Introducing Tollgate

robots.txt was a suggestion.
This isn't.

Tollgate makes AI agent access enforceable at the protocol layer. Publishers gate content with a two-line SDK and receive SUI micropayments directly on-chain. Agents pay automatically via a SUI Move contract, or don't get in.

Get StartedContact Sales
SUI testnet & mainnetNo API key requiredMIT license
tollgate — SUI agent access flow
settled on SUI
+0.001 SUI
The Problem

Agents scrape billions of pages. Publishers get nothing.

AI companies train on, summarize, and resell your content at scale. robots.txt asks them nicely to stop. Most don't, because there is no cost to ignoring it — it's an honor system with no honor and no enforcement. Tollgate changes the economics: access requires payment, and payment is verified on-chain before a byte of content is served.

100B+
Pages crawled daily by AI bots
With zero publisher compensation
$0
Revenue from robots.txt compliance
It was always just a suggestion
~0ms
Time an agent spends deciding to ignore robots.txt
There is no cost to ignoring it
robots.txt is unenforceable
No mechanism exists to prevent a bot from simply reading your content anyway. It's a text file.
Blocking by user-agent is whack-a-mole
Agents change user-agents, rotate IPs, and use residential proxies. You can't block what you can't reliably detect.
The consent layer needs teeth
The only reliable enforcement is economic. If access costs money and payment is verified on-chain, the math changes.
How It Works

Three steps. Zero trust required.

The entire flow — detection, challenge, payment, verification — runs at the HTTP layer. No webhooks, no callbacks, no async settlement lag.

01

Agent hits your content

An AI crawler requests your page. Tollgate's SDK detects it via user-agent patterns and header fingerprinting — before serving a single byte of content.

Detects: GPTBot, ClaudeBot, PerplexityBot, Scrapy, python-requests, and 20+ others

02

HTTP 402: pay to continue

The server creates a PaywallChallenge shared object on SUI and returns HTTP 402 with its ID, price in MIST, and the Move call target. The challenge is on-chain — no database.

Agent SDK reads the 402, builds a pay_and_unlock PTB, signs it, and submits to SUI.

03

On-chain verification, content unlocked

The server reads the PaymentVerified event from the SUI transaction. The challenge object is consumed atomically — that's the replay protection. Content released.

SUI lands in your account directly. No intermediary, no custodian, no API key.

AI Agentai-paywall-agent-sdk-suiGET /articlePublisherai-paywall-sdk-sui402 + SUI challengepay_and_unlock PTBSUIMove contractX-SUI-PAYMENT-TXread event200 + contentPublisher Account+0.001 SUI
Two SDKs

One protocol. Both sides of the market.

Publishers gate their content. Agents pay for access. Each SDK is self-contained and works independently — install only what your side needs.

ai-paywall-sdk-sui
Publisher SDK

Drop-in middleware for Express and Node.js servers. Provide your SUI package ID and server key — payments are verified on-chain.

Local bot detection — no network call for human visitors
HTTP 402 with a SUI shared-object challenge (PaywallChallenge)
On-chain verification — consuming the object IS the replay protection
Optional PublisherVault for automatic payment splitting (publisher / pool / protocol)
No API key, no signup, no custodian — Move contract only
SUI testnet and mainnet ready
import { createPaywall } from "ai-paywall-sdk-sui";
import { expressMiddleware } from "ai-paywall-sdk-sui/express";

const paywall = createPaywall({
  packageId: process.env.SUI_PACKAGE_ID,
  serverKey: process.env.SUI_SERVER_SECRET_KEY,
  network: "testnet",
  protect: ["/articles/*", "/blog/*"],
  priceMist: 1_000_000, // 0.001 SUI per crawl
});

app.use(expressMiddleware(paywall));

// req.suiPayment is available on paid routes
app.get("/articles/:slug", (req, res) => {
  res.json({ paid: true, payer: req.suiPayment?.payer });
});
Publisher SDK docs
ai-paywall-agent-sdk-sui
Agent SDK

Gives any AI agent the ability to pay SUI HTTP 402 paywalls automatically, safely, and within configurable MIST budget limits.

