<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

<!ENTITY RFC2119 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC3339 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3339.xml">
<!ENTITY RFC4648 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4648.xml">
<!ENTITY RFC8174 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
<!ENTITY RFC8259 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
<!ENTITY RFC8785 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8785.xml">
<!ENTITY RFC9457 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9457.xml">
]>


<rfc ipr="noModificationTrust200902" docName="draft-nearintents-charge-00" category="info" submissionType="independent">
  <front>
    <title abbrev="NEAR Intents Charge">NEAR Intents Charge Intent for HTTP Payment Authentication</title>

    <author initials="I." surname="Alustiza" fullname="Iker Alustiza">
      <organization>Near One</organization>
      <address>
        <email>iker.alustiza@nearone.org</email>
      </address>
    </author>

    <date year="2026" month="June" day="30"/>

    
    
    

    <abstract>


<?line 71?>

<t>This document defines the "charge" intent for the "nearintents" payment
method in the Payment HTTP Authentication Scheme
<xref target="I-D.httpauth-payment"/>. It specifies how clients and servers exchange
one-time, cross-chain payments settled through the NEAR Intents 1Click
Swap API <xref target="ONECLICK-API"/>, in which a client pays a specified amount of
a source asset on any supported origin chain and the resource server
(merchant) receives an exact amount of a destination asset on any
supported destination chain, with the NEAR Intents solver network
executing the cross-chain swap in between.</t>

<t>One credential type is supported: <spanx style="verb">type="hash"</spanx> (push mode), where the
client broadcasts the deposit transaction to the origin chain itself and
presents the confirmed transaction hash for server verification. Because
the 1Click backend issues a unique, single-use deposit address for each
challenge, the recipient address is itself challenge-specific, which
strengthens the challenge binding relative to generic hash-based
credentials.</t>



    </abstract>



  </front>

  <middle>


<?line 91?>

<section anchor="introduction"><name>Introduction</name>

<t>HTTP Payment Authentication <xref target="I-D.httpauth-payment"/> defines a
challenge-response mechanism that gates access to resources behind
payments. This document registers the "charge" intent for the
"nearintents" payment method.</t>

<t>NEAR Intents is an intent-based settlement system in which a network of
competing solvers fulfills user-expressed swap intents. The 1Click Swap
API <xref target="ONECLICK-API"/> is a hosted interface to this system: a caller
requests a quote for converting a source asset into a destination asset,
receives a unique deposit address on the origin chain, sends the source
asset to that address, and the solver network delivers the destination
asset to a specified recipient — potentially on a different chain. A
list of supported origin and destination chains is maintained at
<xref target="NEAR-INTENTS-CHAINS"/>.</t>

<t>This document specifies how to use that settlement system to fulfill the
"charge" intent: a one-time payment of a specified amount, as defined in
<xref target="I-D.payment-intent-charge"/>. The server may settle the payment any
time before the challenge <spanx style="verb">expires</spanx> auth-param timestamp.</t>

<t>This specification inherits the shared request semantics of the "charge"
intent from <xref target="I-D.payment-intent-charge"/>. It defines only the NEAR
Intents-specific <spanx style="verb">methodDetails</spanx>, <spanx style="verb">payload</spanx>, verification, and
settlement procedures for the "nearintents" payment method.</t>

<section anchor="push-mode"><name>Push Mode</name>

<t>This method uses a single settlement flow, called "push mode", which
uses <spanx style="verb">type="hash"</spanx> credentials. The client "pushes" the deposit
transaction to the origin chain itself and presents the confirmed
transaction hash; the server verifies the deposit and then drives the
cross-chain swap to completion.</t>

<figure><artwork><![CDATA[
Client                  Server            Origin Chain      1Click / Solvers
  |                        |                    |                  |
  | (1) GET /resource      |                    |                  |
  |----------------------->|                    |                  |
  |                        | (2) quote          |                  |
  |                        |-------------------------------------->|
  |                        |   depositAddress, maxAmountIn, ...     |
  |                        |<--------------------------------------|
  | (3) 402 Payment Req    |                    |                  |
  |     intent="charge"    |                    |                  |
  |     recipient=deposit  |                    |                  |
  |<-----------------------|                    |                  |
  |                        |                    |                  |
  | (4) Send deposit tx    |                    |                  |
  |------------------------------------------->|                  |
  | (5) Confirmation       |                    |                  |
  |<-------------------------------------------|                  |
  |                        |                    |                  |
  | (6) Authorization:     |                    |                  |
  |     Payment (txHash)   |                    |                  |
  |----------------------->|                    |                  |
  |                        | (7) Verify deposit on origin chain    |
  |                        |--------------------|                  |
  |                        | (8) Submit + await swap finality      |
  |                        |-------------------------------------->|
  |                        |   status: SUCCESS (merchant paid)     |
  |                        |<--------------------------------------|
  | (9) 200 OK + Receipt   |                    |                  |
  |<-----------------------|                    |                  |
]]></artwork></figure>

<t>Unlike methods that offer a server-submitted ("pull") flow for fee
sponsorship, this method has no pull mode: the source asset must be
deposited to the 1Click address before settlement can begin, and the
client therefore always pays its own origin-chain network fee. A future
revision <bcp14>MAY</bcp14> define an additional credential type for clients that hold
balances on the NEAR Intents settlement layer and wish to delegate
submission of a signed intent; such a credential is out of scope for
this document.</t>

</section>
<section anchor="cross-chain-model"><name>Cross-Chain Settlement Model</name>

<t>Single-chain charge methods describe one transfer: the client sends
<spanx style="verb">amount</spanx> of <spanx style="verb">currency</spanx> to <spanx style="verb">recipient</spanx>, and the recipient receives
exactly that. This method describes a payment whose two sides may
diverge across chains and assets.</t>

<t>To remain compatible with the shared "charge" request schema and with
push-mode verification, the standard fields describe the <strong>payment the
client makes on the origin chain</strong>, and the <strong>merchant's destination
leg</strong> is carried in <spanx style="verb">methodDetails</spanx>:</t>

<t><list style="symbols">
  <t><spanx style="verb">recipient</spanx> is the 1Click <strong>deposit address</strong> on the origin chain. It is
the payee of the client's on-chain transfer and the address whose
receipt of funds the server verifies from the transaction hash. It is
controlled by the NEAR Intents settlement system for the duration of the
swap, not by the merchant.</t>
  <t><spanx style="verb">currency</spanx> and <spanx style="verb">amount</spanx> describe the <strong>source asset</strong> and the <strong>deposit
amount</strong> the client sends to <spanx style="verb">recipient</spanx>.</t>
  <t><spanx style="verb">methodDetails.originNetwork</spanx> is the <strong>origin chain</strong> where <spanx style="verb">recipient</spanx> lives
and where the transaction hash is anchored.</t>
  <t><spanx style="verb">methodDetails.destinationNetwork</spanx>, <spanx style="verb">methodDetails.destinationAsset</spanx>,
<spanx style="verb">methodDetails.destinationRecipient</spanx>, and <spanx style="verb">methodDetails.amountOut</spanx>
describe the asset, chain, beneficiary, and exact amount the <strong>merchant</strong>
receives once the swap completes.</t>
</list></t>

<t>This mapping keeps push-mode verification — confirm an on-chain transfer
to <spanx style="verb">recipient</spanx> of the <spanx style="verb">currency</spanx> the client was asked to send — directly
applicable: the verified deposit is the payment, and the cross-chain swap
is an extension that executes afterward and delivers to the merchant.</t>

</section>
<section anchor="relationship-to-the-charge-intent"><name>Relationship to the Charge Intent</name>

<t>This document inherits the shared request semantics of the "charge"
intent from <xref target="I-D.payment-intent-charge"/>. It defines only the NEAR
Intents-specific <spanx style="verb">methodDetails</spanx>, <spanx style="verb">payload</spanx>, and verification procedures
for the "nearintents" payment method.</t>

</section>
</section>
<section anchor="requirements-language"><name>Requirements Language</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

</section>
<section anchor="terminology"><name>Terminology</name>

<dl>
  <dt>1Click Swap API</dt>
  <dd>
    <t>A hosted interface to the NEAR Intents settlement system <xref target="ONECLICK-API"/>.
Exposes quote generation, deposit notification, and status endpoints used
by this method.</t>
  </dd>
  <dt>Deposit Address</dt>
  <dd>
    <t>A unique address generated by the 1Click backend for a single quote. The
client sends the source asset to this address. Each address corresponds to
exactly one quote and is single-use.</t>
  </dd>
  <dt>Solver Network</dt>
  <dd>
    <t>The set of competing agents that fulfill NEAR Intents swap intents by
sourcing the destination asset and delivering it to the recipient.</t>
  </dd>
  <dt>EXACT_OUTPUT</dt>
  <dd>
    <t>A 1Click quote mode in which the destination output amount is fixed and
the maximum source input amount required to guarantee it is computed by the
quote. This method uses <spanx style="verb">EXACT_OUTPUT</spanx> so the merchant receives a
deterministic amount.</t>
  </dd>
  <dt>Origin Chain</dt>
  <dd>
    <t>The chain on which the client holds the source asset and broadcasts the
deposit transaction. Identified by a CAIP-2 <xref target="CAIP-2"/> network identifier.</t>
  </dd>
  <dt>Destination Chain</dt>
  <dd>
    <t>The chain on which the merchant receives the destination asset.
Identified by a CAIP-2 <xref target="CAIP-2"/> network identifier.</t>
  </dd>
  <dt>Settlement Finality</dt>
  <dd>
    <t>For this method, the point at which the merchant has received the
destination asset, signalled by the 1Click terminal status <spanx style="verb">SUCCESS</spanx>. See
<xref target="settlement"/>.</t>
  </dd>
  <dt>Base Units</dt>
  <dd>
    <t>The smallest transferable unit of an asset, determined by its decimal
precision (e.g., USDC with 6 decimals uses 1,000,000 base units per 1
USDC).</t>
  </dd>
</dl>

</section>
<section anchor="request-schema"><name>Request Schema</name>

<t>The <spanx style="verb">request</spanx> parameter in the <spanx style="verb">WWW-Authenticate</spanx> challenge contains a
base64url-encoded <xref target="RFC4648"/> JSON <xref target="RFC8259"/> object. The JSON <bcp14>MUST</bcp14> be
serialized using JSON Canonicalization Scheme (JCS) <xref target="RFC8785"/> before
base64url encoding, per <xref target="I-D.httpauth-payment"/>.</t>

<t>This specification implements the shared request fields defined in
<xref target="I-D.payment-intent-charge"/>.</t>

<section anchor="shared-fields"><name>Shared Fields</name>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Presence</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">amount</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Deposit amount the client is asked to send, in base units of <spanx style="verb">currency</spanx> (the 1Click quote <spanx style="verb">maxAmountIn</spanx>): the upper bound that guarantees the merchant receives <spanx style="verb">methodDetails.amountOut</spanx>. A requested/display value — the verifier actually requires <spanx style="verb">methodDetails.minAmountIn</spanx>, not <spanx style="verb">amount</spanx> (see <xref target="verification"/>).</c>
      <c><spanx style="verb">currency</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Source asset the client pays with, as a CAIP-19 <xref target="CAIP-19"/> asset identifier (see <xref target="asset-identifiers"/>); chain component <bcp14>MUST</bcp14> equal <spanx style="verb">methodDetails.originNetwork</spanx>.</c>
      <c><spanx style="verb">recipient</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>1Click deposit address on the origin chain. The payee of the client's on-chain transfer.</c>
      <c><spanx style="verb">description</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Human-readable payment description. <bcp14>MUST NOT</bcp14> be relied upon for verification per <xref target="I-D.httpauth-payment"/>.</c>
      <c><spanx style="verb">externalId</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Merchant reference (order ID, invoice number, etc.).</c>
</texttable>

