X402_ALLOWED_DOMAINS: Control Which APIs Your AI Agent Can Pay For

AI agents with wallet access need strict payment controls, or they'll drain your funds on unauthorized API calls. The X402_ALLOWED_DOMAINS policy in WAIaaS creates a whitelist of trusted domains where your agent can make automatic payments, blocking everything else by default. When you deploy an AI agent with payment capabilities, you're essentially giving it a credit card that works across the internet. Without proper controls, a single misconfigured prompt or compromised dependency could result in thousands of dollars in unauthorized charges.