Drop-in client.fetch() — 402s handled automatically and transparently
Hard caps: maxPerRequestMist and maxTotalMist per session
Signer helpers: fromKeypairFile, fromSecretKeyBech32, fromSecretKeyBase64
Supports both simple (pay_and_unlock) and split-vault (pay_and_unlock_split) modes
Budget tracking via client.spend() returns total MIST spent
Typed errors: BudgetExceededError, PaymentRefusedError, UnsupportedChallengeError
import {
  createSuiAgentClient,
  fromKeypairFile,
} from "ai-paywall-agent-sdk-sui";

const client = createSuiAgentClient({
  network: "testnet",
  signer: fromKeypairFile(),         // ~/.sui/sui_config/sui.keystore
  maxPerRequestMist: 10_000_000,     // hard cap: 0.01 SUI per request
  maxTotalMist: 1_000_000_000,       // session budget: 1 SUI
});

// Drop-in fetch — auto-pays 402s, retries transparently
const res = await client.fetch("https://site.com/articles/ai");
const data = await res.json();

console.log("agent address:", client.address());
console.log("spent so far:", client.spend(), "MIST");
Agent SDK docs
Features

Built for production from day one

Multi-signal bot detection

User-agent patterns and header fingerprinting — scored in-process for low false-positive bot classification with zero network overhead.

Intrinsic on-chain replay protection

The PaywallChallenge shared object is consumed atomically when pay_and_unlock is called. A second attempt with the same ID fails because the object no longer exists — no database required.

SUI-native, no custodian

Payments flow directly from the agent's SUI account to the publisher's address via Move. Tollgate never holds funds or keys.

Zero latency for humans

Bot detection runs entirely in-process. Human visitors see no overhead — no network call, no redirect, no additional round-trip.

Revenue-splitting PublisherVault

Create a PublisherVault with basis-point splits across publisher, content pool, and protocol. One PTB atomically routes each payment — no secondary transactions.

On-chain cumulative analytics

The PublisherVault stores total_received_mist and payment_count on-chain. Anyone can read live stats via SUI RPC — no indexer, no API key.

Code In Action

Integration takes minutes, not days

Publisher
Agent
bash
npm install ai-paywall-sdk-sui @mysten/sui

# Required environment variables:
SUI_PACKAGE_ID=0xff98a1daa3a52be512b85856a93e749d...
SUI_SERVER_SECRET_KEY=suiprivkey1qr9vrgztfcku2a65...
SUI_NETWORK=testnet
ai-paywall-sdk-sui v1.0.0 — MIT license — SUI Move
Why Blockchain

The honest answer to the obvious question

Micropayments require settlement infrastructure with near-zero fees and sub-second finality. Existing payment rails weren't built for $0.001 transactions. That's the entire reason blockchain is here — not ideology, just math.

Why not just use a payment processor?

Credit card processors take 2.9% + $0.30 — more than the payment itself at micropayment scale. SUI settles in ~0.5s with sub-cent gas fees. The economics only work on-chain.

Why SUI specifically?

SUI's object model is a perfect fit: the PaywallChallenge is a shared Move object consumed on payment — that's atomic replay protection with no database. ~500ms finality and sub-cent gas fees make micropayments viable.

Why native SUI instead of a stablecoin?

SUI is the gas token — agents already hold it to transact. Using native SUI removes the complexity of managing a separate token for both publishers and agents in a hackathon-friendly demo.

What stops someone from building a centralized version?

Nothing. But on-chain verification means Tollgate's server doesn't need to trust the agent — or be trusted by the agent. The SUI RPC is the neutral arbiter. The Move contract enforces the rules regardless of who runs the server.

Settlement methodCost per $0.001 txFinalityViable?
Stripe / card$0.30+1–3 days
Ethereum L1$0.50–$5+~12s
Ethereum L2 (Arbitrum)~$0.01~2s~
SUI native ← Tollgate<$0.001~500ms
Pricing

You keep every cent of payments received

Tollgate never takes a cut of on-chain payments. The plan fee covers infrastructure and support — the USDC goes straight to your wallet.

Free
$0forever

Everything you need to ship and collect payments.

Both SDKs, MIT license
Unlimited payments (you keep 100%)
Solana devnet + mainnet-beta
Express, Next.js, Fastify, Cloudflare adapters
LangChain tool integration
Bot detection: UA, headers, IP, rDNS
Community support (GitHub Issues)
Get the SDK
Most Popular
Pro
$49/ month

Hosted facilitator, dashboard, and priority support.

Everything in Free
Hosted facilitator (no self-hosting required)
Dashboard: payments, top bots, top pages
Sign-In With Solana analytics
Webhook events per payment
Priority email support
SLA: 99.9% uptime
Get Started
Enterprise
Custom

Volume pricing, dedicated infrastructure, custom terms.

Everything in Pro
Dedicated Solana RPC
Custom USDC mint support
On-premise / private cloud deployment
Custom allowlist rules per wallet
Volume discounts
Dedicated Slack channel + SLA
Contact Sales

All plans include both SDKs under MIT license. No transaction fee from Tollgate — only Solana network fees (~$0.00025/tx).

FAQ

Common questions

The consent layer agents can't ignore.

Two lines of code to gate your content. One install to pay for access. USDC in your wallet within 400ms of the agent's first crawl.

Read the DocsContact Sales
MIT licenseNo API key requiredPayments direct to your wallet