<t>Challenge expiry is conveyed by the <spanx style="verb">expires</spanx> auth-param in
<spanx style="verb">WWW-Authenticate</spanx> per <xref target="I-D.httpauth-payment"/> (see <xref target="expiry"/>).</t>

</section>
<section anchor="asset-identifiers"><name>Asset Identifiers</name>

<t>Both <spanx style="verb">currency</spanx> and <spanx style="verb">methodDetails.destinationAsset</spanx> <bcp14>MUST</bcp14> be CAIP-19
<xref target="CAIP-19"/> asset identifiers. CAIP-19 encodes the chain and the asset in
one self-describing string, so both legs of the swap use the same
convention and either side can be parsed without external context:</t>

<texttable>
      <ttcol align='left'>Chain type</ttcol>
      <ttcol align='left'>CAIP-19  form</ttcol>
      <ttcol align='left'>Example</ttcol>
      <c>EVM chains</c>
      <c><spanx style="verb">eip155:&lt;chainId&gt;/erc20:&lt;address&gt;</spanx></c>
      <c><spanx style="verb">eip155:42161/erc20:0xaf88d065e77c8cC2239327C5EDb3A432268e5831</spanx></c>
      <c>Solana</c>
      <c><spanx style="verb">solana:&lt;genesisHash&gt;/token:&lt;mint&gt;</spanx></c>
      <c><spanx style="verb">solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/token:EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v</spanx></c>
      <c>NEAR (NEP-141)</c>
      <c><spanx style="verb">near:mainnet/nep141:&lt;account&gt;</spanx></c>
      <c><spanx style="verb">near:mainnet/nep141:17208628f84f5d6ad33f0da3bbbeb27ffcb398eac501a31bd6ad2011e36133a1</spanx></c>
      <c>Native assets (no contract)</c>
      <c><spanx style="verb">&lt;caip2&gt;/slip44:&lt;coinType&gt;</spanx></c>
      <c><spanx style="verb">bip122:000000000019d6689c085ae165831e93/slip44:0</spanx> (BTC)</c>
</texttable>

<t>Implementations <bcp14>MUST NOT</bcp14> use informal short identifiers (e.g., <spanx style="verb">"arb"</spanx>,
<spanx style="verb">"BTC"</spanx>) or bare contract addresses without the CAIP-19 chain prefix in
<spanx style="verb">currency</spanx> or <spanx style="verb">destinationAsset</spanx>. The chain component of <spanx style="verb">currency</spanx> <bcp14>MUST</bcp14>
equal <spanx style="verb">methodDetails.originNetwork</spanx>, and the chain component of
<spanx style="verb">destinationAsset</spanx> <bcp14>MUST</bcp14> equal <spanx style="verb">methodDetails.destinationNetwork</spanx>. CAIP-19
identifiers <bcp14>MUST</bcp14> be compared by their parsed components, with the address
or reference component compared in the relevant chain's canonical form
(for example, EVM addresses compared case-insensitively).</t>

</section>
<section anchor="method-details"><name>Method Details</name>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Presence</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">methodDetails.originNetwork</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>CAIP-2 <xref target="CAIP-2"/> identifier of the origin chain (where <spanx style="verb">recipient</spanx> lives and the deposit tx is anchored).</c>
      <c><spanx style="verb">methodDetails.destinationNetwork</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>CAIP-2 <xref target="CAIP-2"/> identifier of the chain where the merchant receives the destination asset.</c>
      <c><spanx style="verb">methodDetails.destinationAsset</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Destination asset the merchant receives, as a CAIP-19 <xref target="CAIP-19"/> asset identifier (see <xref target="asset-identifiers"/>); chain component <bcp14>MUST</bcp14> equal <spanx style="verb">methodDetails.destinationNetwork</spanx>.</c>
      <c><spanx style="verb">methodDetails.destinationRecipient</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Merchant address on the destination chain that receives <spanx style="verb">amountOut</spanx>.</c>
      <c><spanx style="verb">methodDetails.amountOut</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Exact amount the merchant receives, in base units of <spanx style="verb">destinationAsset</spanx>. Guaranteed via <spanx style="verb">EXACT_OUTPUT</spanx>.</c>
      <c><spanx style="verb">methodDetails.minAmountIn</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Minimum deposit the backend accepts, in base units of <spanx style="verb">currency</spanx>. Threshold checked at verification (<xref target="verification"/>, step 3): a confirmed deposit <bcp14>MUST</bcp14> be at least <spanx style="verb">minAmountIn</spanx>. Deposits below it yield <spanx style="verb">INCOMPLETE_DEPOSIT</spanx> and are refunded to <spanx style="verb">refundTo</spanx>.</c>
      <c><spanx style="verb">methodDetails.depositMemo</spanx></c>
      <c>string | null</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Deposit memo required by some origin chains (e.g., Stellar). Absent or <spanx style="verb">null</spanx> when not required.</c>
      <c><spanx style="verb">methodDetails.slippageTolerance</spanx></c>
      <c>number</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Slippage tolerance in basis points (e.g., <spanx style="verb">100</spanx> = 1%).</c>
      <c><spanx style="verb">methodDetails.timeEstimate</spanx></c>
      <c>number</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Estimated swap completion time in seconds, from the 1Click quote.</c>
      <c><spanx style="verb">methodDetails.refundTo</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Address on the origin chain to which the backend refunds the deposit if the swap fails or excess exists.</c>
      <c><spanx style="verb">methodDetails.settlementBackend</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Discloses the settlement backend. Value <spanx style="verb">"near-intents"</spanx> for this method.</c>
      <c><spanx style="verb">methodDetails.credentialTypes</spanx></c>
      <c>array</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Ordered list of accepted credential types. For this method, the only valid value is <spanx style="verb">"hash"</spanx>.</c>
</texttable>

<t>If <spanx style="verb">methodDetails.credentialTypes</spanx> is omitted, servers <bcp14>MUST</bcp14> accept
<spanx style="verb">"hash"</spanx>. Servers <bcp14>MUST NOT</bcp14> advertise credential types other than
<spanx style="verb">"hash"</spanx> for this method.</t>

<t><strong>Example (decoded <spanx style="verb">request</spanx>):</strong></t>

<figure><sourcecode type="json"><![CDATA[
{
  "amount": "1005000",
  "currency": "eip155:42161/erc20:0xaf88d065e77c8cC2239327C5EDb3A432268e5831",
  "recipient": "0x76b4c56085ED136a8744D52bE956396624a730E8",
  "description": "Cross-chain premium data access",
  "externalId": "order_12345",
  "methodDetails": {
    "originNetwork": "eip155:42161",
    "destinationNetwork": "near:mainnet",
    "destinationAsset": "near:mainnet/nep141:17208628f84f5d6ad33f0da3bbbeb27ffcb398eac501a31bd6ad2011e36133a1",
    "destinationRecipient": "merchant.near",
    "amountOut": "1000000",
    "minAmountIn": "1000000",
    "depositMemo": null,
    "slippageTolerance": 100,
    "timeEstimate": 120,
    "refundTo": "0x2527D02599Ba641c19FEa793cD0F9a6e8457C317",
    "settlementBackend": "near-intents",
    "credentialTypes": ["hash"]
  }
}
]]></sourcecode></figure>

<t>This requests a deposit of 1.005 USDC on Arbitrum (<spanx style="verb">eip155:42161</spanx>) so
that the merchant receives exactly 1.00 of the destination asset on NEAR
(<spanx style="verb">near:mainnet</spanx>).</t>

</section>
</section>
<section anchor="credential-schema"><name>Credential Schema</name>

<t>The credential in the <spanx style="verb">Authorization</spanx> header contains a
base64url-encoded JSON object per <xref target="I-D.httpauth-payment"/>.</t>

<section anchor="credential-structure"><name>Credential Structure</name>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Presence</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">challenge</spanx></c>
      <c>object</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Echo of the challenge auth-params from <spanx style="verb">WWW-Authenticate</spanx> per <xref target="I-D.httpauth-payment"/>.</c>
      <c><spanx style="verb">payload</spanx></c>
      <c>object</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>NEAR Intents-specific payload (see <xref target="hash-payload"/>).</c>
      <c><spanx style="verb">source</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Payer DID.</c>
</texttable>

<t>The <spanx style="verb">source</spanx> field, if present, <bcp14>SHOULD</bcp14> use the <spanx style="verb">did:pkh</spanx> method
<xref target="DID-PKH"/> with the CAIP-2 origin network identifier and the payer's
origin-chain address (e.g., <spanx style="verb">did:pkh:eip155:42161:0x2527...</spanx>).</t>

</section>
<section anchor="hash-payload"><name>Hash Payload — Push Mode (type="hash")</name>

<t>In push mode, the client has already broadcast the deposit transaction
to the origin chain. The <spanx style="verb">hash</spanx> field contains the transaction hash for
the server to verify.</t>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Presence</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">type</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c><spanx style="verb">"hash"</spanx></c>
      <c><spanx style="verb">hash</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Transaction hash of the client's deposit on the origin chain (<spanx style="verb">methodDetails.originNetwork</spanx>). Format is origin-chain-native.</c>
</texttable>

<t>The address the deposit must pay is not repeated in the payload: it is
the challenge <spanx style="verb">recipient</spanx>, which is bound into the challenge <spanx style="verb">id</spanx> (see
<xref target="challenge-binding"/>). The server resolves which deposit to verify from
the echoed challenge.</t>

<t><strong>Example:</strong></t>

<figure><sourcecode type="json"><![CDATA[
{
  "challenge": {
    "id": "qB3wErTyU7iOpAsD9fGhJk",
    "realm": "api.example.com",
    "method": "nearintents",
    "intent": "charge",
    "request": "eyJ...",
    "expires": "2026-06-25T15:10:00Z"
  },
  "payload": {
    "type": "hash",
    "hash": "0x9bcff372aee89b648c922b850573b22387c31d693079f5e37cd255814e2d615a"
  },
  "source": "did:pkh:eip155:42161:0x2527D02599Ba641c19FEa793cD0F9a6e8457C317"
}
]]></sourcecode></figure>

</section>
</section>
<section anchor="expiry"><name>Challenge Expiry and Deposit Deadline</name>

<t>The challenge <spanx style="verb">expires</spanx> auth-param (<xref target="I-D.httpauth-payment"/>) <bcp14>MUST</bcp14> be
set to the 1Click quote deadline, or to a slightly earlier time, so that
a deposit made before <spanx style="verb">expires</spanx> is still within the quote's validity
window.</t>

<t>Clients <bcp14>MUST NOT</bcp14> broadcast a deposit transaction after the challenge
<spanx style="verb">expires</spanx> timestamp. A deposit that arrives at the deposit address after
the quote deadline may be refunded to <spanx style="verb">methodDetails.refundTo</spanx> rather
than swapped.</t>

<t>Servers <bcp14>SHOULD</bcp14> set <spanx style="verb">expires</spanx> such that the remaining window before the
quote deadline accommodates origin-chain confirmation plus
<spanx style="verb">methodDetails.timeEstimate</spanx>. Because the deposit address is
time-limited, servers <bcp14>SHOULD</bcp14> cache the challenge for a given resource
until the quote deadline and reissue the same challenge (including the
same <spanx style="verb">recipient</spanx>) for repeated requests, regenerating only when the
deadline passes.</t>

