.inner()).clone();
+
+        // Parse amount
+        let amount: u64 = selected
+            .amount
+            .parse()
+            .map_err(|e| {
+                X402PaymentsError::SigningError(format!("Failed to parse amount: {}", e))
+            })?;
+
+        // Parse FA (Fungible Asset) address
+        let fa_address: AptosAddress = selected.asset.clone().parse().map_err(|e: String| {
+            X402PaymentsError::SigningError(format!("Failed to parse FA address: {}", e))
+        })?;
+        let fa_address: AccountAddress = (*fa_address.inner()).clone();
+
+        // Build transaction payload - using primary_fungible_store::transfer
+        let module_id = ModuleId::new(
+            AccountAddress::ONE,
+            Identifier::new("primary_fungible_store").map_err(|e| {
+                X402PaymentsError::SigningError(format!("Failed to create module id: {}", e))
+            })?,
+        );
+
+        let function_name = Identifier::new("transfer").map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to create function name: {}", e))
+        })?;
+
+        let payload = TransactionPayload::EntryFunction(EntryFunction::new(
+            module_id,
+            function_name,
+            vec![],
+            vec![
+                bcs::to_bytes(&fa_address).map_err(|e| {
+                    X402PaymentsError::SigningError(format!("Failed to serialize FA address: {}", e))
+                })?,
+                bcs::to_bytes(&recipient).map_err(|e| {
+                    X402PaymentsError::SigningError(format!("Failed to serialize recipient: {}", e))
+                })?,
+                bcs::to_bytes(&amount).map_err(|e| {
+                    X402PaymentsError::SigningError(format!("Failed to serialize amount: {}", e))
+                })?,
+            ],
+        ));
+
+        // Determine chain ID based on network
+        let chain_id_str = selected.network.clone();
+        let x402_chain_id = X402ChainId::from_str(&chain_id_str)
+            .map_err(|e| X402PaymentsError::SigningError(format!("Invalid chain ID: {}", e)))?;
+
+        let chain_id = match x402_chain_id.reference() {
+            "1" => ChainId::mainnet(),
+            "2" => ChainId::testnet(),
+            _ => {
+                return Err(X402PaymentsError::SigningError(format!(
+                    "Unsupported Aptos chain ID: {}",
+                    x402_chain_id.reference()
+                )))
+            }
+        };
+
+        // Calculate expiration timestamp
+        let expiration_timestamp_secs = std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .unwrap()
+            .as_secs()
+            + 60; // 60 second expiration
+
+        // Build raw transaction
+        let raw_txn = RawTransaction::new(
+            self.account_address,
+            sequence_number,
+            payload,
+            100_000,                     // max_gas_amount
+            100,                         // gas_unit_price
+            expiration_timestamp_secs,
+            chain_id,
+        );
+
+        // Sign the transaction
+        use aptos_crypto::SigningKey;
+
+        let signature = self
+            .private_key
+            .sign(&raw_txn)
+            .map_err(|e| X402PaymentsError::SigningError(format!("Failed to sign: {:?}", e)))?;
+
+        // Create authenticator
+        let public_key = Ed25519PublicKey::from(&*self.private_key);
+        let authenticator = AccountAuthenticator::ed25519(public_key, signature);
+
+        // Serialize transaction and authenticator separately
+        let raw_txn_bytes = bcs::to_bytes(&raw_txn).map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to serialize raw transaction: {}", e))
+        })?;
+
+        let authenticator_bytes = bcs::to_bytes(&authenticator).map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to serialize authenticator: {}", e))
+        })?;
+
+        // Create JSON payload
+        let aptos_payload_json = AptosPayloadJson {
+            transaction: raw_txn_bytes,
+            sender_authenticator: authenticator_bytes,
+        };
+
+        // Serialize to JSON then base64 encode
+        let json_str = serde_json::to_string(&aptos_payload_json).map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to serialize to JSON: {}", e))
+        })?;
+
+        let base64_transaction = base64::engine::general_purpose::STANDARD.encode(json_str);
+
+        // Create the v2 payment payload using proto types
+        let scheme_str = selected.scheme.clone();
+        let network_str = selected.network.clone();
+
+        let payload = ExactAptosPayload {
+            transaction: base64_transaction,
+        };
+
+        // Serialize the Aptos payload
+        let payload_json = serde_json::to_value(&payload).map_err(|e| {
+            X402PaymentsError::SigningError(format!("Failed to serialize payload: {}", e))
+        })?;
+
+        // Create the proto payment payload
+        let payment_payload = x402_rs::proto::PaymentPayload {
+            x402_version: 2,
+            scheme: scheme_str,
+            network: network_str,
+            payload: payload_json,
+            accepted: Some(selected),
+        };
+
+        Ok(payment_payload)
+    }
+}
diff --git a/crates/x402-reqwest/src/chains/mod.rs b/crates/x402-reqwest/src/chains/mod.rs
@@ -3,6 +3,7 @@ use x402_rs::types::{PaymentPayload, PaymentRequirements};
 
 use crate::X402PaymentsError;
 
+pub mod aptos;
 pub mod evm;
 pub mod solana;
 

diff --git a/examples/aptos-e2e/.env.example b/examples/aptos-e2e/.env.example
@@ -0,0 +1,6 @@
+# Aptos Configuration
+APTOS_PRIVATE_KEY=
+APTOS_RPC_URL=https://api.testnet.aptoslabs.com/v1
+
+# Logging
+RUST_LOG=aptos_e2e=debug,tower_http=debug
diff --git a/examples/aptos-e2e/Cargo.toml b/examples/aptos-e2e/Cargo.toml
@@ -0,0 +1,37 @@
+[package]
+name = "aptos-e2e"
+version = "0.1.0"
+edition = "2024"
+publish = false
+
+[[bin]]
+name = "server"
+path = "src/server.rs"
+
+[[bin]]
+name = "client"
+path = "src/client.rs"
+
+[dependencies]
+x402-rs = { path = "../../", features = ["telemetry"] }
+x402-axum = { path = "../../crates/x402-axum" }
+x402-reqwest = { path = "../../crates/x402-reqwest" }
+
+# Aptos
+aptos-rest-client = { git = "https://github.com/aptos-labs/aptos-core", rev = "fb9e2f4edd387b123c8355474dab2e8e1f4e59dc" }
+
+# Web framework
+axum = { version = "0.8" }
+tokio = { version = "1.48", features = ["full"] }
+tower-http = { version = "0.6", features = ["trace"] }
+reqwest = { version = "0.12" }
+
+# Tracing
+tracing = { version = "0.1" }
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+
+# Utilities
+dotenvy = { version = "0.15" }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = { version = "1.0" }
+anyhow = { version = "1.0" }