Add Crinkl to ecosystem

[alvintanpoco]

Description

Adds Crinkl to the x402 ecosystem page as a Services/Endpoints provider.

Crinkl is a verified commerce data API for marketing agents. Agents can pay per request for privacy-safe aggregate purchase signals used in retail demand analysis, CPG planning, retailer selection, and campaign measurement.

x402 Integration

• Live at: https://www.crinkl.xyz/developers
• Base URL: https://api.crinkl.xyz
• Catalog: https://api.crinkl.xyz/x402/catalog
• Price range: $0.001-$0.10 USDC per request
• Networks: Base (eip155:8453) and Solana mainnet
• Scheme: exact
• Facilitator: Coinbase CDP x402 facilitator
• Recent settled transaction: https://solscan.io/tx/2uB7Y91N6GQPiAnemQ7yFUpdhUygjoqu4s86MXf4RJSfPza1VaCpC8Uxf1eDcZBQJ7woEaBUq98zYxxT4aBVAM1E

Files

• typescript/site/app/ecosystem/partners-data/crinkl/metadata.json
• typescript/site/public/logos/crinkl.png (512x512 PNG)

Category

Services/Endpoints, with typeLabel: "Data" for the card label.

Tests

• Parsed all typescript/site/app/ecosystem/partners-data/**/metadata.json files with Node's JSON parser
• Confirmed Crinkl logo is a 512x512 PNG

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1

[TateLyman]

Ran a no-payment public-surface pass against the listed Crinkl catalog and sampled paid routes. No X-PAYMENT, no signatures, and no paid calls.

Repro:

npx --yes --package x402-surface-check@0.2.31 x402-surface-check \
  https://api.crinkl.xyz/x402/catalog \
  --limit 6 \
  --origin https://api.crinkl.xyz

What looks good:

• https://api.crinkl.xyz/x402/catalog is public and machine-readable.
• The catalog exposes route-level prices and safe example calls, which is useful for agents choosing the smallest paid signal before spending.
• The first six sampled paid GET routes all return structured x402 402 challenges before execution.
• Observed prices match the PR/catalog range: $0.001, $0.01, $0.025, $0.05, and $0.10.
• The observed first accept leg is Base mainnet (eip155:8453), matching the PR. The catalog-level accepts also advertises Solana mainnet.

Patch notes before/after merge:

1. Browser CORS is not readable from the tested origin. Preflight returns 204 and allows content-type,x-payment, but does not include Access-Control-Allow-Origin; the actual 402 responses also do not include Access-Control-Allow-Origin. Browser agents will not be able to read the payment requirements cross-origin unless this is server-to-server only.
2. Common discovery paths return auth-first 401 with Missing bearer token: /.well-known/x402, /.well-known/x402.json, and /openapi.json. Since /x402/catalog is intentionally public, I would either expose a public /.well-known/x402.json pointer to it or make the ecosystem metadata clearly point agents at /x402/catalog as the canonical discovery URL.
3. The live challenge has a top-level resource.url, but the sampled accept legs do not repeat the exact charged URL in accepts[N].resource or accepts[N].extra.resource. Adding that echo helps selected rail -> endpoint reconciliation in spend logs and receipts.
4. Preflight advertises broad methods (GET,HEAD,PUT,PATCH,POST,DELETE) for GET-only paid routes. Not a blocker, but narrowing or documenting route methods would make the public payment contract look tighter.

Net: strong catalog and payment-gate shape. The main launch-readiness gap is browser-readable CORS/discovery polish, unless this surface is intentionally server-to-server only.