</section>
<section anchor="challenge-binding"><name>Challenge Binding</name>

<t>The challenge <spanx style="verb">id</spanx> binds the challenge parameters per
<xref target="I-D.httpauth-payment"/>, including <spanx style="verb">request</spanx>, which carries <spanx style="verb">recipient</spanx>
(the deposit address), <spanx style="verb">amount</spanx>, and <spanx style="verb">currency</spanx>. Servers <bcp14>MUST</bcp14> verify
that the credential echoes a challenge whose recomputed binding matches
the <spanx style="verb">id</spanx> they issued (for example, via the HMAC-SHA256 mechanism in
<xref target="I-D.httpauth-payment"/>), and <bcp14>MUST</bcp14> reject credentials presenting an
unknown, expired, modified, or already-settled <spanx style="verb">id</spanx>.</t>

<t>Because the 1Click backend issues a <strong>unique deposit address per
quote</strong>, the <spanx style="verb">recipient</spanx> in each challenge is challenge-specific. A
deposit transaction observed at that address is therefore implicitly
bound to the single challenge that advertised it — an attacker cannot
present the same deposit against a different challenge, because a
different challenge has a different <spanx style="verb">recipient</spanx>. This gives push mode
under this method a stronger practical binding than hash credentials
whose recipient is a static merchant address shared across many
challenges. See <xref target="hash-binding"/>.</t>

</section>
<section anchor="verification"><name>Verification</name>

<t>Upon receiving a request with a credential, the server <bcp14>MUST</bcp14> first
validate that <spanx style="verb">payload.type</spanx> is <spanx style="verb">"hash"</spanx>, then perform the following
checks. If any check fails, the server <bcp14>MUST</bcp14> return a
<spanx style="verb">verification-failed</spanx> error per <xref target="I-D.httpauth-payment"/> (or a more
specific code from <xref target="error-codes"/>).</t>

<t>If the origin-chain RPC or the 1Click status endpoint is unavailable for
a required check, servers <bcp14>MUST</bcp14> treat this as a server error (HTTP 5xx)
rather than a <spanx style="verb">verification-failed</spanx> response, and <bcp14>MUST NOT</bcp14> settle the
credential.</t>

<t><list style="numbers" type="1">
  <t>The challenge <spanx style="verb">id</spanx> matches an outstanding, unsettled challenge issued by
this server, the recomputed challenge binding matches <spanx style="verb">id</spanx>
(<xref target="challenge-binding"/>), and the current time is before the challenge
<spanx style="verb">expires</spanx> auth-param.</t>
  <t><spanx style="verb">payload.hash</spanx> has not been previously consumed (see <xref target="replay"/>).</t>
  <t>The transaction identified by <spanx style="verb">payload.hash</spanx> exists on
<spanx style="verb">methodDetails.originNetwork</spanx>, is confirmed to that chain's policy
(see <xref target="settlement"/>), and transfers at least <spanx style="verb">methodDetails.minAmountIn</spanx>
of <spanx style="verb">currency</spanx> to the challenge <spanx style="verb">recipient</spanx> (the deposit address),
including <spanx style="verb">methodDetails.depositMemo</spanx> when non-null. This confirmation
<bcp14>MUST</bcp14> be performed either by querying the origin chain directly, or by
querying the 1Click status endpoint and observing that the backend has
detected a qualifying deposit at <spanx style="verb">recipient</spanx>. Relying solely on
client-asserted payload fields does not satisfy this requirement.</t>
  <t>The deposit address (<spanx style="verb">recipient</spanx>) corresponds to an active,
non-expired, non-settled quote in the server's state.</t>
  <t>Claim <spanx style="verb">payload.hash</spanx> as <strong>in-flight</strong> for this challenge, rejecting any
concurrent or later submission of the same hash while settlement runs.
The hash is <strong>permanently consumed only on a terminal settlement state</strong>
(see <xref target="settlement"/> and <xref target="replay"/>); verification alone does not burn the
credential. On a non-success terminal state the client recovers with a
fresh challenge (see <xref target="client-recovery"/>).</t>
</list></t>

<t>Verification confirms that the client has paid the origin-chain leg. The
cross-chain swap that delivers the destination asset to the merchant is
driven during settlement (<xref target="settlement"/>); a <spanx style="verb">Payment-Receipt</spanx> is issued
only after that delivery completes.</t>

</section>
<section anchor="error-codes"><name>Error Codes</name>

<t>This specification defines the following additional error code beyond
those in <xref target="I-D.httpauth-payment"/>:</t>

<texttable>
      <ttcol align='left'>Code</ttcol>
      <ttcol align='left'>HTTP</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">settlement-failed</spanx></c>
      <c>402</c>
      <c>The deposit was verified but the cross-chain swap did not complete (1Click terminal status <spanx style="verb">FAILED</spanx> or <spanx style="verb">REFUNDED</spanx>); the deposit is refunded to <spanx style="verb">refundTo</spanx>.</c>
</texttable>

<t>Other failure conditions map to the standard problem types of
<xref target="I-D.httpauth-payment"/>:</t>

<texttable>
      <ttcol align='left'>Condition</ttcol>
      <ttcol align='left'>Problem type</ttcol>
      <c>Challenge unknown, modified, already settled</c>
      <c><spanx style="verb">invalid-challenge</spanx></c>
      <c>Challenge or quote deadline passed</c>
      <c><spanx style="verb">payment-expired</spanx></c>
      <c>Deposit not found, wrong recipient, wrong asset/memo</c>
      <c><spanx style="verb">verification-failed</spanx></c>
      <c>Deposit below <spanx style="verb">methodDetails.minAmountIn</spanx></c>
      <c><spanx style="verb">payment-insufficient</spanx></c>
      <c>Swap failed or refunded after a verified deposit</c>
      <c><spanx style="verb">settlement-failed</spanx></c>
      <c>Credential malformed (bad base64url or JSON)</c>
      <c><spanx style="verb">malformed-credential</spanx></c>
</texttable>

<t>As required by <xref target="I-D.httpauth-payment"/>, every rejection returns HTTP
402 with a fresh <spanx style="verb">WWW-Authenticate: Payment</spanx> challenge and a Problem
Details <xref target="RFC9457"/> body with <spanx style="verb">Content-Type: application/problem+json</spanx>.</t>

</section>
<section anchor="settlement"><name>Settlement Procedure</name>

<t>After successful verification, the server drives the swap to finality
before granting access. The server:</t>

<t><list style="numbers" type="1">
  <t>Notifies the 1Click backend of the deposit (optional but recommended, as
it accelerates processing; the backend also detects deposits
automatically). This corresponds to the 1Click deposit-notification
endpoint, supplying the transaction hash and deposit address.</t>
  <t>Polls the 1Click status endpoint for the deposit address until a
terminal status is reached, or until the time implied by the challenge
<spanx style="verb">expires</spanx> window is exceeded. Terminal statuses are <spanx style="verb">SUCCESS</spanx>,
<spanx style="verb">FAILED</spanx>, <spanx style="verb">REFUNDED</spanx>, and <spanx style="verb">INCOMPLETE_DEPOSIT</spanx>.</t>
  <t>On <spanx style="verb">SUCCESS</spanx> — the merchant has received <spanx style="verb">methodDetails.amountOut</spanx> of
<spanx style="verb">methodDetails.destinationAsset</spanx> on <spanx style="verb">methodDetails.destinationNetwork</spanx> —
returns the resource with a <spanx style="verb">Payment-Receipt</spanx> header per <xref target="receipt"/>.</t>
  <t>On <spanx style="verb">FAILED</spanx> or <spanx style="verb">REFUNDED</spanx>, returns a <spanx style="verb">settlement-failed</spanx> error per
<xref target="error-codes"/>. On <spanx style="verb">INCOMPLETE_DEPOSIT</spanx>, returns <spanx style="verb">payment-insufficient</spanx>.
In all non-success terminal cases the backend refunds the deposit to
<spanx style="verb">methodDetails.refundTo</spanx>; the server <bcp14>MUST NOT</bcp14> grant access.</t>
  <t>On reaching any terminal status, permanently consume <spanx style="verb">payload.hash</spanx>
(see <xref target="replay"/>). After a terminal state the quote and its deposit
address are spent — the deposit was either delivered (<spanx style="verb">SUCCESS</spanx>) or
refunded — so the same hash <bcp14>MUST NOT</bcp14> be accepted again.</t>
</list></t>

<section anchor="client-recovery"><name>Client Recovery</name>

<t>A non-success terminal state (<spanx style="verb">FAILED</spanx>, <spanx style="verb">REFUNDED</spanx>, <spanx style="verb">INCOMPLETE_DEPOSIT</spanx>,
or a settlement timeout) is terminal for this credential: the deposit is
refunded to <spanx style="verb">methodDetails.refundTo</spanx>, and because the quote and deposit
address are single-use, the same <spanx style="verb">payload.hash</spanx> cannot be retried. To pay
again, the client re-requests the resource to obtain a <strong>fresh challenge</strong>
(a new quote, hence a new deposit address), sends a new deposit, and
submits a new credential. Consistent with <xref target="error-codes"/>, the server
returns each non-success terminal state as a 402 carrying that fresh
<spanx style="verb">WWW-Authenticate: Payment</spanx> challenge, which the client uses to begin a
new attempt. Burning the original hash is therefore safe: it can never
deliver the resource, and the funds it represents have been refunded.</t>

</section>
<section anchor="finality"><name>Settlement Finality</name>

<t>This method has two candidate finality boundaries: (a) confirmation of
the client's deposit on the origin chain, and (b) delivery of the
destination asset to the merchant. This method defines finality as <strong>(b)
destination delivery</strong> (1Click terminal status <spanx style="verb">SUCCESS</spanx>). The server
<bcp14>MUST NOT</bcp14> return a <spanx style="verb">Payment-Receipt</spanx> before <spanx style="verb">SUCCESS</spanx>.</t>

<t>Per-origin-chain confirmation depth (boundary a) is a policy of the
settlement backend: the 1Click backend applies chain-appropriate
confirmation depth before executing a swap, including on chains with
probabilistic finality (e.g., Bitcoin block depth, Solana commitment
levels). Servers <bcp14>MUST NOT</bcp14> treat a deposit observed below the backend's
confirmation threshold as final; in practice this is automatic, since
<spanx style="verb">SUCCESS</spanx> cannot be reached before the backend confirms the deposit.</t>

<t>The time from deposit to <spanx style="verb">SUCCESS</spanx> varies by origin chain and current
conditions and is approximated by <spanx style="verb">methodDetails.timeEstimate</spanx>. Servers
<bcp14>SHOULD NOT</bcp14> assume a fixed latency, and <bcp14>SHOULD</bcp14> calibrate the challenge
<spanx style="verb">expires</spanx> window per origin chain (short for fast chains, substantially
longer for slow-finality origins such as Bitcoin). For long-running
settlements, servers <bcp14>MAY</bcp14> return <spanx style="verb">202 Accepted</spanx> with a retry location or
offer webhook notification instead of holding the connection open;
specifying such an asynchronous delivery mechanism is otherwise out of
scope for this document.</t>

</section>
</section>
<section anchor="receipt"><name>Receipt</name>

<t>Upon successful settlement, servers <bcp14>MUST</bcp14> return a <spanx style="verb">Payment-Receipt</spanx>
header per <xref target="I-D.httpauth-payment"/>. Servers <bcp14>MUST NOT</bcp14> include a
<spanx style="verb">Payment-Receipt</spanx> header on error responses.</t>

<t>The receipt payload fields:</t>

<texttable>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Presence</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c><spanx style="verb">method</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c><spanx style="verb">"nearintents"</spanx></c>
      <c><spanx style="verb">challengeId</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>The <spanx style="verb">id</spanx> from the original challenge.</c>
      <c><spanx style="verb">reference</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>Settlement reference: the destination-chain transaction hash of the merchant delivery.</c>
      <c><spanx style="verb">status</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c><spanx style="verb">"success"</spanx></c>
      <c><spanx style="verb">timestamp</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c><xref target="RFC3339"/> settlement time.</c>
      <c><spanx style="verb">originTxHash</spanx></c>
      <c>string</c>
      <c><bcp14>REQUIRED</bcp14></c>
      <c>The client's origin-chain deposit transaction hash (<spanx style="verb">payload.hash</spanx>).</c>
      <c><spanx style="verb">destinationNetwork</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>CAIP-2 identifier of the chain where the merchant was paid.</c>
      <c><spanx style="verb">externalId</spanx></c>
      <c>string</c>
      <c><bcp14>OPTIONAL</bcp14></c>
      <c>Echoed from the challenge request.</c>
</texttable>

