feat(cloudfront-lambda-edge): Add CDP facilitator authentication and …#1102
Conversation
…mainnet support - Add facilitator-auth.ts module with CDP authentication helpers for mainnet payments - Introduce FacilitatorType configuration to support both testnet and mainnet facilitators - Add getAuthHeaders() function in config.ts for dynamic authentication based on facilitator type - Update README with comprehensive mainnet setup instructions and CDP integration guide - Add Solana network configurations (Devnet and Mainnet) to supported networks list - Expand documentation with production secrets management best practices for Lambda@Edge - Reorganize config.ts to separate facilitator configuration from payment settings - Update tsconfig.json to support new authentication module compilation - Enhance middleware library structure with index.ts for better package organization - Add security warnings about Lambda@Edge environment variable limitations and AWS Secrets Manager recommendations
✅ Heimdall Review Status
|
|
@arditti is attempting to deploy a commit to the Coinbase Team on Vercel. A member of the Team first needs to authorize it. |
|
Thanks a lot for the update @arditti! This one is a bit tricky, we deliberately removed all mainnet examples (in particular anything CDP specific) from the repo for neutrality. For TS we have a CDP package that handles all the API key and auth header stuff, such that users just have to replace one line see https://docs.cdp.coinbase.com/x402/quickstart-for-sellers#running-on-mainnet Would this work here? |
…ve documentation - Remove dedicated facilitator-auth.ts module and integrate auth into config - Update README with clearer mainnet setup instructions using facilitator packages - Simplify config.ts to remove CDP-specific type and credentials - Refactor origin-request.ts and origin-response.ts to accept facilitatorConfig parameter - Update package.json dependencies and build configuration - Improve documentation structure with consolidated setup steps - Make facilitator authentication flexible by accepting custom createAuthHeaders function - Reduce complexity by removing hardcoded CDP authentication logic in favor of generic config approach
Thanks @phdargen, great point about neutrality. I've reworked the PR - removed all CDP-specific code (facilitator-auth.ts, @coinbase/cdp-sdk dep, the CDP credentials/auth logic in config.ts). The source files are now back to testnet-only, same as the rest of the repo. For mainnet, the I looked into the @coinbase/x402 package and createFacilitatorConfig does accept explicit key params, which works nicely for Lambda@Edge since it doesn't support env vars. But I kept that out of the source code per your feedback - it's just documented as the pattern in the README. |
3 participants
Description
Adds CDP facilitator authentication support to the CloudFront + Lambda@Edge example, enabling mainnet payments.
Key changes:
New facilitator-auth.ts with createCDPAuthHeaders() for CDP JWT authentication
Updated config.ts with facilitator type selection (x402.org, cdp, custom)
Added @coinbase/cdp-sdk dependency for JWT generation
Improved README with mainnet setup instructions and secrets management guidance
Included AWS Secrets Manager integration pattern for production deployments
This builds on PR #980 and allows users to accept real USDC payments on Base mainnet using the CDP facilitator.
Tests
This is an example/reference implementation. Verified by:
TypeScript compilation passes (tsc --noEmit)
ESBuild bundling works (npm run build in lambda/ directory)
From /examples/typescript directory: pnpm format && pnpm lint
Checklist
[x] I have formatted and linted my code
[x] All new and existing tests pass
[x] My commits are signed (required for merge)
[] I added a changelog fragment for user-facing changes (docs-only changes can skip)