<t><strong>Example (decoded):</strong></t>

<figure><sourcecode type="json"><![CDATA[
{
  "method": "nearintents",
  "challengeId": "qB3wErTyU7iOpAsD9fGhJk",
  "reference": "FtChYxxQh1k6vKjQ9wq5q1f8s2n3p4r5t6u7v8w9x0yz",
  "status": "success",
  "timestamp": "2026-06-25T15:12:11Z",
  "originTxHash": "0x9bcff372aee89b648c922b850573b22387c31d693079f5e37cd255814e2d615a",
  "destinationNetwork": "near:mainnet",
  "externalId": "order_12345"
}
]]></sourcecode></figure>

</section>
<section anchor="replay"><name>Replay Protection</name>

<t>Per <xref target="I-D.httpauth-payment"/>, payment proofs <bcp14>MUST</bcp14> be single-use. This
method enforces replay protection on two layers:</t>

<t><list style="symbols">
  <t><strong>Deposit address as nonce</strong>: each quote yields a unique deposit address,
and the 1Click backend processes at most one swap per address. The server
<bcp14>MUST</bcp14> reject any credential whose <spanx style="verb">recipient</spanx> (deposit address) does not
correspond to an active, non-expired, non-settled quote in its state.</t>
  <t><strong>Single-use transaction hashes</strong>: the server <bcp14>MUST</bcp14> track each
<spanx style="verb">payload.hash</spanx> and reject any hash that is already in-flight or consumed.
At verification the hash is claimed as in-flight (atomically, satisfying
the concurrency requirement below); it is <strong>permanently consumed only
when settlement reaches a terminal state</strong> — <spanx style="verb">SUCCESS</spanx> or any
failure/refund — so a credential is never burned before its outcome is
known and is never reusable afterward. On a non-success terminal state
the client obtains a fresh challenge to retry (see <xref target="client-recovery"/>).</t>
</list></t>

<t>When a single origin transaction is one of several deposits aggregated
by the backend to one address (e.g., a top-up after an under-deposit),
each individual transaction hash remains single-use; the server <bcp14>MAY</bcp14>
accept any one qualifying hash provided the aggregate meets
<spanx style="verb">methodDetails.minAmountIn</spanx>.</t>

<t>Servers <bcp14>MUST</bcp14> also satisfy the concurrency requirement of
<xref target="I-D.httpauth-payment"/>: concurrent requests bearing the same
credential <bcp14>MUST</bcp14> result in at most one settlement and one resource
delivery.</t>

</section>
<section anchor="security"><name>Security Considerations</name>

<section anchor="transport-security"><name>Transport Security</name>

<t>All communication <bcp14>MUST</bcp14> use TLS 1.2 or higher per
<xref target="I-D.httpauth-payment"/>. Credentials and receipts <bcp14>MUST</bcp14> only be
transmitted over HTTPS connections.</t>

</section>
<section anchor="amount-and-asset-verification"><name>Amount and Asset Verification</name>

<t>Before broadcasting a deposit, clients <bcp14>MUST</bcp14> decode and verify the
challenge <spanx style="verb">request</spanx> per <xref target="I-D.httpauth-payment"/>: that <spanx style="verb">amount</spanx>,
<spanx style="verb">currency</spanx>, and <spanx style="verb">recipient</spanx> (the deposit address) are as expected, that
<spanx style="verb">methodDetails.originNetwork</spanx> is the intended origin chain, and that the
destination leg (<spanx style="verb">destinationNetwork</spanx>, <spanx style="verb">destinationAsset</spanx>,
<spanx style="verb">destinationRecipient</spanx>, <spanx style="verb">amountOut</spanx>) matches what the client intends the
merchant to receive. Clients <bcp14>MUST NOT</bcp14> rely on <spanx style="verb">description</spanx>.</t>

</section>
<section anchor="hash-binding"><name>Hash Credential Binding</name>

<t>Hash credentials generally provide weaker challenge binding than
signature-based credentials: the server confirms a matching on-chain
payment exists but, for a static recipient, cannot prove the payment was
created for a specific challenge instance. Under this method that gap is
narrowed by the unique-per-quote deposit address: the <spanx style="verb">recipient</spanx> is
itself challenge-specific and is bound into the challenge <spanx style="verb">id</spanx>
(<xref target="challenge-binding"/>), so a deposit observed at that address is bound
to the one challenge that advertised it. Servers nonetheless <bcp14>MUST</bcp14>
enforce consumed-hash tracking (<xref target="replay"/>) and <bcp14>MUST</bcp14> reject credentials
referencing an unknown, expired, or settled challenge, and <bcp14>SHOULD</bcp14> use
unique <spanx style="verb">externalId</spanx> values per challenge.</t>

</section>
<section anchor="deposit-address-authenticity"><name>Deposit Address Authenticity</name>

<t>Servers <bcp14>MUST</bcp14> only advertise deposit addresses obtained from
authenticated calls to the 1Click API, and <bcp14>MUST NOT</bcp14> relay deposit
addresses from untrusted sources. Because the client pays before
learning whether the resource will be delivered, clients <bcp14>SHOULD</bcp14> apply
heightened scrutiny to the server's identity (origin, TLS certificate)
before depositing, and browser-based wallets <bcp14>SHOULD</bcp14> require explicit
user confirmation per <xref target="I-D.httpauth-payment"/>.</t>

</section>
<section anchor="trust"><name>Trust Model</name>

<t>Settlement in this method is <strong>not trustless</strong>. For the duration of the
swap, the deposited funds are custodied by the NEAR Intents settlement
system, which is trusted to either deliver the destination asset to the
merchant or refund the deposit to <spanx style="verb">methodDetails.refundTo</spanx>. The
<spanx style="verb">recipient</spanx> (deposit address) ↔ merchant pairing is fixed in the quote
and is enforced by the backend, not by an on-chain contract that the
client co-signs. This is comparable to entrusting a payment processor
with a transfer. The automatic refund path bounds the client's downside:
every non-success terminal state refunds the deposit. Clients and
autonomous agents applying per-method risk policies can identify this
trust model from the <spanx style="verb">method</spanx> (<spanx style="verb">nearintents</spanx>) and
<spanx style="verb">methodDetails.settlementBackend</spanx>.</t>

</section>
<section anchor="idempotency-and-side-effects"><name>Idempotency and Side Effects</name>

<t>Per <xref target="I-D.httpauth-payment"/>, servers <bcp14>MUST NOT</bcp14> perform side effects for
unpaid requests, and <bcp14>SHOULD</bcp14> honour <spanx style="verb">Idempotency-Key</spanx> for non-idempotent
methods so that client retries with the same credential do not trigger a
second settlement.</t>

</section>
</section>
<section anchor="iana"><name>IANA Considerations</name>

<section anchor="payment-method-registration"><name>Payment Method Registration</name>

<t>This document registers the following payment method in the "HTTP
Payment Methods" registry established by <xref target="I-D.httpauth-payment"/>:</t>

<texttable>
      <ttcol align='left'>Method Identifier</ttcol>
      <ttcol align='left'>Description</ttcol>
      <ttcol align='left'>Reference</ttcol>
      <c><spanx style="verb">nearintents</spanx></c>
      <c>Cross-chain payment settled via the NEAR Intents 1Click Swap API</c>
      <c>This document</c>
</texttable>

<t>Contact: Iker Alustiza (iker.alustiza@nearone.org).</t>

</section>
<section anchor="payment-intent-registration"><name>Payment Intent Registration</name>

<t>This document registers the following payment intent usage in the "HTTP
Payment Intents" registry established by <xref target="I-D.httpauth-payment"/>:</t>

<texttable>
      <ttcol align='left'>Intent</ttcol>
      <ttcol align='left'>Applicable Methods</ttcol>
      <ttcol align='left'>Description</ttcol>
      <ttcol align='left'>Reference</ttcol>
      <c><spanx style="verb">charge</spanx></c>
      <c><spanx style="verb">nearintents</spanx></c>
      <c>One-time cross-chain payment delivered to the merchant</c>
      <c>This document</c>
</texttable>

</section>
</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">

&RFC2119;
&RFC3339;
&RFC4648;
&RFC8174;
&RFC8259;
&RFC8785;
&RFC9457;
<reference anchor="CAIP-2" target="https://chainagnostic.org/CAIPs/caip-2">
  <front>
    <title>CAIP-2: Blockchain ID Specification</title>
    <author >
      <organization>Chain Agnostic Standards Alliance</organization>
    </author>
    <date year="2020"/>
  </front>
</reference>
<reference anchor="CAIP-19" target="https://chainagnostic.org/CAIPs/caip-19">
  <front>
    <title>CAIP-19: Asset Type and Asset ID Specification</title>
    <author >
      <organization>Chain Agnostic Standards Alliance</organization>
    </author>
    <date year="2021"/>
  </front>
</reference>
<reference anchor="I-D.httpauth-payment" target="https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment/">
  <front>
    <title>The 'Payment' HTTP Authentication Scheme</title>
    <author initials="B." surname="Ryan" fullname="Brendan Ryan">
      <organization></organization>
    </author>
    <author initials="J." surname="Moxey" fullname="Jake Moxey">
      <organization></organization>
    </author>
    <date year="2026" month="January"/>
  </front>
</reference>
<reference anchor="I-D.payment-intent-charge" target="https://datatracker.ietf.org/doc/draft-payment-intent-charge/">
  <front>
    <title>'charge' Intent for HTTP Payment Authentication</title>
    <author initials="J." surname="Moxey" fullname="Jake Moxey">
      <organization></organization>
    </author>
    <author initials="B." surname="Ryan" fullname="Brendan Ryan">
      <organization></organization>
    </author>
    <author initials="T." surname="Meagher" fullname="Tom Meagher">
      <organization></organization>
    </author>
    <date year="2026"/>
  </front>
</reference>


    </references>

    <references title='Informative References' anchor="sec-informative-references">

<reference anchor="DID-PKH" target="https://github.com/w3c-ccg/did-pkh">
  <front>
    <title>did:pkh Method Specification</title>
    <author >
      <organization>W3C CCG</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="ONECLICK-API" target="https://docs.near-intents.org/integration/distribution-channels/1click-api/about-1click-api">
  <front>
    <title>NEAR Intents 1Click Swap API</title>
    <author >
      <organization>NEAR Intents</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="NEAR-INTENTS-CHAINS" target="https://docs.near-intents.org/resources/chain-support">
  <front>
    <title>NEAR Intents Supported Chains</title>
    <author >
      <organization>NEAR Intents</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>


    </references>

</references>


<?line 748?>

<section anchor="abnf-collected"><name>ABNF Collected</name>

<figure><sourcecode type="abnf"><![CDATA[
nearintents-charge-challenge = "Payment" 1*SP
  "id=" quoted-string ","
  "realm=" quoted-string ","
  "method=" DQUOTE "nearintents" DQUOTE ","
  "intent=" DQUOTE "charge" DQUOTE ","
  "request=" base64url-nopad
  [ "," "expires=" quoted-string ]

nearintents-charge-credential = "Payment" 1*SP base64url-nopad

; Base64url encoding without padding per RFC 4648 Section 5
base64url-nopad = 1*( ALPHA / DIGIT / "-" / "_" )
]]></sourcecode></figure>

</section>
<section anchor="examples"><name>Examples</name>

<section anchor="cross-chain-charge-usdc-on-arbitrum-to-merchant-on-near"><name>Cross-Chain Charge — USDC on Arbitrum to merchant on NEAR</name>

<t><strong>1. Challenge (402 response):</strong></t>

<figure><sourcecode type="http"><![CDATA[
HTTP/1.1 402 Payment Required
Cache-Control: no-store
Content-Type: application/problem+json
WWW-Authenticate: Payment id="qB3wErTyU7iOpAsD9fGhJk",
  realm="api.example.com",
  method="nearintents",
  intent="charge",
  request="eyJ...",
  expires="2026-06-25T15:10:00Z"

{
  "type": "https://paymentauth.org/problems/payment-required",
  "title": "Payment Required",
  "status": 402,
  "detail": "Payment required for access."
}
]]></sourcecode></figure>

<t>Decoded <spanx style="verb">request</spanx>:</t>

<figure><sourcecode type="json"><![CDATA[
{
  "amount": "1005000",
  "currency": "eip155:42161/erc20:0xaf88d065e77c8cC2239327C5EDb3A432268e5831",
  "recipient": "0x76b4c56085ED136a8744D52bE956396624a730E8",
  "description": "Cross-chain premium data access",
  "externalId": "order_12345",
  "methodDetails": {
    "originNetwork": "eip155:42161",
    "destinationNetwork": "near:mainnet",
    "destinationAsset": "near:mainnet/nep141:17208628f84f5d6ad33f0da3bbbeb27ffcb398eac501a31bd6ad2011e36133a1",
    "destinationRecipient": "merchant.near",
    "amountOut": "1000000",
    "minAmountIn": "1000000",
    "depositMemo": null,
    "slippageTolerance": 100,
    "timeEstimate": 120,
    "refundTo": "0x2527D02599Ba641c19FEa793cD0F9a6e8457C317",
    "settlementBackend": "near-intents",
    "credentialTypes": ["hash"]
  }
}
]]></sourcecode></figure>

<t>The client sends 1.005 USDC to <spanx style="verb">0x76b4c560...</spanx> on Arbitrum, then
presents the deposit hash.</t>

<t><strong>2. Credential:</strong></t>

<figure><sourcecode type="http"><![CDATA[
GET /resource HTTP/1.1
Host: api.example.com
Authorization: Payment eyJ...
]]></sourcecode></figure>

<t>Decoded credential:</t>

<figure><sourcecode type="json"><![CDATA[
{
  "challenge": {
    "id": "qB3wErTyU7iOpAsD9fGhJk",
    "realm": "api.example.com",
    "method": "nearintents",
    "intent": "charge",
    "request": "eyJ...",
    "expires": "2026-06-25T15:10:00Z"
  },
  "payload": {
    "type": "hash",
    "hash": "0x9bcff372aee89b648c922b850573b22387c31d693079f5e37cd255814e2d615a"
  },
  "source": "did:pkh:eip155:42161:0x2527D02599Ba641c19FEa793cD0F9a6e8457C317"
}
]]></sourcecode></figure>

<t><strong>3. Response (after swap reaches <spanx style="verb">SUCCESS</spanx>):</strong></t>

<figure><sourcecode type="http"><![CDATA[
HTTP/1.1 200 OK
Cache-Control: private
Payment-Receipt: eyJ...
Content-Type: application/json

{"data": "..."}
]]></sourcecode></figure>

<t>Decoded receipt:</t>

<figure><sourcecode type="json"><![CDATA[
{
  "method": "nearintents",
  "challengeId": "qB3wErTyU7iOpAsD9fGhJk",
  "reference": "FtChYxxQh1k6vKjQ9wq5q1f8s2n3p4r5t6u7v8w9x0yz",
  "status": "success",
  "timestamp": "2026-06-25T15:12:11Z",
  "originTxHash": "0x9bcff372aee89b648c922b850573b22387c31d693079f5e37cd255814e2d615a",
  "destinationNetwork": "near:mainnet",
  "externalId": "order_12345"
}
]]></sourcecode></figure>

</section>
<section anchor="native-btc-origin"><name>Native BTC origin</name>

<t>A challenge advertising a Bitcoin-origin deposit. The longer <spanx style="verb">expires</spanx>
window accommodates Bitcoin confirmation plus swap time.</t>

<t>Decoded <spanx style="verb">request</spanx>:</t>

<figure><sourcecode type="json"><![CDATA[
{
  "amount": "38000",
  "currency": "bip122:000000000019d6689c085ae165831e93/slip44:0",
  "recipient": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",
  "methodDetails": {
    "originNetwork": "bip122:000000000019d6689c085ae165831e93",
    "destinationNetwork": "near:mainnet",
    "destinationAsset": "near:mainnet/nep141:17208628f84f5d6ad33f0da3bbbeb27ffcb398eac501a31bd6ad2011e36133a1",
    "destinationRecipient": "merchant.near",
    "amountOut": "1000000",
    "minAmountIn": "37500",
    "depositMemo": null,
    "slippageTolerance": 150,
    "timeEstimate": 1800,
    "refundTo": "bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h",
    "settlementBackend": "near-intents",
    "credentialTypes": ["hash"]
  }
}
]]></sourcecode></figure>

</section>
<section anchor="multiple-origin-chains-via-accept-payment"><name>Multiple origin chains via Accept-Payment</name>

<t>A client declares it can pay on Arbitrum or Bitcoin and prefers
Arbitrum:</t>

<figure><sourcecode type="http"><![CDATA[
GET /resource HTTP/1.1
Host: api.example.com
Accept-Payment: nearintents/charge
]]></sourcecode></figure>

<t>The server <bcp14>MAY</bcp14> return several <spanx style="verb">nearintents/charge</spanx> challenges, each on a
different origin <spanx style="verb">methodDetails.originNetwork</spanx> with its own <spanx style="verb">recipient</spanx>
deposit address, allowing the client to choose:</t>

<figure><sourcecode type="http"><![CDATA[
HTTP/1.1 402 Payment Required
Cache-Control: no-store
WWW-Authenticate: Payment id="qB3wErTyU7iOpAsD9fGhJk", realm="api.example.com", method="nearintents", intent="charge", request="eyJ...arbitrum...", expires="2026-06-25T15:10:00Z"
WWW-Authenticate: Payment id="nH6xJkLpO3qRtYsA6wDcVb", realm="api.example.com", method="nearintents", intent="charge", request="eyJ...bitcoin...", expires="2026-06-25T15:40:00Z"
]]></sourcecode></figure>

<t>Each challenge corresponds to a distinct 1Click quote and deposit
address. The client selects one and returns a single <spanx style="verb">Authorization:
Payment</spanx> credential per <xref target="I-D.httpauth-payment"/>.</t>

</section>
</section>
<section anchor="acknowledgements"><name>Acknowledgements</name>

<t>The author thanks the Tempo Labs and Stripe teams for the Machine
Payments Protocol framework, and the NEAR Intents and Near One teams for
the 1Click Swap settlement system.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA+197XLbSJLgfzxFHR0XTWlJWiT1SXf3rizJbXXblsaSp69n
bmMIgkUJLRCgAVAS2/bE/ron2Ae4Z7lH2Se5/KpCAQQp2eOevY0bRXSbJIBC
VlZWfmdWu9328jCP9EA13pwcvlWnca7jPFNH1356peWrmiSpenl5ea7O/cUU
fzic59fwbxj4eZjEDc8fjVJ9Wz9IwxsnQexP4R3j1J/k7Vj7aci3tAO6pb21
5d3qNIOxBgo+w7D6KkkXAxXGk8QLZ+lAxcnrZBxO5JWX6TzLe1tbB1s9L5uP
pmGGD+eLmcZnxnqm4X9x7gVJnOk4m2cDNfGjTHueD6An6cBTqq0YqtMbnarD
CAYMf/PhdwUjwP2nnfKPeuqHEUwxhNs7vlz5F5xMEutOkl416Db4MFBv4Fd1
FsPr4iSdAsS3Gt/49sVRr9s9kI/9ft983N7d3peP+929bfOxt2Nu2N/b35GP
B9s7e/jx6PD0vN0b0EvNGspv6nmUBDeA2zBWp8fqYqYDizmGMke05wN1neez
bPD0Kd3rX8UJzCrAyTzFobKngR/O2j16pEAc/rV5okf0jkN5UF3kfjz203EG
qItCPw403T6G9Ryo3lZvy8DNSKgADj+qwyzTubqEhVQwlHz9CnPoHny1SXTh
62n7uIPvxfHaM94V5RldXmv1jeyXb3j3lHeNugiu9VTXzwVe5uepHyCthTqf
0HRgHz3lLZQu/Lhdff/T2hkyjT9PYUP4sXoLD1Yu/ejfaPU6udeL8jR321tm
pvKCNu9a2bTl6X7DP37zaJbxBbOuBWPdrCtTexQ6LpOpeq39q2udVvDheciN
nO18fHrcPv/pZRkR43A8mN1cwxgA0fgxdHsV5tfzUSdIpk/v+kE7CGDO4bgN
g6wm2Z/7R+ro6Af48ezNydGr06Of2ofnp2VISry4exSFwY26uPNnCu5cgf8k
yDrI0QTFGS0Afr5KaQIAWJan4WiOX3AB4lhH2dNugIO3/Vn41B8l87xd/LB6
Ci54cAW/tk/fXJ68ubxoH708PH1zsWY6F/PZLElzPebNm33OfFKdJfM00Blz
jHbGYz0S0jaITPyf8kcZ0mrueZfXYabgXXMi9LGehLHOFJC7ajCNNlRY7Ar6
3ZGBDSV07U2ZZIAX4T1m46xmHd6HD3V86NOnjjrNVcaUB5BcJ3cKFoQQh0w1
0ylKW6XvcQWvtAcCrJ2HU91SQZpkJJUBCBkug/tzWIIxQJUm86trgq6GuDxD
XOrDB5cqP31q4ZzursPgWvkCCY4O0Fgox8qfJnP4PZl48CstkPKJ+8N8/Xih
MrvkSRpewYAMJU4IATKrKrPzmlOd4vTyDbgUaNiyOHmYMyxZ8S6AYKyB68eM
V/eFXvFC9xZ6a0vdwaZdRkSWRPBuFev8LklvPH2vA9gq8RXd6eI2Q1TBvyO4
U+u443mgLcAdGrWW0I8UqjIKyMoCMVBD/O27xrWfXTeGqjmbZ9dqmoz1BkAD
3ErjSzzB7ihN/HHgZznTIShESRbmCgg2zgABOJE8oUslZIZ5pqMJ4tSbAUJp
TgR6Ek/CdIo04IyAkBBJM8oV/GdZXUc914E/B40LnxfuM0LWDusF2tocl0PN
4/D9HMguAxxFug23W1D98RggyGh87QfXHkAYRRrItSXrHYQzmqu5E7Al8Ntb
20JeQYvJz4MtC7/jXpKJmTvVCNRGXKlUR8TgET9XOoYpBTTR9sjP9Ngrlijr
MB+YhuNxBJreE6SCNBnPCTmet0b6qVUb1zIPv5huGyY3QzVWTTUSdJhNAXQ/
V1cgmeDOIMDJA7SWrwFVXYe4hLKBO6rMoVJ9BWwcOcAaHuXV8ijFPAqmXqL7
kPaWyGVClDANeiZbwNumLg+QDYKbHcTeTNMe4c0DKz6PJmEUZQrIIW3re6RE
GpH3TG6mpF2h5tXxHYIL2F+GmxifTCd+oJnycW8RXAPkSYjr1Es1UCPuGV+9
nye5JlwA7QNYBGGFMcGISR0DaXkFxxESXyLrJF7afbANYHPwovB7PH4Pwevb
Z1uW55XZDbwjCm/NsjpQFcO4/LbYQP/xb/+uZknOZB0tiP8psLUmwFTgMgEH
xpAXAdUgz1zixAjPEo8kqgCbKc7hP+TvOcirGikP4qoqQsuiC+BGxkAoWKYq
uCoEw1RbpmZcXCPdLA0T268KHsBqJtsPaUVka63KiQIWyU/Y3tRfCFyEePMW
FCH02pEGMtIVdjMEug5hNYdKOEDqw1zg9iz3pzODkczVHgEqYPOhsOQMQKFV
JJIFAKY+8pcMZ+dua89s6xQU2wcmdVpoL0kMhGDkmyf73LJTNWQ+cKxhcaNs
2FJDGDQCmQMfXTFAtOo5qzZLk0CP5zDz9cpQwWiePFHnKOrA/NfqwxMUe20U
e58ER6I1AYmQPkGSxKWTSZTctXiHj1XDSs2GEQn0YFm2ukyeVlqkKj2tAUhH
pnqPl6mqXqZ6VZn6jBfYFaq6LMeFAcRqnBKbIclfVS8AGGSukSZ57Hl//etf
vSOeyNLfBb/M+TvjObBtTH/CbZ+qC2bUoCR/XB6J/2ov1Pz4kQZpdjfUDyeX
yqrmXzBIu/7v+8+DZOV0mr0NkQlfPsgKEJcgfgixQgWHRhxM/ftD4mGnsN86
nc4jQPn2cbDI8vQ31PZWzyozb/X7FfN/ACm8yb+zPPqLBrFy6zuzGz5vkFVT
/0qE8jmDNLc3YOeR8BT9/P6zB3ncQgplrQRkZ0MdMT9iUfMFs3kkSa3C9ddE
6+4GKdzAhn+j6Qy+YBD8MwTfzO9fAl/e+NxBPmMdvogn7W2oP6J4WFgCgqUr
CZ8HB/k6q9PcB0JGN3yu/kn5dz78SyIIdAk/CvPFYwZ5LA0/RCegQOXo7794
d3R0cnGhrCMAVItwvPEISD6POR5sqN7Wljr7Cab+FvX+Wa7+7iwJZbv3Lo7C
Gy0KUcYKc4JaPOpFJODbFCvJUXVvgjITRY0N0o9IF5to7ZGlmaTZdThrsZEk
6hXoJSpOFD5D6tPAMVPEHJrOQQ8daU9oEZ0FrA6J4mBMH9GHHRUt8NETchXG
1rQxfowcHRt0ux/doceI3EaoAyd3htRF5zFWEEwDjBUwCnLQMsESuw0xNKRe
H/4iyi2aqgBLiJzBj5acLmTzibeMUHidRGNv5EcYCbCGW9ntU0wl8heIb5jF
XQiaJmAArDKNproTpxILJLyKxS6N82dgVbF7rAAHsJ/M2eIKEobMy11DibXj
I1L8WFG7KCBBfTkChdnRC0lvjkBxvmB/CyOOpbElGzDkgjQcabSb2N0DFMTL
LYtCZqo3ZLtpiPANg3kKtmKwGOKMh1ZED1uOf86Ym8Y49sgXR2aGn4uPQqjN
wIAavTEI7sCOB4DuEkAcXEezyxujvQuw+zRJY3fiK4kk0UVziY6RKc0TlGEQ
ByMwD6z3Tqwoq5FYcwodrL6sY37tWaujYt3QGBIvAm6nIxeBeHFz08DvUPXU
v9G1LoDNzQJhm5uGcX2Tlax5IKfNTSSOwE/TkCioao8NPK/tLgPe7ezEzc2K
OwLGq4GGDMIQ9Xyxa7U21iVP5BuchFCRoRQLv9nutG6e4mWfETlP5tbPUTFy
yErFC1WbqIAF7KY8TciaGy3W7kXxEBg7E6xOVm54DjAUyqgWsLXcjGQw3kH0
FTSNU7LkXllelwUCGovVM/ahEgcDXKzuocpmobeWFrLDy/GGWZtdxs3NMtGI
/9dd8Ih2mGIKNt7hZe8tOe4C0JT0uObtDtUZEFpr7qFg7bAFb119z9sKa6jc
yag6m+dDT5UxzZ414ykb6Rh4eRD66YLHKfn1y9tnc9NQ3y3tuoAHJAVFDGSd
GY/L1J/N0NV3o/UMpE3ttieHmZjvKEyW9oBXXlezaVwuWVDCHUhWP7thcYlk
QcOPQ3gemKMH8MCe9UeRiFzZKoXNIDQhbKbgH1V/gBdKAAT2CQkhEm4cokBG
O8l1eodsjL15xpWYVDYGSpy35CMHTQHUBHNHKWOk6tD7L+K5wpmXFrrwVnmP
9VahdTyHxePQ2Ss/vpr7VxoRooGoFgp2EWz8xut3F5eNFv+r3pzR57cnf3h3
+vbkGD9fvDx89cp+8OSOi5dn714dF5+KJ4/OXr8+eXPMD8OvqvST1wD1p8ET
bJydX56evTl81eBIo7tOfkrecdhy5C2fpRrVOD/zzFYkYfP86Pz//O/uNqzJ
f5OMlk+f5Atmr8AX4Diiy9Fq8FfAHpEz5sag0xg0ycCfhbkfZeR8za5Rp0Ne
BXjc/DNi5l8H6ttRMOtufy8/4IRLPxqclX4knC3/svQwI7Hmp5rXWGyWfq9g
ugzv4S+l7wbvzo/f/nOECmm7u//P33tIPJc6nYZxEiVXC8+rxOy9Aai19cGM
B2VgNTLS8U7ugX3AdmGnFkW6RKcxjAXkYtmPK6aVAh41S0J80RxDYiQ7re4G
a3csA4iDiuCWMIhRCuR9hQyvRAhxt1lnLoFIjlivLD2rFogJ7MhbOurER51a
3hkkKYfSSPBa7RPVXEaCT6FJJxgJc2FfpxLxB1Nhxz+pMUXoCna4NRdMNKK8
Ik7sCqbsEdgmMLwcgXZYMN4U5maZrVAB0E7+x+HR5V/O3l2ev7skHAsOeTIk
tWzIrfoasCtmcysvYdKT8F4T66d47dS/D6fzqcFuGDs3p8zfSFwBbwORl4Ne
yIIIMTIvVtWzK1fx0w9d2IfwmpKQcQL2wHhy2hIhpWYxCBgtd7zTsigs6RJ3
xkItaMDVUAsiuRwn92ri5CBbyB4jmQvT8iXxDrYUfwB2Z0zP0NyZ0i4o0P0A
nMsTryWLjveFoDhW4QvxyAAwL0ii2ZVhY4Y2tvLzOujQByAQjgVd1cgnGbW+
q5wLUfIqglErPGQo7plhB2xWzGQpeBYFBJ/7YOy9i0FnMHtuisNmuVWyUCVC
tsLxPAuAIRiGAHWOMewZeBgzGgL2BTR156rTUu8ujo/YFNw1N2VMn93W1tYW
/qcwmE1vAWUQ+EDXw4c2rKBHgC7YVvzwRDSaNhuPn1jmD+XXoaIYH0JnMnyG
P//8c9vJDNBDJ0CIZg5bsx7CsLs9T6M2KI+wrcew4JI0Civ+48XZG/4B80Xh
h2T0K6iOHLiiiyQ4R9oDYyuExf9N4y5EvkJXj/w4ieH1kThLJblINX88utiQ
gff2d2BgdtwU4CgCBwZqEW5WZiPVBzNR8Z7aaFhFKbSm9CPjsaSWXvAYL+hZ
z/vInxzHGaWV4odzCsQBJ/iojkmzmTle79/h7yMAU/LsKfNdFRdU5Z7f6Y+A
sdasYAaz+oAgPiqjTxFmxEdQGFXCUMOKxUL5Xc5OKXuEmg4bYNk0dCJWww22
a+YzpKER/DiW9BYjW7IVPHKl6YjuPyEkPcaUxVnkL9StH4ECgraVY0aBlhHk
c8p6ELm2NC7wEgsrOwss8poZSL4PH1yT4dOnjQ5juEDASgxflJSXAr/k5ETG
RHqxb1KmDZ8nfVtSUCybN8DQ7+3i9wwgeiZCB8UzqDvoHESWABMGhrzW4yBz
cWzZVXORBX5Engtzpke6kzpL+2g4Lnbs0AXG6Nfw8eUcbMp2qv0xSQljpTlP
dpQxJ9DaSUHXQq4I2CHVs2wEruNtDBIa1SlIt9PxUK0A6XVBv5RXA+veBFMQ
xj49xv1zm4TwUzyfjnTaUjoPOhvluT+Oz3hHVoJQhsmC1bL4Vi8KmVybfAI8
tkYgrZu8ITl+EVI+sWHJ2S8oEETjMlWCiE9A8la9bA84l4wsM1vCW7clwAAw
O4cFp835c/JGTSoXJsEqzNRoi61LKWm0kC1UUEcIbaSvrJuCVHpOTIIvINk9
QnPM2hC6pEKMXpC3WiIcqAJgJhtubfTsG7IhYQ9fBii02JGfs6iqrm8tK8Ck
9PJdJ/c+itfPpp/H0dhaOfU4Kfb7yjqC8eSPr01AoAaPQx3Oujs7g2/pltPx
909hf/a2Bt8K4/p+6N613evuduWOrXt/sr8/3trd0Xt7wX5w1Ov1D/q9vaOd
k+NR/3C73+vt7uud/X53+DAiwbz0Y3/FdTXM6PLgWzSXszDDIPT3T/METOTB
tyCX8u+Hzl07enGTb7/LXtzun++/+XF8+fZk9kv39rf3P73/00+345k8eHL+
64ufx+Odw/nk/cXFe/269/5N9/63xcifHe3/sH138sMPN3+6W1we593bIQFJ
lmzzzQmQ23Z3YwlIdIgNMMICtsfTWM/gJkBjEKCM/H647q7uXm9rf7e3P9nf
nuyMd/1xvz/ZGvv90WikR729ySQY9Q/2tR/sbHX9fneEt/S2ul3d3+32+75F
MAHJWbsc91HNOOFAAYj3DXz9t1gF1Pv+aRaFs+1tWHawc1Ad/H7oTmUEy93r
DbbsX/dgvLu7fxBs7e/4uruLq6oP+maULVABnl8eVVCycrm9U6Pzsve0EEHI
RqS4JEI/WFpiY8ZeGTb8dNQYtrxhA97aGG6AWAW1K9V2qkbs6szyGPLNCtOQ
vH6QQOE98fuC+cJIwyVu23EM1kJ3KGt3OAfvEZqE45heGs9bfvUaDaUmKmEZ
veeizcgKCvylVvyFqeHDFobMSegXFHqAkUJUF9DawcSIA9VB3/omTfYbjMqJ
PUV82WtSAjvz4xYxpWKN7FgB6M5g02CpYohkHC1ElkoVkUx92aapZRti5vy/
YOesZf3/WbbP2hCbg0dR48p67rLLxdHBRTUopeA0VwTn7H5wkr+ccJwxIx6k
/RX6+GPgZACL8OBj/VCl9X5QZVuByOMlr2ctCP8JJlAtg1k/1SKsuWI5rPpf
MYyW0ubZ+C2MXNesfcz2W2kVP0DXJ9UAas1KLFv5NSLjB2O3j9Vt6FdcvbV4
dC3stTC+DmNyS9sdA2CaiAHWwczyWiCtsEJ5BshHfzAgWwc3VJZQtvaaVXse
tP9cz1R/gwpFbCGUgcEIGRgn0n6Ww+Sc6XSMFwXTnjDRCp5YEAcfnr45Ont9
/urk8uQvxyfnZxenl2wCoTwHwTOPx+xgGfKXy2QVEdL4r/U0qSLvf34EezKK
ynao8epM4YHClw+SMUumZc5l9Y6LXEeRnwJHOhxlJLFBWcCRhxTZI5+IGamz
ihBRZZr5V/oyiXSKqVS4U9jcLQN4ITfC3OVOWVJgjhJ2MvpQdws0sO9U979/
tqlcAyAWX5wANU/J7mVECnxlAM1N41IKAUXUsdwDw+06wChTq0hncd1fj4K1
BkBLB8VN9dvkcLXvBQmq8OybvcMjl0sMQsfKneD7FekxVGym78MMa7Dqltm6
8Z/z4KtcNMdhFkQUgeQ8IBuhEKA66o/ksBs23ALexlDSeYp442discivQzUp
GyLu/DT1F6qyzGfonIFFNlVPzGBQWSsnDAIeaiMpFPm+9aNwLK5HuD6UCpNO
AaB3OnkQREwE5LTNli3eJb7DMHnFsBfuVbQs/DEVr2VLxaUwJLknQNzEdoAl
5Hre5qZxJjTHmqMPNqSxMdjcpLqSX7Mk9j54SjVYgDQGqgGbcwcsqAbmAzUM
C8YLf5NNzcNZXQrH27rf2x1tBzu7YKSdHHf7u/7+3vb28U5vdHKws9s/2N3t
bft7/a2TfX7Y8QLi40duyXOqpyEKGD/3pbKSnykcfPgI+e3+0u31t3f4cmn9
4I4PVEDeKKmW1anTkwxORdvAO11zueZOErbV+76WWV3zvrcuwm0yEL7c3GwV
DVn7LbP2iJ5CItZcdSQYXEW5IheWRAZchmflqsuv8ULPXDB8kmmjt9PbO97q
7RwcPPd3t7tB9+DFib930A+Ot14c+Lt6f3tn76jf3TPQLDEwg2XLguTGyi6F
2/7Mu+hf4fon7xPnZFPky6krtYn6E9XtwA7hICRw6sN0FOYp0F6z5HQCIz9L
PNIJ6zV0k8aAoxm9vrakndKhmiU/zJADmUcFZ7CxzGJ25XCmm54sUcxSqcVQ
XWsfvdpr45cUeOQ45UOhwydl+ABFASV2V0zhv2twr2Lm/l2DeRJcMl5+FK+C
yLI6D1akY+ZJSKBw90uq7Wd6/EXkm4w5Qnfd293clyL1Th4zZhpV1ctvFDZ7
HOKHnMQx5FWvUy3OKQf/+PT48wMo61/OAX3zfopRt1BRkrpO0JQ5e8xEBYbS
DGYo4tT78EF6xmCOnHE4iaUuatpyAod1FGDILP0GPVNO2YOxJ41OLK8cuExk
wGyw0+kMxa+EnmTEE60HxkSLEtumUwq7AZygtEygrsTK1tC2Slk2aKdHGHNb
FGk1ZQdHkVXj1VTKsrdxiO8T5BZMpDZ5meshbBI5DEmW26LjMIfflS8UfOB3
ZQFM9rgsq7wLVn/7Wyn8o8F//Xsuq0tQjd86dWjLjrC1jrcNUqNBmJO261B4
OybPfsfsP0PwLmVR6RHQKD7L1uhM+3nhpBXyHXCamldmiqVyFTaOYBjORKAW
D5XbwzFH/mE3F006pH0I8bHLgiaxoDlCMc3j2p1gSJW4MMGjgWGjcWFGdFXv
ZTXb3lYomyFpKu+f9+9O0svFu73wbHaYHR9Mfrj+8aZhVSM/muJt/izsiFMa
G09ZRY0WyGg8FYWHv+JFSdC2g5J2Q/rt4kdgMuaCRJnxAvcT2233di67O4Mu
aPxbf8KeTZ9IfZblKeaCtI6PEVXLaPSZVLqDUTCZ9Pd6vtb7B6Pd7f3goNcb
7e9s7ez1R2A57O8F/e5496C/tXcw2dH9vWDc29nZ727r3ni3u+MXL2ZW3ija
dtWxzUdpj0bfe6KKAPwJB+CRfRuvyzGwR0r5/fBEouaiVq1vDNFcJZA3nOSu
vFJvx7k2Y3ljC+13bgEShVfXqDLCEkcoX7j1U8ZdRrxCR52CImeq9QqwMJMr
xwRXFGCyv+hVsP3J3MXswjvYDskd0PCRVNIV2RZWNPh1goHrEMpbziteXnTI
UIeOGxCbo6TcCsEvyxzDLWhYz8Jq0ULdO0YVj9sqv0vqo8mM2jiXVMywasYz
NrcIf1yIAmCq6rPqO1eiIVtlBDm9QbwKXBhAnYKQpSY/JYkfuIXas2ieees8
WbYRUy1akBnC3e0onIYl94JMJvCD62rrEs7NvgJsx7bnkAfGXRipGvz65F+i
jk82U8IZrBnGQTQfSyq0R1cdhrxBb7Ps3BhSLexhJCnr8KQtMpCsVHn1DG2f
rFPelM+lzxOYOEvMe2kvIqvHi9VmUTaVk7JCV/ZhQ2e0mZ11mhgZw9V7mTtb
r1mzRhstm3AmJVOOP7vk72GRUhiLjq1G0gXtz2IOXE8JL7c524IZIBtYdJaS
hAEs3OCeXaC7l8KZ6ODH216+PjxqX7w87O3sOl2qbNZmDd/iqRDYqSYDwmm6
YhRqSq2PgbZu4uQubnFGE1LplFrB4iekRVY626ZNHcKMGcQO2a/qP7a5uaI9
E64qETJWZObX5fAd7EHsSObgMsxqeo5hy6Q6DpeMaJONmVX5pQZmua13xvzY
MAixBEySIpm5S01E8W4ZQtx8Y1RxUKHHjOg8p16aGJIGrci0dCu2oZ31FSrZ
ebXrk2m3NhJM+l7NZdb7nQfdgkbO/L8ixmytBg8ZbcnNiEIpTxMYLYWlRzRh
+NzQI7Fb0jYdEvEs+UpVMbX6wuRyMDSn1WCbZBdLmfAUWzPZCWSUgW7sUavH
Edv4oxsZ+vCkFBjyvHeYLsiOGO4OZrKXybRzS7mlUJh1QiJ64OBZ7pG8BM7G
i2js6g6r+o6/mJ6nTETK9cLBJkkUJSBFrjyKZMEsTifUJ5G+sst++bWpzucp
UIY3dOfSxrs17HSdprCh1uf8EfefYiK4NezRqWPK9GiINmXbcUbgqRsTFxH2
9vxIST2dbM1KaRFOfh77twAXZXCiqecX4SqaY8UXngMXyKX+J7MdD2RKTerG
t3N/v+GxEGeq8lU9HkzLPYdLoe5SdPly+gDCFLs2UcYVHMJHqUJ0nlOVOCUT
zmPDqVwGQtx1RI1quTkdgW97HRomvdyw0LwG34lPN+vNEif/hsRHLtGqrLY/
GQ5Up4nCZHudglDZVuTeENj7QZML/TZM5hlIZGy+PcdYqTh8QIxHvuSJ9hll
Ll8MS8UtlXdwyAkkPUG2PtGIM15Nw0ppnmfSc2YJ0BuhWaByC08MliT5OHOj
uitD1jjWUg+ElSamqpfxOIijLKyJ8UrIFezieRQJh3VVQhzJBKWFYWibjAqI
BRaVLkzpWclANzXHJFWZFEs3r9iqVOZJMk24dTkwD+uHI2FdTkDVpApzLkBR
wbstHipy462OFtITUlONHg7BXoY2anXUfdD4E02xCGo4SIcZ4CGbSFViWpTj
AtltM9lVxX2zpHKWCwVJkgbogqBFQsxbPQS/mM3Meq8YRLx7v8kIWWjL73TU
UeSH0ypdw9bZ3AS+OCGjbHOziMA5Apg1JNaGaFlgvc0uhtsjH02mcnsRK+NJ
cILGWW6KlwIT6uBIiA3TCWBzE+gFhCPc4O5e0q6pJ2RRxOUUmOIEqcS+bkMR
cTg7/1k52cKPMOvaLtwIZVNOrRkc4dlRZ/hywvVcup261WTa9UIiqySZwDIY
R5pgyodrcjCYQk3ygLClksCXXZUVNO24OrGZ0LJgi/SVFKoudePDMVZ16HTr
V50gD1hn1OAvxt4VtB0KvDcrnOsZCjNpWNWWPkSkQ7Bo8WgVjXFdgLIotUB4
ok5IXB5RsvyHJ64wr63icptdW43E7a7D4pcUhJFeJFRfmlC260oVg7Pg8Ymq
e5J7YX/dsM6KlEVx3n7dMI7EL+yyWX3jI/XXQwerw5ywMYTt9jCaG5uuQldj
IEPcO2YZVXNVxeWLw9NXJ8ec6vv25MU7LFgfbjwrZ31ka3KPvDOSIQj0nJOO
eZmpa4a1T0w3nFmagOY2NckGk5W2oKy3DPaZq6fOndc8Yl0ftUqrHqRBC1eC
tUsLc9QEQIxQcCEdhjHp+20neGcgLQaF1al4UMiNUZ/yy7E4IiWRSUNn+sbp
iOQxQRuype7QyiqsJvMDsZ+nlBJGg9YqxeVBOZ3twUy+GkjB1JxPsHkL15NR
GYTJMqKewgUJMr/yl5ue2EFrNpPFaeH+mPqR6EHNESgMRQUrvAxj0RtlSO3t
7UIKEaTeYabcnLnVjh9NvFUEN5mJaHhlxME83OxiI7JwWgrDDkzvQbckmLID
DcF7gnOu0MVDYbBCNwHao5GHRwmXyF7SmTjSRYbOcJCN+U8YTRgS03fqw89N
xxPg/o58gZlPWMkgATyZR3WNsNjiKnrS2j60pg+gJ7bGFWaIkqSg4dyQyYDM
qTfUe0KXulYZhdImOTApNJOZyBrkkWQqTfH0H9yNpHmingeviajhRMY9XTJ0
ozwrJ5BGWSJaqo1j0fOwtAmq1thCeLFhNe6SjuiAKY+23fYZOIzRl1vUPzuy
WvVSWNN3GoKaThZkdp0n2BV9jSZuO11V1Ft2zpIyVJUKxPDRycu+tMKNy9Yh
OqGKusEV5qH4skM6UULDhhl3pJGJfQ+awRhFMFX/pEobidRy5JG4OGuSY9lo
BFXQDmKLees7FKzOhAZhpNY1qZLE9aTaV602/R6AwNHMBmd7XRpNyCZf1ssk
SYY9LdIZjXxO2zzFWlndsi/xaxmf9d4gPBVPDA9bg9Zi0HoGTVbCKbfrqVXB
sXYlezCdNE9qUG61i1LHa+tuIS5hWASZUGcxU6uYQlVqpj4EVQOmYnE5hkrh
j1CHImhqDAunN0zBGIgvmNASNrOcaWmkn1c0ODG8Rd1GCWTpF+u3mHRE3OHz
0gulsN3cOmWbg0oeW8mOYpvkrdgxGNioWDbAvNdZT836fVhLLB735SnkBbKJ
ZJ5vkPPajFvYsFZ8DipqpveYgBszg5HjyC8WwyxEaRVs555WgcSKwc2+cA75
5dg+EXhVgq4Ej3BaSmlJ8fANSd0r7WuAORnllH4DVnPFwARjuIlHXNwxtC3Y
7Jh1wj8tB3e4l1HpqnTNp16t5pJrD4Nsz/AEj1hczZW97kpjz+xuilisoQLy
maJignGphfXk0NyWC8Pr9JPWcucdYvzUUIyOifBwIn6e6+ks76jnAFfZDwXA
GF9EEQjJ/ImmxA2soY5Rr/JkM5XWpPBvMvMJKQvENNy/9m81+ycN3UnLkOXO
OLCBjLpSOWIApQv2Hw3Qk0tue9vfmEI0PsbzBqrpb5RjtCBuHpskw7NojjYK
+1y6VT7oLah2UGXD3EJIjiYYuDSQecnm5mqz0XIrV0vzLFcyEYUaIWdSB2yr
H88712l7dTAbEAPU3BRkAswbHNZhn63BxHKtwKBOTSSVV0tT2DZ8S5NZGmIj
3pp3CqjFgU2+NActfLLFuSbcERa0aH8URtyYyqJZ0vCehzlWGKsRHsTI72iZ
Ym9UUMOcTvyKgJyjbKMmb5+jGU6+sAkast3liNtvsvKEclvi5MvyP1OU2k5x
Nc2MGdFq1Fo6finQXqFXuTySdEM3RmDw63jHLGPvcASddEeKBzkJT8Xwt7RR
UKlcOslLvJqe41uQrmy0gPdSeIPxgbU5D4JPr2jnh5sGtQFfWp2h0zQOpHuo
zXaIwlFqPYo1+Sei6qLeVs5t46JtaqON4QKmFFT1R+gQ4YN1vIhDnHRkFqxi
21INj5VJD+jMkA/nxCl8rJ3OY+SWDvVnTgDs8BezEYc94OGHoicMjQaKsm4B
A4nbDvQObgx+p0fXSXJT6vWHx5/moJ/ifkM6sueXJXEs1mwC6s4zif+xn54A
R860iIPrNImTeVawMCclQMpO7rAihZtbe7a5tao2t6YmW9w1GLtrsZYscVfH
Ei1QUgkJruZNXkkBX5XsvLQrmRtgJHylSg+gsR5uYoiZbArT/7gctRisrOn+
vTJXVznGfq8UVrcIq+wUWpXL6uYeDuum8IgZFhnyp8VbVyS1mjwXW61ntZEi
G/PhF9pmAQ7IK9o+OXEY85DRj61sdvsg1WTcWpPXbDJJzWep/Tg8yxb6Ihzb
aduMvAenTY4qPPT406eqBfHIRH16IS/OJZ3IYd65emGLzlKu1lGXlkPYbZat
BVOE/0DZvVN7IMn8n1FrfyfBpI47yVJDqeVJutWonDdsabdwF4rp8iBuP9YV
+dWU9q1ODm44m+2BJOSGpXi88UV+dP3L/f0frrs3u7c//fqHg7v3O++7k/2s
F/dn2+lOvjvfu92/O7jfWvzGjzN947OGeulnS4U1yca9Qbf7J77NpZ2vlEts
SgofU8O3poywyB9+S14JdMTmIm1R9pGngvTnNU5n0+cMNKVkUvQ/cRrako1g
DprV2HEGz7Tg4fEx80rUI8HSodMsMjpNYHPzuJpSi0FbWMjNzQFbl2ycLzga
v+rkw5Y0pa/R2MUzy0m80wTLbmPxIaOctl19HTNElVIIKf2p8Ppzilgp96Jq
ftvYMx0sYFy65aj/I0L+aKZLpB8xdVEcZ1rlMDpDdFW9XXToNR9zqpYyBMij
ZudHbIpM87Cot7EJBIoPrKTAPXruDivdDXIn3B9gPgK193aeb/pgFbCru2US
KVDtVEYFNFkubmIFGyUbz6QL8Jo8AhiH8lfcVAQyMbIl5xvYpOgPK8wGdD1R
+oMEIJ+yKW+8ZtWjU8hVQCkFhf1CHSHmoFtT5hMMRQE8Y2LwE6meZ5RzZjvi
P5iAYLDDTg/2DGU2uOOkaiaiiK9LQfgZ8WN7X4uVUcqTymhf4LEwCDAAYaIV
yr+6SumwGenKXVhr6LGKdbVaDHCezNrzmQm0xYpyM9sy4EbLo42NSWS34Rhb
pSxJTE5pd7tml525h7947LUk6uVm2zb9h0aAbQ+Da2nHZ2YAAlLnS6ntpd4a
Reo9F8NjAKfI/VlNreti0W5qjfX9jUjeXVmfopP9Z/hPNo9y6mrvcq6CyLkV
fuGt8qzaxvE3eCXageTYG0sn9oxCcHzlE3mrqPwKj161T3jeIbbRT6bTeWz2
OEGEvOfy1YXqdrCyUF2HeKD92mT1jhMwzYTrkMUi6KUEkpHm0yrlECkkWwpp
XjjWYSZtILmVDA7EHSHd3BpMz6YdactB2OliHaCBWzfCOklxPAM3Fy+l15ke
y2vk40CybE0yvdP+TKJOD2XpkZMZffr3M8pla3HFzKPObCF9aVw5vdw4LTm9
qOSai/QVaKP1J7DUnLkyrG1G1HL7B23YVNG7Sj4Tw8Yt0K1eSsyKQmkdtVTF
k3JWXrkZq1Na6sTei4KLUoK1572spHTLoQDYi1dYgrrTPuWvLyW9UtcK6jWO
xeBy5LQzVknEWk+Vzxhgbx6bAuaQbJNgOpoD8cnpA5xM7iRLiF8MoSuf9Qs6
PPIE8k3JwzY3usjxjdEVFAA63y0lwMuB3jOUSrGfpsldEXVlPaoNpN02mSEl
shwsFyhk3sqT0I2wW1vf6K1MIs6SOqdkTSUDjW/LfOP1FQuFqwWELGBERzgK
txZkJdWqEW1WgFBhwnVsOmG8dSUlnrE7OHSolmtK6Bz7Sl52yTuIh9mLTluy
z6i7C7eHd6s3YStUDsIoToEnzl0SXpyeZ5u1VJYYE6hGco42VYz6TixmTIcb
V9MQDs9PK9nreLL9oho3M2duAY9I53S0iBwiX64bcxtTSxv4CIQil7Jda8mo
L0W+QS6NdBH3LFi6oBP98wvvWqPaqXFiwEjQ976wmWQmh5aNaXSuM+9skWQL
EFUkT/SGySuRyVGavRzvcIeHyDN/uMPFKQAQlQApgCpt8CTotFJd92BvikvE
mj1rj3D4qXTggjljRzY6qcfIROjWiM5eMw2Elo8o4xiEI4pw/Sm8RV0/YYRk
7ORnrDgExuNDYJziZrPWgOlyfHptYmohG2yOViXGvzKSy0mx602x//hf/67c
szr56BNzNIlbaeoJDxPeYOcvyq490s09m8u2SLXSVmg6SNooSDKJn4WmLSfZ
AIgg3hmsnzgWNtoBSeqJg73oV47WqY2tGDTNfAwyJTYtoogFAhNClW/gccbY
mghtTVpFIZkxYIxvjZMput7lQBrfJBqh8BAKTMPshiNqFB3zbeEFJ8x7NFsq
1IoKr5L133IDGXH+DInlVvWf5RZgvFVOx3o6SyjqwmwVJfzJZIIJVw95NrKq
J96UQlF3bc2DUJXQPKbM7KJS1OHg1xiXSNXQgaT9k15w2yvEfGgu5J45DjMz
9SMmJSCn4FVxgiTVsxbqzjhRvL3DK4z1+B43g3O2I6n8p4dvDpfV/dCPfVb1
zdHD0gD2rb4C9SQV3bl8uFpK10xWeZGFXT6bzGygBmUglofPGjIIECC60UZR
mF2vz3CkuIUAV7R6/5q52R9h0qb9rvGLfkau7hfEKapHdHjSttpQu4BVahgm
eDSagymILXHiyjlezgzLC4nd+7HhSZAP1CnqvYcRMp7ffNUM4WvHl6//gkCB
ngSWxpX0czHrya/8m8hFTt2bZ/6VrieaU3P63RcRjYCI0z+0ZxsaQvxbCGgd
wdTSyZcTTz2tcFuMoaojG3Tax7pNkfGghoCK/LBqEUgtneA7UdohKzl8/uYF
sBLQbdAmJae9P4onngODHJRTZJ6r71RDlrOhupsX5x51EPmuwQJ23JZQQ6PV
8EzfkFUXmb/A1eM/vDu7PKmckGh+5Hv5Z+deaSVSuU24N9xX9A6Lk5k/hot/
xptsc5EloP7Vq514waCrM196hfdMPV864sj2U59hcQtLVPX2xZHCU5jQHUP0
uuNVBsPupJtNdfjq/OWheqqOT384vYR/G+0G/v8vDbVh3P4SgMmWjnQ+4oM1
0cu51CsOaKXQyaTFm7e52e04BQVNTOoywWgb1sHN6eGuftrtdCnvy+xuOb9y
7B2hX7Z9xMftDkCqAYpR8X9cZrm3MmVMIZ2tCREJsdW1qDGkVg1AGbJyGtNY
EnJ60liaqW9Hw2Eu23sGMJQNnj6VHYqcDBmumWRmLrRNQYCJRIEgwOer+KzE
rwDlEjpCrcl9wBYYkCeBs19tfOi42oNz8I8GnP9owKn+0YBzdQPOypnbTttN
NFgL4sX2eC535aYLns0hdU1dOpIcWW3PdZuXmOsPJ8DprT/EsFrvZZLlyDVL
zM0r9dAsOCXzrvLOd3Kq/9EU7L9GU7DNzT6WtLMIVk0OtlFc2wQ/iyzbegHd
29pSZz9VRfIsDW8x/FjJRRsYulktqYlovA8N5LM4U1ygioSR6E+VyP6RBfL3
yAJ5Ys4zen55JBEjrOJwagHFVcxuKckXldTqwjuEzE+STm0Oq/RmKzcYM/nK
S73FpIQPc7Q+S/no79eqHp97wFKNtjEKuu/vF72bq/Hi6tc0e5//9r4Xby3S
SW/7oD/b79/cTH69vt+6i64/TzV4JGj//2oN/b2dL9UZdlbpDPtbdUoDLvG0
vx1lwe7Ob7O7vYPoXme7B7/dvJ/e7Grd13eTrV/39rL+9e+kNODJS/MoD2dR
9UgMdPBwdnVbuC7tS1YwxjqIfDxCVKpVsCOpa66BPm82mk/5TsgFM89cH3yp
8lCCB1ajYMxPWSoXqlCRlmGyo00SyXD5Mae4J2txjheGBJw2YIKc9RFw8pVS
6s1dXGp3V00NwyJDdkY5MSdQ0oLrJMn04G81XL/MIl1pj9Zbo0u2aNUS9WW1
SSd6yCRdD3L8cvf+x5tXs7P++7f5L9nh7t1x8MfR1wd5xES7FuJtgZgo7aTc
Hq/aUEeNsWomDvJyq9Kasr6OKunvEbn5E9tW0lTDSrJUuRX9wOhFQ9c//1BI
D3Y3RoYjPb7iKgvpOkwjU97BDZsClxgqUK/8ESfLXORg0mqVa+qtLvG811Sr
ahW0jLI6kyDByIo/1bg9irq1ks8Yf3wDi4Rew2JQzwnwkjvZbcRDQb6O938B
Q16YVtSnAAA=

-->

</rfc>

